Re: TLS details not in header as viewed from email client (claws)
The claws group sent me on a wild goose chase. Postfix seems to work just fine with Seamonkey email. The TLS portion of the header follows. from nm24-vm3.bullet.mail.ne1.yahoo.com (nm24-vm3.bullet.mail.ne1.yahoo.com [98.138.91.154]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by www.inplanesight.org (Postfix) with ESMTPS id 2E255EB20F for ; Tue, 8 Nov 2016 07:22:25 + (UTC) On Wed, 9 Nov 2016 09:03:12 -0800 "li...@lazygranch.com" wrote: > "smtpd_tls_received_header = yes" is in the postconf. But I appreciate > the heads up on what to look for. So many parameters! > > I'm going to set up a different mail client as a double check. The > Claws people say nothing has changed on their end, but who knows. If > I just set up a second imap, there shouldn't be any lost mail issues. > > > On Wed, 9 Nov 2016 10:17:04 -0600 > Noel Jones wrote: > > > On 11/9/2016 9:32 AM, li...@lazygranch.com wrote: > > > I posted the entire header from claws. That is the receive header > > > since I sent the message from yahoo. > > > > > > > There are no Received: headers in what you posted. That's where the > > TLS information is found. Either your claws is set to hide those > > headers or you've configured postfix header_checks to remove them > > with an IGNORE statement. Don't do that. > > > > > > > > -- Noel Jones > > > > > > > > Original Message > > > From: Noel Jones > > > Sent: Wednesday, November 9, 2016 6:53 AM > > > To: postfix-users@postfix.org > > > Reply To: postfix users > > > Subject: Re: TLS details not in header as viewed from email client > > > (claws) > > > > > > On 11/9/2016 2:56 AM, li...@lazygranch.com wrote: > > >> I no longer see TLS details in the header. I checked maillog and > > >> TLS is being established. > > >> --- > > >> From maillog: > > >> Nov 8 07:49:44 theranch postfix/smtpd[30627]: Anonymous TLS > > >> connection established from > > >> nm27.bullet.mail.ne1.yahoo.com[98.138.90.90]: TLSv1.2 with cipher > > >> ECDHE-RSA-AES128-GCM-SHA2 56 (128/128 bits) > > >> > > >> > > >> Header (slightly sanitized to stay off of google) > > >> - > > >> From: some dude > > >> To: "me" > > >> Subject: from yahoo > > >> Date: Tue, 8 Nov 2016 07:49:41 + (UTC) > > >> Reply-To: some dude > > >> Return-Path: > > >> X-Original-To: m...@mydomain.com > > >> Delivered-To: m...@mydomain.com > > >> X-Virus-Scanned: amavisd-new at mydomain.com > > >> Authentication-Results: www.mydomain.com (amavisd-new); > > >> dkim=pass (2048-bit key) header.d=yahoo.com > > >> DKIM-Filter: OpenDKIM Filter v2.10.3 www.mydomain.com 6AA43EB20F > > >> Authentication-Results: mydomain.com; > > >> dkim=pass (2048-bit key; unprotected) header.d=yahoo.com > > >> header.i=@yahoo.com header.b=trAlWMaE DKIM-Signature: v=1; > > >> a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; > > >> t=1478591383; bh=cRZGv5wOLgNFzbAfI5tLNkRMXYbHl/vWifDflA5eMtw=; > > >> h=Date:From:Reply-To:To:Subject:References:From:Subject; > > >> b=trAlWMaE/s+6aINuk6b6ySW6h1CZF6LiKQOfQgoUg4i8JzjySXbgBkAOuH+GAb55+QQHA6A8sjJeK77UvhVUS+BkAyZMiTAMkt8m9kMe77m31MjzWQ4Ig82CXogOA5+SESyKrwZZAuipFGuIq4APO06SM0hCGBmUJYHNuYytxKpTrW5FT8TFXm89vq2+MspXjd1k75qcQ+fF1kwst3n6X28teuV6o65mInGqL9vkrPrwtOGihdQqcrepyEkRnU7RflFRb1rtC0zS9pVuo1/ZcJjKeldeHsYzDzDpdiOiJNXokcRot/X5yidLYkgI5JkSPbFHe+HgQupWXOxdMxI8iQ== > > >> X-Yahoo-Newman-Property: ymail-3 X-Yahoo-Newman-Id: > > >> 878361.88180...@omp1007.mail.ne1.yahoo.com X-YMail-OSG: > > >> nEWp4QsVM1nZt5mFz73vbEgYx.Lt3B_GBcEvOTw0Vp0LtD3J99f0OjdWkUcARg5 > > >> fQOYXcuRTpVY9z.FPYba81.F6ZWzTg7R9.2qD4awC6TFWAARiWK43ECrmkWodJuHDdL8gxc3OyX5 > > >> LAcxtI9b9TGqh0OfPAU1dWmpLs3sALzDSN3bWIvvbmDfRoJfwshV.Z3NlBRXE0BTRlXIEZ9yTMHP > > >> 7hroI1tkmFwOOVOqUs8YFevk0ma39L1OCaZ4tkr2rr0Tv0pkkgrCdXiHJIWrUNNEHrsQsePKlcn7 > > >> 3TI.yj5J2Xocsga14Zqbnn6Nkm8QYuTeELAPA5RIb4VUNcptkCZQcyeUF8ikKx9aVKM31kGveMNe > > >> ANNorn_lvKSS9u2P95D2V6dsUcZwujC5ctuWOtFZN1qheWGIOXTfP3HkjaVIq9AYQBFX_EA50W1f > > >> 3.O5tpuiZsim9J7g6CQxJPkQq4HzhmTNxAQ6iKABKju3ukJKUoFtNlC8V5qzon6y5M4AJEH3B1ep > > >> ObjfCt_ERaTcEhRs2wQ_sCyg- > > >> > > >> from yaho
Re: TLS details not in header as viewed from email client (claws)
"smtpd_tls_received_header = yes" is in the postconf. But I appreciate the heads up on what to look for. So many parameters! I'm going to set up a different mail client as a double check. The Claws people say nothing has changed on their end, but who knows. If I just set up a second imap, there shouldn't be any lost mail issues. On Wed, 9 Nov 2016 10:17:04 -0600 Noel Jones wrote: > On 11/9/2016 9:32 AM, li...@lazygranch.com wrote: > > I posted the entire header from claws. That is the receive header > > since I sent the message from yahoo. > > > > There are no Received: headers in what you posted. That's where the > TLS information is found. Either your claws is set to hide those > headers or you've configured postfix header_checks to remove them > with an IGNORE statement. Don't do that. > > > > -- Noel Jones > > > > > Original Message > > From: Noel Jones > > Sent: Wednesday, November 9, 2016 6:53 AM > > To: postfix-users@postfix.org > > Reply To: postfix users > > Subject: Re: TLS details not in header as viewed from email client > > (claws) > > > > On 11/9/2016 2:56 AM, li...@lazygranch.com wrote: > >> I no longer see TLS details in the header. I checked maillog and > >> TLS is being established. > >> --- > >> From maillog: > >> Nov 8 07:49:44 theranch postfix/smtpd[30627]: Anonymous TLS > >> connection established from > >> nm27.bullet.mail.ne1.yahoo.com[98.138.90.90]: TLSv1.2 with cipher > >> ECDHE-RSA-AES128-GCM-SHA2 56 (128/128 bits) > >> > >> > >> Header (slightly sanitized to stay off of google) > >> - > >> From: some dude > >> To: "me" > >> Subject: from yahoo > >> Date: Tue, 8 Nov 2016 07:49:41 + (UTC) > >> Reply-To: some dude > >> Return-Path: > >> X-Original-To: m...@mydomain.com > >> Delivered-To: m...@mydomain.com > >> X-Virus-Scanned: amavisd-new at mydomain.com > >> Authentication-Results: www.mydomain.com (amavisd-new); > >> dkim=pass (2048-bit key) header.d=yahoo.com > >> DKIM-Filter: OpenDKIM Filter v2.10.3 www.mydomain.com 6AA43EB20F > >> Authentication-Results: mydomain.com; > >> dkim=pass (2048-bit key; unprotected) header.d=yahoo.com > >> header.i=@yahoo.com header.b=trAlWMaE DKIM-Signature: v=1; > >> a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; > >> t=1478591383; bh=cRZGv5wOLgNFzbAfI5tLNkRMXYbHl/vWifDflA5eMtw=; > >> h=Date:From:Reply-To:To:Subject:References:From:Subject; > >> b=trAlWMaE/s+6aINuk6b6ySW6h1CZF6LiKQOfQgoUg4i8JzjySXbgBkAOuH+GAb55+QQHA6A8sjJeK77UvhVUS+BkAyZMiTAMkt8m9kMe77m31MjzWQ4Ig82CXogOA5+SESyKrwZZAuipFGuIq4APO06SM0hCGBmUJYHNuYytxKpTrW5FT8TFXm89vq2+MspXjd1k75qcQ+fF1kwst3n6X28teuV6o65mInGqL9vkrPrwtOGihdQqcrepyEkRnU7RflFRb1rtC0zS9pVuo1/ZcJjKeldeHsYzDzDpdiOiJNXokcRot/X5yidLYkgI5JkSPbFHe+HgQupWXOxdMxI8iQ== > >> X-Yahoo-Newman-Property: ymail-3 X-Yahoo-Newman-Id: > >> 878361.88180...@omp1007.mail.ne1.yahoo.com X-YMail-OSG: > >> nEWp4QsVM1nZt5mFz73vbEgYx.Lt3B_GBcEvOTw0Vp0LtD3J99f0OjdWkUcARg5 > >> fQOYXcuRTpVY9z.FPYba81.F6ZWzTg7R9.2qD4awC6TFWAARiWK43ECrmkWodJuHDdL8gxc3OyX5 > >> LAcxtI9b9TGqh0OfPAU1dWmpLs3sALzDSN3bWIvvbmDfRoJfwshV.Z3NlBRXE0BTRlXIEZ9yTMHP > >> 7hroI1tkmFwOOVOqUs8YFevk0ma39L1OCaZ4tkr2rr0Tv0pkkgrCdXiHJIWrUNNEHrsQsePKlcn7 > >> 3TI.yj5J2Xocsga14Zqbnn6Nkm8QYuTeELAPA5RIb4VUNcptkCZQcyeUF8ikKx9aVKM31kGveMNe > >> ANNorn_lvKSS9u2P95D2V6dsUcZwujC5ctuWOtFZN1qheWGIOXTfP3HkjaVIq9AYQBFX_EA50W1f > >> 3.O5tpuiZsim9J7g6CQxJPkQq4HzhmTNxAQ6iKABKju3ukJKUoFtNlC8V5qzon6y5M4AJEH3B1ep > >> ObjfCt_ERaTcEhRs2wQ_sCyg- > >> > >> from yahoo > >> - > > > > > > > > Where are the Received: headers? Don't remove them. > > > > > > > > -- Noel Jones > > > > > >> > >> > >> # postconf -n (sanitized also) > >> > >> > >> broken_sasl_auth_clients = yes > >> command_directory = /usr/local/sbin > >> compatibility_level = 2 > >> content_filter = amavisfeed:[127.0.0.1]:10024 > >> daemon_directory = /usr/local/libexec/postfix > >> data_directory = /var/db/postfix > >> debug_peer_level = 2 > >> debugger_command = > >> PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd > >> $daemon_directory/$process_name $process_id & sleep 5 home_mailbox > >> = Maildir/ html_directory = /usr/local/share/d
Re: TLS details not in header as viewed from email client (claws)
On 11/9/2016 9:32 AM, li...@lazygranch.com wrote: > I posted the entire header from claws. That is the receive header since I > sent the message from yahoo. > There are no Received: headers in what you posted. That's where the TLS information is found. Either your claws is set to hide those headers or you've configured postfix header_checks to remove them with an IGNORE statement. Don't do that. -- Noel Jones > > Original Message > From: Noel Jones > Sent: Wednesday, November 9, 2016 6:53 AM > To: postfix-users@postfix.org > Reply To: postfix users > Subject: Re: TLS details not in header as viewed from email client (claws) > > On 11/9/2016 2:56 AM, li...@lazygranch.com wrote: >> I no longer see TLS details in the header. I checked maillog and >> TLS is being established. >> --- >> From maillog: >> Nov 8 07:49:44 theranch postfix/smtpd[30627]: Anonymous TLS connection >> established from nm27.bullet.mail.ne1.yahoo.com[98.138.90.90]: TLSv1.2 >> with cipher ECDHE-RSA-AES128-GCM-SHA2 56 (128/128 bits) >> >> >> Header (slightly sanitized to stay off of google) >> - >> From: some dude >> To: "me" >> Subject: from yahoo >> Date: Tue, 8 Nov 2016 07:49:41 + (UTC) >> Reply-To: some dude >> Return-Path: >> X-Original-To: m...@mydomain.com >> Delivered-To: m...@mydomain.com >> X-Virus-Scanned: amavisd-new at mydomain.com >> Authentication-Results: www.mydomain.com (amavisd-new); >> dkim=pass (2048-bit key) header.d=yahoo.com >> DKIM-Filter: OpenDKIM Filter v2.10.3 www.mydomain.com 6AA43EB20F >> Authentication-Results: mydomain.com; >> dkim=pass (2048-bit key; unprotected) header.d=yahoo.com >> header.i=@yahoo.com header.b=trAlWMaE DKIM-Signature: v=1; >> a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1478591383; >> bh=cRZGv5wOLgNFzbAfI5tLNkRMXYbHl/vWifDflA5eMtw=; >> h=Date:From:Reply-To:To:Subject:References:From:Subject; >> b=trAlWMaE/s+6aINuk6b6ySW6h1CZF6LiKQOfQgoUg4i8JzjySXbgBkAOuH+GAb55+QQHA6A8sjJeK77UvhVUS+BkAyZMiTAMkt8m9kMe77m31MjzWQ4Ig82CXogOA5+SESyKrwZZAuipFGuIq4APO06SM0hCGBmUJYHNuYytxKpTrW5FT8TFXm89vq2+MspXjd1k75qcQ+fF1kwst3n6X28teuV6o65mInGqL9vkrPrwtOGihdQqcrepyEkRnU7RflFRb1rtC0zS9pVuo1/ZcJjKeldeHsYzDzDpdiOiJNXokcRot/X5yidLYkgI5JkSPbFHe+HgQupWXOxdMxI8iQ== >> X-Yahoo-Newman-Property: ymail-3 X-Yahoo-Newman-Id: >> 878361.88180...@omp1007.mail.ne1.yahoo.com X-YMail-OSG: >> nEWp4QsVM1nZt5mFz73vbEgYx.Lt3B_GBcEvOTw0Vp0LtD3J99f0OjdWkUcARg5 >> fQOYXcuRTpVY9z.FPYba81.F6ZWzTg7R9.2qD4awC6TFWAARiWK43ECrmkWodJuHDdL8gxc3OyX5 >> LAcxtI9b9TGqh0OfPAU1dWmpLs3sALzDSN3bWIvvbmDfRoJfwshV.Z3NlBRXE0BTRlXIEZ9yTMHP >> 7hroI1tkmFwOOVOqUs8YFevk0ma39L1OCaZ4tkr2rr0Tv0pkkgrCdXiHJIWrUNNEHrsQsePKlcn7 >> 3TI.yj5J2Xocsga14Zqbnn6Nkm8QYuTeELAPA5RIb4VUNcptkCZQcyeUF8ikKx9aVKM31kGveMNe >> ANNorn_lvKSS9u2P95D2V6dsUcZwujC5ctuWOtFZN1qheWGIOXTfP3HkjaVIq9AYQBFX_EA50W1f >> 3.O5tpuiZsim9J7g6CQxJPkQq4HzhmTNxAQ6iKABKju3ukJKUoFtNlC8V5qzon6y5M4AJEH3B1ep >> ObjfCt_ERaTcEhRs2wQ_sCyg- >> >> from yahoo >> - > > > > Where are the Received: headers? Don't remove them. > > > > -- Noel Jones > > >> >> >> # postconf -n (sanitized also) >> >> >> broken_sasl_auth_clients = yes >> command_directory = /usr/local/sbin >> compatibility_level = 2 >> content_filter = amavisfeed:[127.0.0.1]:10024 >> daemon_directory = /usr/local/libexec/postfix >> data_directory = /var/db/postfix >> debug_peer_level = 2 >> debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd >> $daemon_directory/$process_name $process_id & sleep 5 >> home_mailbox = Maildir/ >> html_directory = /usr/local/share/doc/postfix >> inet_interfaces = all >> inet_protocols = ipv4 >> lmtp_tls_mandatory_protocols = !SSLv2, !SSLv3 >> lmtp_tls_protocols = !SSLv2, !SSLv3 >> mail_owner = postfix >> mailbox_command = /usr/local/libexec/dovecot/deliver >> mailbox_size_limit = 0 >> mailq_path = /usr/local/bin/mailq >> manpage_directory = /usr/local/man >> message_size_limit = 0 >> milter_default_action = accept >> milter_protocol = 6 >> mydomain = somedomain.com >> myhostname = www.somedomain.com >> mynetworks_style = host >> myorigin = $mydomain >> newaliases_path = /usr/local/bin/newaliases >> non_smtpd_milters = $smtpd_milters >> policyd-spf_time_limit = 3600 >> queue_directory = /var/spool/postfix >> readme_directory = /usr/local/share/doc/postfix >> sample_directo
Re: TLS details not in header as viewed from email client (claws)
I posted the entire header from claws. That is the receive header since I sent the message from yahoo. Original Message From: Noel Jones Sent: Wednesday, November 9, 2016 6:53 AM To: postfix-users@postfix.org Reply To: postfix users Subject: Re: TLS details not in header as viewed from email client (claws) On 11/9/2016 2:56 AM, li...@lazygranch.com wrote: > I no longer see TLS details in the header. I checked maillog and > TLS is being established. > --- > From maillog: > Nov 8 07:49:44 theranch postfix/smtpd[30627]: Anonymous TLS connection > established from nm27.bullet.mail.ne1.yahoo.com[98.138.90.90]: TLSv1.2 > with cipher ECDHE-RSA-AES128-GCM-SHA2 56 (128/128 bits) > > > Header (slightly sanitized to stay off of google) > - > From: some dude > To: "me" > Subject: from yahoo > Date: Tue, 8 Nov 2016 07:49:41 + (UTC) > Reply-To: some dude > Return-Path: > X-Original-To: m...@mydomain.com > Delivered-To: m...@mydomain.com > X-Virus-Scanned: amavisd-new at mydomain.com > Authentication-Results: www.mydomain.com (amavisd-new); > dkim=pass (2048-bit key) header.d=yahoo.com > DKIM-Filter: OpenDKIM Filter v2.10.3 www.mydomain.com 6AA43EB20F > Authentication-Results: mydomain.com; > dkim=pass (2048-bit key; unprotected) header.d=yahoo.com > header.i=@yahoo.com header.b=trAlWMaE DKIM-Signature: v=1; > a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1478591383; > bh=cRZGv5wOLgNFzbAfI5tLNkRMXYbHl/vWifDflA5eMtw=; > h=Date:From:Reply-To:To:Subject:References:From:Subject; > b=trAlWMaE/s+6aINuk6b6ySW6h1CZF6LiKQOfQgoUg4i8JzjySXbgBkAOuH+GAb55+QQHA6A8sjJeK77UvhVUS+BkAyZMiTAMkt8m9kMe77m31MjzWQ4Ig82CXogOA5+SESyKrwZZAuipFGuIq4APO06SM0hCGBmUJYHNuYytxKpTrW5FT8TFXm89vq2+MspXjd1k75qcQ+fF1kwst3n6X28teuV6o65mInGqL9vkrPrwtOGihdQqcrepyEkRnU7RflFRb1rtC0zS9pVuo1/ZcJjKeldeHsYzDzDpdiOiJNXokcRot/X5yidLYkgI5JkSPbFHe+HgQupWXOxdMxI8iQ== > X-Yahoo-Newman-Property: ymail-3 X-Yahoo-Newman-Id: > 878361.88180...@omp1007.mail.ne1.yahoo.com X-YMail-OSG: > nEWp4QsVM1nZt5mFz73vbEgYx.Lt3B_GBcEvOTw0Vp0LtD3J99f0OjdWkUcARg5 > fQOYXcuRTpVY9z.FPYba81.F6ZWzTg7R9.2qD4awC6TFWAARiWK43ECrmkWodJuHDdL8gxc3OyX5 > LAcxtI9b9TGqh0OfPAU1dWmpLs3sALzDSN3bWIvvbmDfRoJfwshV.Z3NlBRXE0BTRlXIEZ9yTMHP > 7hroI1tkmFwOOVOqUs8YFevk0ma39L1OCaZ4tkr2rr0Tv0pkkgrCdXiHJIWrUNNEHrsQsePKlcn7 > 3TI.yj5J2Xocsga14Zqbnn6Nkm8QYuTeELAPA5RIb4VUNcptkCZQcyeUF8ikKx9aVKM31kGveMNe > ANNorn_lvKSS9u2P95D2V6dsUcZwujC5ctuWOtFZN1qheWGIOXTfP3HkjaVIq9AYQBFX_EA50W1f > 3.O5tpuiZsim9J7g6CQxJPkQq4HzhmTNxAQ6iKABKju3ukJKUoFtNlC8V5qzon6y5M4AJEH3B1ep > ObjfCt_ERaTcEhRs2wQ_sCyg- > > from yahoo > - Where are the Received: headers? Don't remove them. -- Noel Jones > > > # postconf -n (sanitized also) > > > broken_sasl_auth_clients = yes > command_directory = /usr/local/sbin > compatibility_level = 2 > content_filter = amavisfeed:[127.0.0.1]:10024 > daemon_directory = /usr/local/libexec/postfix > data_directory = /var/db/postfix > debug_peer_level = 2 > debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd > $daemon_directory/$process_name $process_id & sleep 5 > home_mailbox = Maildir/ > html_directory = /usr/local/share/doc/postfix > inet_interfaces = all > inet_protocols = ipv4 > lmtp_tls_mandatory_protocols = !SSLv2, !SSLv3 > lmtp_tls_protocols = !SSLv2, !SSLv3 > mail_owner = postfix > mailbox_command = /usr/local/libexec/dovecot/deliver > mailbox_size_limit = 0 > mailq_path = /usr/local/bin/mailq > manpage_directory = /usr/local/man > message_size_limit = 0 > milter_default_action = accept > milter_protocol = 6 > mydomain = somedomain.com > myhostname = www.somedomain.com > mynetworks_style = host > myorigin = $mydomain > newaliases_path = /usr/local/bin/newaliases > non_smtpd_milters = $smtpd_milters > policyd-spf_time_limit = 3600 > queue_directory = /var/spool/postfix > readme_directory = /usr/local/share/doc/postfix > sample_directory = /usr/local/etc/postfix > sendmail_path = /usr/local/sbin/sendmail > setgid_group = maildrop > smtp_tls_ciphers = medium > smtp_tls_exclude_ciphers = EXPORT, LOW > smtp_tls_loglevel = 2 > smtp_tls_mandatory_protocols = !SSLv2, !SSLv3 > smtp_tls_protocols = !SSLv2, !SSLv3 > smtp_tls_security_level = may > smtpd_client_restrictions = permit_sasl_authenticated, permit_mynetworks, > reject_unauth_destination, check_client_access > hash:/usr/local/etc/postfix/spamsources > smtpd_milters = inet:127.0.0.1:8891 > smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, > reject_unauth_destination, check_client_access > hash:/usr/local/etc/postfix/rbl_override, reject_rbl_client > rhs
Re: TLS details not in header as viewed from email client (claws)
On 11/9/2016 2:56 AM, li...@lazygranch.com wrote: > I no longer see TLS details in the header. I checked maillog and > TLS is being established. > --- > From maillog: > Nov 8 07:49:44 theranch postfix/smtpd[30627]: Anonymous TLS connection > established from nm27.bullet.mail.ne1.yahoo.com[98.138.90.90]: TLSv1.2 > with cipher ECDHE-RSA-AES128-GCM-SHA2 56 (128/128 bits) > > > Header (slightly sanitized to stay off of google) > - > From: some dude > To: "me" > Subject: from yahoo > Date: Tue, 8 Nov 2016 07:49:41 + (UTC) > Reply-To: some dude > Return-Path: > X-Original-To: m...@mydomain.com > Delivered-To: m...@mydomain.com > X-Virus-Scanned: amavisd-new at mydomain.com > Authentication-Results: www.mydomain.com (amavisd-new); > dkim=pass (2048-bit key) header.d=yahoo.com > DKIM-Filter: OpenDKIM Filter v2.10.3 www.mydomain.com 6AA43EB20F > Authentication-Results: mydomain.com; > dkim=pass (2048-bit key; unprotected) header.d=yahoo.com > header.i=@yahoo.com header.b=trAlWMaE DKIM-Signature: v=1; > a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1478591383; > bh=cRZGv5wOLgNFzbAfI5tLNkRMXYbHl/vWifDflA5eMtw=; > h=Date:From:Reply-To:To:Subject:References:From:Subject; > b=trAlWMaE/s+6aINuk6b6ySW6h1CZF6LiKQOfQgoUg4i8JzjySXbgBkAOuH+GAb55+QQHA6A8sjJeK77UvhVUS+BkAyZMiTAMkt8m9kMe77m31MjzWQ4Ig82CXogOA5+SESyKrwZZAuipFGuIq4APO06SM0hCGBmUJYHNuYytxKpTrW5FT8TFXm89vq2+MspXjd1k75qcQ+fF1kwst3n6X28teuV6o65mInGqL9vkrPrwtOGihdQqcrepyEkRnU7RflFRb1rtC0zS9pVuo1/ZcJjKeldeHsYzDzDpdiOiJNXokcRot/X5yidLYkgI5JkSPbFHe+HgQupWXOxdMxI8iQ== > X-Yahoo-Newman-Property: ymail-3 X-Yahoo-Newman-Id: > 878361.88180...@omp1007.mail.ne1.yahoo.com X-YMail-OSG: > nEWp4QsVM1nZt5mFz73vbEgYx.Lt3B_GBcEvOTw0Vp0LtD3J99f0OjdWkUcARg5 > fQOYXcuRTpVY9z.FPYba81.F6ZWzTg7R9.2qD4awC6TFWAARiWK43ECrmkWodJuHDdL8gxc3OyX5 > LAcxtI9b9TGqh0OfPAU1dWmpLs3sALzDSN3bWIvvbmDfRoJfwshV.Z3NlBRXE0BTRlXIEZ9yTMHP > 7hroI1tkmFwOOVOqUs8YFevk0ma39L1OCaZ4tkr2rr0Tv0pkkgrCdXiHJIWrUNNEHrsQsePKlcn7 > 3TI.yj5J2Xocsga14Zqbnn6Nkm8QYuTeELAPA5RIb4VUNcptkCZQcyeUF8ikKx9aVKM31kGveMNe > ANNorn_lvKSS9u2P95D2V6dsUcZwujC5ctuWOtFZN1qheWGIOXTfP3HkjaVIq9AYQBFX_EA50W1f > 3.O5tpuiZsim9J7g6CQxJPkQq4HzhmTNxAQ6iKABKju3ukJKUoFtNlC8V5qzon6y5M4AJEH3B1ep > ObjfCt_ERaTcEhRs2wQ_sCyg- > > from yahoo > - Where are the Received: headers? Don't remove them. -- Noel Jones > > > # postconf -n (sanitized also) > > > broken_sasl_auth_clients = yes > command_directory = /usr/local/sbin > compatibility_level = 2 > content_filter = amavisfeed:[127.0.0.1]:10024 > daemon_directory = /usr/local/libexec/postfix > data_directory = /var/db/postfix > debug_peer_level = 2 > debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd > $daemon_directory/$process_name $process_id & sleep 5 > home_mailbox = Maildir/ > html_directory = /usr/local/share/doc/postfix > inet_interfaces = all > inet_protocols = ipv4 > lmtp_tls_mandatory_protocols = !SSLv2, !SSLv3 > lmtp_tls_protocols = !SSLv2, !SSLv3 > mail_owner = postfix > mailbox_command = /usr/local/libexec/dovecot/deliver > mailbox_size_limit = 0 > mailq_path = /usr/local/bin/mailq > manpage_directory = /usr/local/man > message_size_limit = 0 > milter_default_action = accept > milter_protocol = 6 > mydomain = somedomain.com > myhostname = www.somedomain.com > mynetworks_style = host > myorigin = $mydomain > newaliases_path = /usr/local/bin/newaliases > non_smtpd_milters = $smtpd_milters > policyd-spf_time_limit = 3600 > queue_directory = /var/spool/postfix > readme_directory = /usr/local/share/doc/postfix > sample_directory = /usr/local/etc/postfix > sendmail_path = /usr/local/sbin/sendmail > setgid_group = maildrop > smtp_tls_ciphers = medium > smtp_tls_exclude_ciphers = EXPORT, LOW > smtp_tls_loglevel = 2 > smtp_tls_mandatory_protocols = !SSLv2, !SSLv3 > smtp_tls_protocols = !SSLv2, !SSLv3 > smtp_tls_security_level = may > smtpd_client_restrictions = permit_sasl_authenticated, permit_mynetworks, > reject_unauth_destination, check_client_access > hash:/usr/local/etc/postfix/spamsources > smtpd_milters = inet:127.0.0.1:8891 > smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, > reject_unauth_destination, check_client_access > hash:/usr/local/etc/postfix/rbl_override, reject_rbl_client > rhsbl.scientificspam.net, reject_rbl_client bl.spamcop.net, reject_rbl_client > cbl.abuseat.org, reject_rbl_client b.barracudacentral.org, reject_rbl_client > ix.dnsbl.manitu.net, reject_rbl_client rabl.nuclearelephant.com, > reject_rbl_client zen.spamhaus.org, check_policy_service > unix:private/policyd-spf, permit > smtpd_relay_restrictions = permit_sasl_authenticated, permit_mynetworks, > reject_unauth_destination > smtpd_sasl_auth_enable = yes > smtpd_sasl_path = private/auth > smtpd_sasl_security_options = noanonymous > smtpd_sasl_type = dovecot > smtpd_sender_restrictions = permit_sasl_authenticated, permit_my
TLS details not in header as viewed from email client (claws)
I no longer see TLS details in the header. I checked maillog and TLS is being established. --- From maillog: Nov 8 07:49:44 theranch postfix/smtpd[30627]: Anonymous TLS connection established from nm27.bullet.mail.ne1.yahoo.com[98.138.90.90]: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA2 56 (128/128 bits) Header (slightly sanitized to stay off of google) - From: some dude To: "me" Subject: from yahoo Date: Tue, 8 Nov 2016 07:49:41 + (UTC) Reply-To: some dude Return-Path: X-Original-To: m...@mydomain.com Delivered-To: m...@mydomain.com X-Virus-Scanned: amavisd-new at mydomain.com Authentication-Results: www.mydomain.com (amavisd-new); dkim=pass (2048-bit key) header.d=yahoo.com DKIM-Filter: OpenDKIM Filter v2.10.3 www.mydomain.com 6AA43EB20F Authentication-Results: mydomain.com; dkim=pass (2048-bit key; unprotected) header.d=yahoo.com header.i=@yahoo.com header.b=trAlWMaE DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1478591383; bh=cRZGv5wOLgNFzbAfI5tLNkRMXYbHl/vWifDflA5eMtw=; h=Date:From:Reply-To:To:Subject:References:From:Subject; b=trAlWMaE/s+6aINuk6b6ySW6h1CZF6LiKQOfQgoUg4i8JzjySXbgBkAOuH+GAb55+QQHA6A8sjJeK77UvhVUS+BkAyZMiTAMkt8m9kMe77m31MjzWQ4Ig82CXogOA5+SESyKrwZZAuipFGuIq4APO06SM0hCGBmUJYHNuYytxKpTrW5FT8TFXm89vq2+MspXjd1k75qcQ+fF1kwst3n6X28teuV6o65mInGqL9vkrPrwtOGihdQqcrepyEkRnU7RflFRb1rtC0zS9pVuo1/ZcJjKeldeHsYzDzDpdiOiJNXokcRot/X5yidLYkgI5JkSPbFHe+HgQupWXOxdMxI8iQ== X-Yahoo-Newman-Property: ymail-3 X-Yahoo-Newman-Id: 878361.88180...@omp1007.mail.ne1.yahoo.com X-YMail-OSG: nEWp4QsVM1nZt5mFz73vbEgYx.Lt3B_GBcEvOTw0Vp0LtD3J99f0OjdWkUcARg5 fQOYXcuRTpVY9z.FPYba81.F6ZWzTg7R9.2qD4awC6TFWAARiWK43ECrmkWodJuHDdL8gxc3OyX5 LAcxtI9b9TGqh0OfPAU1dWmpLs3sALzDSN3bWIvvbmDfRoJfwshV.Z3NlBRXE0BTRlXIEZ9yTMHP 7hroI1tkmFwOOVOqUs8YFevk0ma39L1OCaZ4tkr2rr0Tv0pkkgrCdXiHJIWrUNNEHrsQsePKlcn7 3TI.yj5J2Xocsga14Zqbnn6Nkm8QYuTeELAPA5RIb4VUNcptkCZQcyeUF8ikKx9aVKM31kGveMNe ANNorn_lvKSS9u2P95D2V6dsUcZwujC5ctuWOtFZN1qheWGIOXTfP3HkjaVIq9AYQBFX_EA50W1f 3.O5tpuiZsim9J7g6CQxJPkQq4HzhmTNxAQ6iKABKju3ukJKUoFtNlC8V5qzon6y5M4AJEH3B1ep ObjfCt_ERaTcEhRs2wQ_sCyg- from yahoo - # postconf -n (sanitized also) broken_sasl_auth_clients = yes command_directory = /usr/local/sbin compatibility_level = 2 content_filter = amavisfeed:[127.0.0.1]:10024 daemon_directory = /usr/local/libexec/postfix data_directory = /var/db/postfix debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5 home_mailbox = Maildir/ html_directory = /usr/local/share/doc/postfix inet_interfaces = all inet_protocols = ipv4 lmtp_tls_mandatory_protocols = !SSLv2, !SSLv3 lmtp_tls_protocols = !SSLv2, !SSLv3 mail_owner = postfix mailbox_command = /usr/local/libexec/dovecot/deliver mailbox_size_limit = 0 mailq_path = /usr/local/bin/mailq manpage_directory = /usr/local/man message_size_limit = 0 milter_default_action = accept milter_protocol = 6 mydomain = somedomain.com myhostname = www.somedomain.com mynetworks_style = host myorigin = $mydomain newaliases_path = /usr/local/bin/newaliases non_smtpd_milters = $smtpd_milters policyd-spf_time_limit = 3600 queue_directory = /var/spool/postfix readme_directory = /usr/local/share/doc/postfix sample_directory = /usr/local/etc/postfix sendmail_path = /usr/local/sbin/sendmail setgid_group = maildrop smtp_tls_ciphers = medium smtp_tls_exclude_ciphers = EXPORT, LOW smtp_tls_loglevel = 2 smtp_tls_mandatory_protocols = !SSLv2, !SSLv3 smtp_tls_protocols = !SSLv2, !SSLv3 smtp_tls_security_level = may smtpd_client_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, check_client_access hash:/usr/local/etc/postfix/spamsources smtpd_milters = inet:127.0.0.1:8891 smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, check_client_access hash:/usr/local/etc/postfix/rbl_override, reject_rbl_client rhsbl.scientificspam.net, reject_rbl_client bl.spamcop.net, reject_rbl_client cbl.abuseat.org, reject_rbl_client b.barracudacentral.org, reject_rbl_client ix.dnsbl.manitu.net, reject_rbl_client rabl.nuclearelephant.com, reject_rbl_client zen.spamhaus.org, check_policy_service unix:private/policyd-spf, permit smtpd_relay_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, check_sender_access hash:/usr/local/etc/postfix/spamsources smtpd_tls_auth_only = yes smtpd_tls_cert_file = /usr/local/etc/ipsec.d/certs/somedomain.com.crt smtpd_tls_ciphers = medium smtpd_tls_exclude_ciphers = EXPORT, LOW smtpd_tls_key_file = /usr/local/etc/ipsec.d/private/somedomain.com.key smtpd_tls_