I confirm it was a SNI issue. Some people were using custom MX names
pointing to our IPs, and some senders didn't like the default certificate.
Thank you all!
Camille
Le 12/09/2023 à 15:04, Taavi Eomäe via mailop a écrit :
On 12/09/2023 15:33, Bill Cole via mailop wrote:
Your CA
Ken.
On 12 Sep 2023, at 12:28, Camille - Clean Mailbox via mailop
wrote:
Hi,
└─# openssl s_client -connect mx.clean-mailbox.com:25 -starttls smtp
CONNECTED(0003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN
cific error in your logs?
Ken.
On 12 Sep 2023, at 10:50, Camille - Clean Mailbox via mailop
wrote:
Ok I'm now running RSA without DST cert:
# openssl crl2pkcs7 -nocrl -certfile
/etc/letsencrypt/live/clean-mailbox.com/fullchain.pem
<http://clean-mailbox.com/fullchain.pem>| openssl p
Ok I'm now running RSA without DST cert:
# openssl crl2pkcs7 -nocrl -certfile
/etc/letsencrypt/live/clean-mailbox.com/fullchain.pem | openssl pkcs7
-print_certs -noout
subject=CN = clean-mailbox.com
issuer=C = US, O = Let's Encrypt, CN = R3
subject=C = US, O = Let's Encrypt, CN = R3
issuer=C
Hi,
Just changed it to RSA, still have the same kind of errors:
2023-09-12T09:32:42.528685+02:00 mx1 postfix/smtpd[903460]: SSL_accept
error from o167.p8.mailjet.com[87.253.233.167]: -1
2023-09-12T09:32:42.528920+02:00 mx1 postfix/smtpd[903460]: warning: TLS
library problem:
-mailbox.ini
server = https://acme-v02.api.letsencrypt.org/directory
key_type = ecdsa
I'm not sure how I can get rid of this DST Root CA X3.
Best regards,
Camille
Le 12/09/2023 à 08:42, James Renken via mailop a écrit :
Hi, Camille,
On 2023-09-12 06:18, Camille - Clean Mailbox via mailop wrote
:54, ml+mailop--- via mailop a écrit :
On Mon, Sep 11, 2023, Camille - Clean Mailbox via mailop wrote:
2023-09-11T22:47:26.496119+02:00 mx1 postfix/smtpd[850937]: warning: TLS
library problem: error:0AC1:SSL routines::no shared
cipher:../ssl/statem/statem_srvr.c:2220:
Did you change
connection, as I've
disabled it in Postfix.
Best regards,
Camille
Le 12/09/2023 à 00:26, Bill Cole via mailop a écrit :
On 2023-09-11 at 17:05:00 UTC-0400 (Mon, 11 Sep 2023 23:05:00 +0200)
Camille - Clean Mailbox via mailop
is rumored to have said:
Dear co-listers,
I'm seeing an increase of SSL
Dear co-listers,
I'm seeing an increase of SSL/TLS errors for incoming emails to our
service over the last few weeks.
Example from Mailjet, which is (I suppose) able to send email in TLS 1.2
or 1.3 instead of SSLv3:
2023-09-11T21:19:31.079142+02:00 mx4 postfix/smtpd[633448]: SSL_accept
Maybe your IP is not blocked (as they told you in form result) but what about
any IP range that includes your IP? If it’s an IP range ban, your IP is not
explicitly blocked so form won’t find it in the list.
> Le 18 janv. 2022 à 01:07, John Gateley via mailop a écrit
> :
>
> Hi Alex, and
Hi,
We also see new wave from the following sender schemas:
*@*.vps.ovh.ca
*@*.cg.shawcable.net
*@HI.com
*@*.ip-54-39-131.net
*@*.ip-192-99-137.net
*@*.contaboserver.net
*@*.res.spectrum.com
*@*.res.rr.com
*@*.ftmy.centurylink.net
We are able to detect & block them before they reach our
Bonjour Benoît,
It's obvious that they are trying to infect Windows users with Adobe Acrobat
Reader, they are targetting the (probably) most common configuration on
Internet, and especially for our well nown Mme Michu.
I've seen few of them here, but all detected as malware & spam.
Best
In case it can help, we do email gateway filtering since years
Cam'
-Message d'origine-
De : mailop De la part de Guillaume Tournat via
mailop
Envoyé : mercredi 17 février 2021 00:43
À : Tim Bray
Cc : mailop@mailop.org
Objet : Re: [mailop] Current OSS anti-spam software best
+1 :)
> Le 13 févr. 2021 à 01:21, Stefano Bagnara via mailop a
> écrit :
>
> On Thu, 11 Feb 2021 at 18:49, Rob McEwen via mailop
> wrote:
>> These questions! WOW! IS THIS FOR REAL? Don't get me wrong, I like Len
>> Shneyder
>> and I think he's a good person TRYING to do the right thing -
Also, a trusted user can be hacked and his account hijacked to send spam.
> Le 5 févr. 2021 à 18:25, Marcel Becker via mailop a écrit
> :
>
>
>> On Fri, Feb 5, 2021 at 9:18 AM Thomas Walter via mailop
>> wrote:
>
>>
>> You can not trust users to identify spam.
>
> This. A Thousand
Not an easy to determine what is a justified abuse report and what is not...
> On Fri, Feb 5, 2021 at 4:38 AM Michael Orlitzky via mailop <
> mailop@mailop.org> wrote:
>
>> Pay more and more people to do it, until the number of unhandled abuse
>> reports at the end of the day is zero. It scales
16 matches
Mail list logo