[pfx] Re: TLS Library Problem

2024-05-12 Thread Jason Hirsh via Postfix-users 
Thanks. Was just confirming ,   Yes self signed.  I broke certbot

> On May 12, 2024, at 4:55 AM, Viktor Dukhovni via Postfix-users 
>  wrote:
> 
> On Sat, May 11, 2024 at 11:55:14PM -0400, Jason Hirsh via Postfix-users 
> wrote:
> 
>> I have they error message
>> 
>> postfix/smtps/smtpd[39559]: warning: TLS library problem:
>> error:14094416:SSL routines:ssl3_read_bytes:
>> sslv3 alert certificate unknown:
>> /usr/src/crypto/openssl/ssl/record/rec_layer_s3.c:1621:
>> SSL alert number 46:
> 
> The remote client was unable to validate your certificate.
> MUAs connecting to port 465 typicall expect a trusted certificate.
> 
> --
>Viktor.
> ___
> Postfix-users mailing list -- postfix-users@postfix.org
> To unsubscribe send an email to postfix-users-le...@postfix.org
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] TLS Library Problem

2024-05-11 Thread Jason Hirsh via Postfix-users 
Still chasing ssl/tls issue

I have they error message

postfix/smtps/smtpd[39559]: warning: TLS library problem: error:14094416:SSL 
routines:ssl3_read_bytes:sslv3 alert certificate 
unknown:/usr/src/crypto/openssl/ssl/record/rec_layer_s3.c:1621:SSL alert number 
46:



I am assuming the ie eher I ate being told my certificate is signed by an 
unknown entity
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: private/dovecot-lmtp]: Connection refused)

2024-05-11 Thread Jason Hirsh via Postfix-users 
My nonrandom action for tho morning OK I bandaided  my going back to an older 
main.cf but updating the ssl/tls infoThat brought mail back on line
Sort of

Dovecot still not happy with me but this error seems more warning and best 
suited to be addressed else where
 status=sent (delivered via dovecot service (lda(ja...@theoceanwindow.com): 
Error: net_connect_unix(/var/run/dovecot/stats-writer) failed: Permis))
May 11 09:33:00 triggerfish postfix/qmgr[52364]: 136046542A08: removed

Remember entropy can not be avoided

> On May 11, 2024, at 8:50 AM, Viktor Dukhovni via Postfix-users 
>  wrote:
> 
> On Sat, May 11, 2024 at 11:11:30AM +0200, Benny Pedersen via Postfix-users 
> wrote:
> 
>>> I am running Postfix/Dovecot/MySQL mail server.   It was doing ok
>>> until I tried to improve it., I
>> 
>> maybe just reboot ? :)
> 
> Unlikely to help.  Just restarting dovecot would be about the most
> that's needed, but more likely, configuring dovecot correctly, and
> then a "systemctl reload dovecot".  There's nothing to suggest the
> kernel needs a restart.
> 
>>> I am pretty sure I did something wromnhg with TLS/SSL.   Ai was
>>> working in certificates,   I have been at the so long my eye are
>>> crossed
>> 
>> in most cases postfix have sanitises settings pr default, so when you add
>> unsanitises settings in main.cf you asking for knowledge why its changed
> 
> This makes no sense.
> 
>>> smtpd_sasl_auth_enable = yes
>> 
>> remove this in main.cf
> 
> Irrelevant.
> 
>>> Any ideas or pointers or random thoughts would be appreciated
>> 
>> world is not random
> 
> But one does sometimes run into random advice...
> 
> -- 
>Viktor.
> ___
> Postfix-users mailing list -- postfix-users@postfix.org
> To unsubscribe send an email to postfix-users-le...@postfix.org

___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] private/dovecot-lmtp]: Connection refused)

2024-05-10 Thread Jason Hirsh via Postfix-users 
I am running Postfix/Dovecot/MySQL mail server.   It was doing ok until I tried 
to improve it., I
dsn=4.4.1, status=deferred (connect to 
triggerfish.theoceanwindow.com[private/dovecot-lmtp]: Connection refused)
May 10 20:11:27 triggerfish postfix/lmtp[47754]: 172816542AC3: 
to=, orig_to=, relay=none, delay=38307, 
delays=38307/0.01/0/0, dsn=4.4.1, status=deferred (connect to 
triggerfish.theoceanwindow.com[private/dovecot-lmtp]: Connection refused)
May 10 20:11:27 triggerfish postfix/lmtp[47753]: 1AC7E6542ABC: 
to=, orig_to=, relay=none, delay=42567, 
delays=42567/0.01/0/0, dsn=4.4.1, status=deferred (connect to 
triggerfish.theoceanwindow.com[private/dovecot-lmtp]: Connection refused)
May 10 20:11:27 triggerfish postfix/error[47747]: 18A9A6542AF4: 
to=, orig_to=, relay=none, delay=8847, 
delays=8847/0.01/0/0, dsn=4.4.1, status=deferred (delivery temporarily 
suspended: connect to triggerfish.theoceanwindow.com[private/dovecot-lmtp]: 
Connection refused)
May 10 20:11:27 triggerfish postfix/error[47747]: 4C6E96542AFF: 
to=, orig_to=, relay=none, delay=2307, 
delays=2307/0.02/0/0, dsn=4.4.1, status=deferred (delivery temporarily 
suspended: connect to triggerfish.theoceanwindow.com[private/dovecot-lmtp]: 
Connection refused)
May 10 20:11:27 triggerfish postfix/error[47747]: 2F0206542AA8: 
to=, orig_to=, relay=none, delay=54987, 
delays=54987/0.02/0/0, dsn=4.4.1, status=deferred (delivery temporarily 
suspended: connect to triggerfish.theoceanwindow.com[private/dovecot-lmtp]: 
Connection refused)
May 10 20:11:27 triggerfish postfix/error[47758]: 218B16542ACA: 
to=, orig_to=, relay=none, delay=34047, 
delays=34047/0.02/0/0, dsn=4.4.1, status=deferred (delivery temporarily 
suspended: connect to triggerfish.theoceanwindow.com[private/dovecot-lmtp]: 
Connection refused)
May 10 20:11:27 triggerfish postfix/error[47747]: 29B2A6542AED: 
to=, orig_to=, relay=none, delay=13107, 
delays=13107/0.02/0/0, dsn=4.4.1, status=deferred (delivery temporarily 
suspended: connect to triggerfish.theoceanwindow.com[private/dovecot-lmtp]: 
Connection refused)
May 10 20:11:27 triggerfish postfix/error[47758]: 0EEAE6542AFC: 
to=, orig_to=, relay=none, delay=4587, 
delays=4587/0.02/0/0, dsn=4.4.1,
I am pretty sure I did something wromnhg with TLS/SSL.   Ai was working in 
certificates,   I have been at the so long my eye are crossed

postfixconf: Command not found.
root@triggerfish:/home/jason # posconf -n
posconf: Command not found.
root@triggerfish:/home/jason # postconf -n
broken_sasl_auth_clients = yes
command_directory = /usr/local/sbin
compatibility_level = 3.6
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd 
$daemon_directory/$process_name $process_id & sleep 5
disable_vrfy_command = yes
dovecot_destination_recipient_limit = 1
header_checks = regexp:/usr/local/etc/postfix/header_checks
html_directory = /usr/local/share/doc/postfix
inet_protocols = ipv4
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
message_size_limit = 2560
meta_directory = /usr/local/libexec/postfix
mydestination = localhost.$mydomain, localhost, $myhostname
mydomain = theoceanwindow.com
myhostname = triggerfish.theoceanwindow.com
mynetworks = 209.160.65.133, 209.160.64.187, 127.0.0.0/8
newaliases_path = /usr/local/bin/newaliases
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps 
$virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains 
$relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps 
$recipient_canonical_maps $relocated_maps $transport_maps $mynetworks 
$virtual_mailbox_limit_maps
readme_directory = /usr/local/share/doc/postfix
relay_domains = proxy:mysql:/usr/local/etc/postfix/mysql_relay_domains_maps.cf
relay_recipient_maps = 
proxy:mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_maps.cf
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
shlib_directory = /usr/local/lib/postfix
smtp_tls_ciphers = high
smtp_tls_exclude_ciphers = MD5, DES, ADH, RC4, PSD, SRP, 3DES, eNULL, aNULL
smtp_tls_mandatory_ciphers = high
smtp_tls_mandatory_exclude_ciphers = MD5, DES, ADH, RC4, PSD, SRP, 3DES, eNULL, 
aNULL
smtp_tls_mandatory_protocols = !TLSv1, !SSLv2, !SSLv3
smtp_tls_note_starttls_offer = yes
smtp_tls_protocols = !TLSv1, !SSLv2, !SSLv3
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions = permit, permit_mynetworks, permit_sasl_authenticated, 
reject_invalid_hostname, reject_unknown_hostname, reject_non_fqdn_hostname, 
reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, permit
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, 
reject_non_fqdn_hostname, reject_non_fqdn_