Re: TLS details not in header as viewed from email client (claws)

2016-11-09 Thread li...@lazygranch.com 
The claws group sent me on a wild goose chase. Postfix seems to work
just fine with Seamonkey email. The TLS portion of the header follows.


from nm24-vm3.bullet.mail.ne1.yahoo.com
(nm24-vm3.bullet.mail.ne1.yahoo.com [98.138.91.154]) (using TLSv1.2
with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client
certificate requested) by www.inplanesight.org (Postfix) with ESMTPS id
2E255EB20F for <g...@inplanesight.org>; Tue,  8 Nov 2016 07:22:25 +
(UTC)

On Wed, 9 Nov 2016 09:03:12 -0800
"li...@lazygranch.com" <li...@lazygranch.com> wrote:

> "smtpd_tls_received_header = yes" is in the postconf. But I appreciate
> the heads up on what to look for. So many parameters!
> 
> I'm going to set up a different mail client as a double check. The
> Claws people say nothing has changed on their end, but who knows. If
> I just set up a second imap, there shouldn't be any lost mail issues. 
> 
> 
> On Wed, 9 Nov 2016 10:17:04 -0600
> Noel Jones <njo...@megan.vbhcs.org> wrote:
> 
> > On 11/9/2016 9:32 AM, li...@lazygranch.com wrote:  
> > > I posted the entire header from claws. That is the receive header
> > > since I sent the message from yahoo.
> > >   
> > 
> > There are no Received: headers in what you posted.  That's where the
> > TLS information is found. Either your claws is set to hide those
> > headers or you've configured postfix header_checks to remove them
> > with an IGNORE statement.  Don't do that.
> > 
> > 
> > 
> >   -- Noel Jones
> >   
> > > 
> > >   Original Message  
> > > From: Noel Jones
> > > Sent: Wednesday, November 9, 2016 6:53 AM
> > > To: postfix-users@postfix.org
> > > Reply To: postfix users
> > > Subject: Re: TLS details not in header as viewed from email client
> > > (claws)
> > > 
> > > On 11/9/2016 2:56 AM, li...@lazygranch.com wrote:  
> > >> I no longer see TLS details in the header. I checked maillog and
> > >> TLS is being established.
> > >> ---
> > >> From maillog:
> > >> Nov 8 07:49:44 theranch postfix/smtpd[30627]: Anonymous TLS
> > >> connection established from
> > >> nm27.bullet.mail.ne1.yahoo.com[98.138.90.90]: TLSv1.2 with cipher
> > >> ECDHE-RSA-AES128-GCM-SHA2 56 (128/128 bits)
> > >> 
> > >>
> > >> Header (slightly sanitized to stay off of google)
> > >> -
> > >> From: some dude <somed...@yahoo.com>
> > >> To: "me" <m...@mydomain.com>
> > >> Subject: from yahoo
> > >> Date: Tue, 8 Nov 2016 07:49:41 + (UTC)
> > >> Reply-To: some dude <somed...@yahoo.com>
> > >> Return-Path: <somed...@yahoo.com>
> > >> X-Original-To: m...@mydomain.com
> > >> Delivered-To: m...@mydomain.com
> > >> X-Virus-Scanned: amavisd-new at mydomain.com
> > >> Authentication-Results: www.mydomain.com (amavisd-new);
> > >> dkim=pass (2048-bit key) header.d=yahoo.com
> > >> DKIM-Filter: OpenDKIM Filter v2.10.3 www.mydomain.com 6AA43EB20F
> > >> Authentication-Results: mydomain.com;
> > >> dkim=pass (2048-bit key; unprotected) header.d=yahoo.com
> > >> header.i=@yahoo.com header.b=trAlWMaE DKIM-Signature: v=1;
> > >> a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
> > >> t=1478591383; bh=cRZGv5wOLgNFzbAfI5tLNkRMXYbHl/vWifDflA5eMtw=;
> > >> h=Date:From:Reply-To:To:Subject:References:From:Subject;
> > >> b=trAlWMaE/s+6aINuk6b6ySW6h1CZF6LiKQOfQgoUg4i8JzjySXbgBkAOuH+GAb55+QQHA6A8sjJeK77UvhVUS+BkAyZMiTAMkt8m9kMe77m31MjzWQ4Ig82CXogOA5+SESyKrwZZAuipFGuIq4APO06SM0hCGBmUJYHNuYytxKpTrW5FT8TFXm89vq2+MspXjd1k75qcQ+fF1kwst3n6X28teuV6o65mInGqL9vkrPrwtOGihdQqcrepyEkRnU7RflFRb1rtC0zS9pVuo1/ZcJjKeldeHsYzDzDpdiOiJNXokcRot/X5yidLYkgI5JkSPbFHe+HgQupWXOxdMxI8iQ==
> > >> X-Yahoo-Newman-Property: ymail-3 X-Yahoo-Newman-Id:
> > >> 878361.88180...@omp1007.mail.ne1.yahoo.com X-YMail-OSG:
> > >> nEWp4QsVM1nZt5mFz73vbEgYx.Lt3B_GBcEvOTw0Vp0LtD3J99f0OjdWkUcARg5
> > >> fQOYXcuRTpVY9z.FPYba81.F6ZWzTg7R9.2qD4awC6TFWAARiWK43ECrmkWodJuHDdL8gxc3OyX5
> > >> LAcxtI9b9TGqh0OfPAU1dWmpLs3sALzDSN3bWIvvbmDfRoJfwshV.Z3NlBRXE0BTRlXIEZ9yTMHP
> > >> 7hroI1tkmFwOOVOqUs8YFevk0ma39L1OCaZ4tkr2rr0Tv0pkkgrCdXiHJIWrUNNEHrsQsePKlcn7
> > >> 3TI.yj5J2Xocsga14Zqbnn6Nkm8QYuTeELAPA5RIb4VUNcptkCZQcyeUF8ikKx9aVKM31kGveMNe
> > >> ANNorn_lvKSS9u2P95D2V6dsUcZwujC5ctuWOtFZN1qheWGIOXTfP3HkjaVIq9AYQBFX_EA50W1f
> >

Re: TLS details not in header as viewed from email client (claws)

2016-11-09 Thread li...@lazygranch.com 
"smtpd_tls_received_header = yes" is in the postconf. But I appreciate
the heads up on what to look for. So many parameters!

I'm going to set up a different mail client as a double check. The Claws
people say nothing has changed on their end, but who knows. If I just
set up a second imap, there shouldn't be any lost mail issues. 


On Wed, 9 Nov 2016 10:17:04 -0600
Noel Jones <njo...@megan.vbhcs.org> wrote:

> On 11/9/2016 9:32 AM, li...@lazygranch.com wrote:
> > I posted the entire header from claws. That is the receive header
> > since I sent the message from yahoo.
> > 
> 
> There are no Received: headers in what you posted.  That's where the
> TLS information is found. Either your claws is set to hide those
> headers or you've configured postfix header_checks to remove them
> with an IGNORE statement.  Don't do that.
> 
> 
> 
>   -- Noel Jones
> 
> > 
> >   Original Message  
> > From: Noel Jones
> > Sent: Wednesday, November 9, 2016 6:53 AM
> > To: postfix-users@postfix.org
> > Reply To: postfix users
> > Subject: Re: TLS details not in header as viewed from email client
> > (claws)
> > 
> > On 11/9/2016 2:56 AM, li...@lazygranch.com wrote:
> >> I no longer see TLS details in the header. I checked maillog and
> >> TLS is being established.
> >> ---
> >> From maillog:
> >> Nov 8 07:49:44 theranch postfix/smtpd[30627]: Anonymous TLS
> >> connection established from
> >> nm27.bullet.mail.ne1.yahoo.com[98.138.90.90]: TLSv1.2 with cipher
> >> ECDHE-RSA-AES128-GCM-SHA2 56 (128/128 bits)
> >> 
> >>
> >> Header (slightly sanitized to stay off of google)
> >> -
> >> From: some dude <somed...@yahoo.com>
> >> To: "me" <m...@mydomain.com>
> >> Subject: from yahoo
> >> Date: Tue, 8 Nov 2016 07:49:41 + (UTC)
> >> Reply-To: some dude <somed...@yahoo.com>
> >> Return-Path: <somed...@yahoo.com>
> >> X-Original-To: m...@mydomain.com
> >> Delivered-To: m...@mydomain.com
> >> X-Virus-Scanned: amavisd-new at mydomain.com
> >> Authentication-Results: www.mydomain.com (amavisd-new);
> >> dkim=pass (2048-bit key) header.d=yahoo.com
> >> DKIM-Filter: OpenDKIM Filter v2.10.3 www.mydomain.com 6AA43EB20F
> >> Authentication-Results: mydomain.com;
> >> dkim=pass (2048-bit key; unprotected) header.d=yahoo.com
> >> header.i=@yahoo.com header.b=trAlWMaE DKIM-Signature: v=1;
> >> a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
> >> t=1478591383; bh=cRZGv5wOLgNFzbAfI5tLNkRMXYbHl/vWifDflA5eMtw=;
> >> h=Date:From:Reply-To:To:Subject:References:From:Subject;
> >> b=trAlWMaE/s+6aINuk6b6ySW6h1CZF6LiKQOfQgoUg4i8JzjySXbgBkAOuH+GAb55+QQHA6A8sjJeK77UvhVUS+BkAyZMiTAMkt8m9kMe77m31MjzWQ4Ig82CXogOA5+SESyKrwZZAuipFGuIq4APO06SM0hCGBmUJYHNuYytxKpTrW5FT8TFXm89vq2+MspXjd1k75qcQ+fF1kwst3n6X28teuV6o65mInGqL9vkrPrwtOGihdQqcrepyEkRnU7RflFRb1rtC0zS9pVuo1/ZcJjKeldeHsYzDzDpdiOiJNXokcRot/X5yidLYkgI5JkSPbFHe+HgQupWXOxdMxI8iQ==
> >> X-Yahoo-Newman-Property: ymail-3 X-Yahoo-Newman-Id:
> >> 878361.88180...@omp1007.mail.ne1.yahoo.com X-YMail-OSG:
> >> nEWp4QsVM1nZt5mFz73vbEgYx.Lt3B_GBcEvOTw0Vp0LtD3J99f0OjdWkUcARg5
> >> fQOYXcuRTpVY9z.FPYba81.F6ZWzTg7R9.2qD4awC6TFWAARiWK43ECrmkWodJuHDdL8gxc3OyX5
> >> LAcxtI9b9TGqh0OfPAU1dWmpLs3sALzDSN3bWIvvbmDfRoJfwshV.Z3NlBRXE0BTRlXIEZ9yTMHP
> >> 7hroI1tkmFwOOVOqUs8YFevk0ma39L1OCaZ4tkr2rr0Tv0pkkgrCdXiHJIWrUNNEHrsQsePKlcn7
> >> 3TI.yj5J2Xocsga14Zqbnn6Nkm8QYuTeELAPA5RIb4VUNcptkCZQcyeUF8ikKx9aVKM31kGveMNe
> >> ANNorn_lvKSS9u2P95D2V6dsUcZwujC5ctuWOtFZN1qheWGIOXTfP3HkjaVIq9AYQBFX_EA50W1f
> >> 3.O5tpuiZsim9J7g6CQxJPkQq4HzhmTNxAQ6iKABKju3ukJKUoFtNlC8V5qzon6y5M4AJEH3B1ep
> >> ObjfCt_ERaTcEhRs2wQ_sCyg-
> >>
> >> from yahoo
> >> -
> > 
> > 
> > 
> > Where are the Received: headers? Don't remove them.
> > 
> > 
> > 
> > -- Noel Jones
> > 
> > 
> >>
> >>
> >> # postconf -n (sanitized also)
> >>
> >>
> >> broken_sasl_auth_clients = yes
> >> command_directory = /usr/local/sbin
> >> compatibility_level = 2
> >> content_filter = amavisfeed:[127.0.0.1]:10024
> >> daemon_directory = /usr/local/libexec/postfix
> >> data_directory = /var/db/postfix
> >> debug_peer_level = 2
> >> debugger_command =
> >> PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd
> >> $daemon_directory/$pro

Re: TLS details not in header as viewed from email client (claws)

2016-11-09 Thread Noel Jones 
On 11/9/2016 9:32 AM, li...@lazygranch.com wrote:
> I posted the entire header from claws. That is the receive header since I 
> sent the message from yahoo.
> 

There are no Received: headers in what you posted.  That's where the
TLS information is found. Either your claws is set to hide those
headers or you've configured postfix header_checks to remove them
with an IGNORE statement.  Don't do that.



  -- Noel Jones

> 
>   Original Message  
> From: Noel Jones
> Sent: Wednesday, November 9, 2016 6:53 AM
> To: postfix-users@postfix.org
> Reply To: postfix users
> Subject: Re: TLS details not in header as viewed from email client (claws)
> 
> On 11/9/2016 2:56 AM, li...@lazygranch.com wrote:
>> I no longer see TLS details in the header. I checked maillog and
>> TLS is being established.
>> ---
>> From maillog:
>> Nov 8 07:49:44 theranch postfix/smtpd[30627]: Anonymous TLS connection
>> established from nm27.bullet.mail.ne1.yahoo.com[98.138.90.90]: TLSv1.2
>> with cipher ECDHE-RSA-AES128-GCM-SHA2 56 (128/128 bits)
>> 
>>
>> Header (slightly sanitized to stay off of google)
>> -
>> From: some dude <somed...@yahoo.com>
>> To: "me" <m...@mydomain.com>
>> Subject: from yahoo
>> Date: Tue, 8 Nov 2016 07:49:41 + (UTC)
>> Reply-To: some dude <somed...@yahoo.com>
>> Return-Path: <somed...@yahoo.com>
>> X-Original-To: m...@mydomain.com
>> Delivered-To: m...@mydomain.com
>> X-Virus-Scanned: amavisd-new at mydomain.com
>> Authentication-Results: www.mydomain.com (amavisd-new);
>> dkim=pass (2048-bit key) header.d=yahoo.com
>> DKIM-Filter: OpenDKIM Filter v2.10.3 www.mydomain.com 6AA43EB20F
>> Authentication-Results: mydomain.com;
>> dkim=pass (2048-bit key; unprotected) header.d=yahoo.com
>> header.i=@yahoo.com header.b=trAlWMaE DKIM-Signature: v=1;
>> a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1478591383;
>> bh=cRZGv5wOLgNFzbAfI5tLNkRMXYbHl/vWifDflA5eMtw=;
>> h=Date:From:Reply-To:To:Subject:References:From:Subject;
>> b=trAlWMaE/s+6aINuk6b6ySW6h1CZF6LiKQOfQgoUg4i8JzjySXbgBkAOuH+GAb55+QQHA6A8sjJeK77UvhVUS+BkAyZMiTAMkt8m9kMe77m31MjzWQ4Ig82CXogOA5+SESyKrwZZAuipFGuIq4APO06SM0hCGBmUJYHNuYytxKpTrW5FT8TFXm89vq2+MspXjd1k75qcQ+fF1kwst3n6X28teuV6o65mInGqL9vkrPrwtOGihdQqcrepyEkRnU7RflFRb1rtC0zS9pVuo1/ZcJjKeldeHsYzDzDpdiOiJNXokcRot/X5yidLYkgI5JkSPbFHe+HgQupWXOxdMxI8iQ==
>> X-Yahoo-Newman-Property: ymail-3 X-Yahoo-Newman-Id:
>> 878361.88180...@omp1007.mail.ne1.yahoo.com X-YMail-OSG:
>> nEWp4QsVM1nZt5mFz73vbEgYx.Lt3B_GBcEvOTw0Vp0LtD3J99f0OjdWkUcARg5
>> fQOYXcuRTpVY9z.FPYba81.F6ZWzTg7R9.2qD4awC6TFWAARiWK43ECrmkWodJuHDdL8gxc3OyX5
>> LAcxtI9b9TGqh0OfPAU1dWmpLs3sALzDSN3bWIvvbmDfRoJfwshV.Z3NlBRXE0BTRlXIEZ9yTMHP
>> 7hroI1tkmFwOOVOqUs8YFevk0ma39L1OCaZ4tkr2rr0Tv0pkkgrCdXiHJIWrUNNEHrsQsePKlcn7
>> 3TI.yj5J2Xocsga14Zqbnn6Nkm8QYuTeELAPA5RIb4VUNcptkCZQcyeUF8ikKx9aVKM31kGveMNe
>> ANNorn_lvKSS9u2P95D2V6dsUcZwujC5ctuWOtFZN1qheWGIOXTfP3HkjaVIq9AYQBFX_EA50W1f
>> 3.O5tpuiZsim9J7g6CQxJPkQq4HzhmTNxAQ6iKABKju3ukJKUoFtNlC8V5qzon6y5M4AJEH3B1ep
>> ObjfCt_ERaTcEhRs2wQ_sCyg-
>>
>> from yahoo
>> -
> 
> 
> 
> Where are the Received: headers? Don't remove them.
> 
> 
> 
> -- Noel Jones
> 
> 
>>
>>
>> # postconf -n (sanitized also)
>>
>>
>> broken_sasl_auth_clients = yes
>> command_directory = /usr/local/sbin
>> compatibility_level = 2
>> content_filter = amavisfeed:[127.0.0.1]:10024
>> daemon_directory = /usr/local/libexec/postfix
>> data_directory = /var/db/postfix
>> debug_peer_level = 2
>> debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd 
>> $daemon_directory/$process_name $process_id & sleep 5
>> home_mailbox = Maildir/
>> html_directory = /usr/local/share/doc/postfix
>> inet_interfaces = all
>> inet_protocols = ipv4
>> lmtp_tls_mandatory_protocols = !SSLv2, !SSLv3
>> lmtp_tls_protocols = !SSLv2, !SSLv3
>> mail_owner = postfix
>> mailbox_command = /usr/local/libexec/dovecot/deliver
>> mailbox_size_limit = 0
>> mailq_path = /usr/local/bin/mailq
>> manpage_directory = /usr/local/man
>> message_size_limit = 0
>> milter_default_action = accept
>> milter_protocol = 6
>> mydomain = somedomain.com
>> myhostname = www.somedomain.com
>> mynetworks_style = host
>> myorigin = $mydomain
>> newaliases_path = /usr/local/bin/newaliases
>> non_smtpd_milters = $smtpd_milters
>> policyd-spf_time_limit = 3600
>> queue_directory = /var/spool/postfix
&

Re: TLS details not in header as viewed from email client (claws)

2016-11-09 Thread lists 
I posted the entire header from claws. That is the receive header since I sent 
the message from yahoo.


  Original Message  
From: Noel Jones
Sent: Wednesday, November 9, 2016 6:53 AM
To: postfix-users@postfix.org
Reply To: postfix users
Subject: Re: TLS details not in header as viewed from email client (claws)

On 11/9/2016 2:56 AM, li...@lazygranch.com wrote:
> I no longer see TLS details in the header. I checked maillog and
> TLS is being established.
> ---
> From maillog:
> Nov 8 07:49:44 theranch postfix/smtpd[30627]: Anonymous TLS connection
> established from nm27.bullet.mail.ne1.yahoo.com[98.138.90.90]: TLSv1.2
> with cipher ECDHE-RSA-AES128-GCM-SHA2 56 (128/128 bits)
> 
> 
> Header (slightly sanitized to stay off of google)
> -
> From: some dude <somed...@yahoo.com>
> To: "me" <m...@mydomain.com>
> Subject: from yahoo
> Date: Tue, 8 Nov 2016 07:49:41 + (UTC)
> Reply-To: some dude <somed...@yahoo.com>
> Return-Path: <somed...@yahoo.com>
> X-Original-To: m...@mydomain.com
> Delivered-To: m...@mydomain.com
> X-Virus-Scanned: amavisd-new at mydomain.com
> Authentication-Results: www.mydomain.com (amavisd-new);
> dkim=pass (2048-bit key) header.d=yahoo.com
> DKIM-Filter: OpenDKIM Filter v2.10.3 www.mydomain.com 6AA43EB20F
> Authentication-Results: mydomain.com;
> dkim=pass (2048-bit key; unprotected) header.d=yahoo.com
> header.i=@yahoo.com header.b=trAlWMaE DKIM-Signature: v=1;
> a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1478591383;
> bh=cRZGv5wOLgNFzbAfI5tLNkRMXYbHl/vWifDflA5eMtw=;
> h=Date:From:Reply-To:To:Subject:References:From:Subject;
> b=trAlWMaE/s+6aINuk6b6ySW6h1CZF6LiKQOfQgoUg4i8JzjySXbgBkAOuH+GAb55+QQHA6A8sjJeK77UvhVUS+BkAyZMiTAMkt8m9kMe77m31MjzWQ4Ig82CXogOA5+SESyKrwZZAuipFGuIq4APO06SM0hCGBmUJYHNuYytxKpTrW5FT8TFXm89vq2+MspXjd1k75qcQ+fF1kwst3n6X28teuV6o65mInGqL9vkrPrwtOGihdQqcrepyEkRnU7RflFRb1rtC0zS9pVuo1/ZcJjKeldeHsYzDzDpdiOiJNXokcRot/X5yidLYkgI5JkSPbFHe+HgQupWXOxdMxI8iQ==
> X-Yahoo-Newman-Property: ymail-3 X-Yahoo-Newman-Id:
> 878361.88180...@omp1007.mail.ne1.yahoo.com X-YMail-OSG:
> nEWp4QsVM1nZt5mFz73vbEgYx.Lt3B_GBcEvOTw0Vp0LtD3J99f0OjdWkUcARg5
> fQOYXcuRTpVY9z.FPYba81.F6ZWzTg7R9.2qD4awC6TFWAARiWK43ECrmkWodJuHDdL8gxc3OyX5
> LAcxtI9b9TGqh0OfPAU1dWmpLs3sALzDSN3bWIvvbmDfRoJfwshV.Z3NlBRXE0BTRlXIEZ9yTMHP
> 7hroI1tkmFwOOVOqUs8YFevk0ma39L1OCaZ4tkr2rr0Tv0pkkgrCdXiHJIWrUNNEHrsQsePKlcn7
> 3TI.yj5J2Xocsga14Zqbnn6Nkm8QYuTeELAPA5RIb4VUNcptkCZQcyeUF8ikKx9aVKM31kGveMNe
> ANNorn_lvKSS9u2P95D2V6dsUcZwujC5ctuWOtFZN1qheWGIOXTfP3HkjaVIq9AYQBFX_EA50W1f
> 3.O5tpuiZsim9J7g6CQxJPkQq4HzhmTNxAQ6iKABKju3ukJKUoFtNlC8V5qzon6y5M4AJEH3B1ep
> ObjfCt_ERaTcEhRs2wQ_sCyg-
> 
> from yahoo
> -



Where are the Received: headers? Don't remove them.



-- Noel Jones


> 
> 
> # postconf -n (sanitized also)
> 
> 
> broken_sasl_auth_clients = yes
> command_directory = /usr/local/sbin
> compatibility_level = 2
> content_filter = amavisfeed:[127.0.0.1]:10024
> daemon_directory = /usr/local/libexec/postfix
> data_directory = /var/db/postfix
> debug_peer_level = 2
> debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd 
> $daemon_directory/$process_name $process_id & sleep 5
> home_mailbox = Maildir/
> html_directory = /usr/local/share/doc/postfix
> inet_interfaces = all
> inet_protocols = ipv4
> lmtp_tls_mandatory_protocols = !SSLv2, !SSLv3
> lmtp_tls_protocols = !SSLv2, !SSLv3
> mail_owner = postfix
> mailbox_command = /usr/local/libexec/dovecot/deliver
> mailbox_size_limit = 0
> mailq_path = /usr/local/bin/mailq
> manpage_directory = /usr/local/man
> message_size_limit = 0
> milter_default_action = accept
> milter_protocol = 6
> mydomain = somedomain.com
> myhostname = www.somedomain.com
> mynetworks_style = host
> myorigin = $mydomain
> newaliases_path = /usr/local/bin/newaliases
> non_smtpd_milters = $smtpd_milters
> policyd-spf_time_limit = 3600
> queue_directory = /var/spool/postfix
> readme_directory = /usr/local/share/doc/postfix
> sample_directory = /usr/local/etc/postfix
> sendmail_path = /usr/local/sbin/sendmail
> setgid_group = maildrop
> smtp_tls_ciphers = medium
> smtp_tls_exclude_ciphers = EXPORT, LOW
> smtp_tls_loglevel = 2
> smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
> smtp_tls_protocols = !SSLv2, !SSLv3
> smtp_tls_security_level = may
> smtpd_client_restrictions = permit_sasl_authenticated, permit_mynetworks, 
> reject_unauth_destination, check_client_access 
> hash:/usr/local/etc/postfix/spamsources
> smtpd_milters = inet:127.0.0.1:8891
> smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, 
> reject_unauth_

Re: TLS details not in header as viewed from email client (claws)

2016-11-09 Thread Noel Jones 
On 11/9/2016 2:56 AM, li...@lazygranch.com wrote:
> I no longer see TLS details in the header. I checked maillog and
> TLS is being established.
> ---
> From maillog:
> Nov  8 07:49:44 theranch postfix/smtpd[30627]: Anonymous TLS connection
> established from nm27.bullet.mail.ne1.yahoo.com[98.138.90.90]: TLSv1.2
> with cipher ECDHE-RSA-AES128-GCM-SHA2 56 (128/128 bits)
> 
> 
> Header (slightly sanitized to stay off of google)
> -
> From: some dude 
> To: "me" 
> Subject: from yahoo
> Date: Tue, 8 Nov 2016 07:49:41 + (UTC)
> Reply-To: some dude 
> Return-Path: 
> X-Original-To: m...@mydomain.com
> Delivered-To: m...@mydomain.com
> X-Virus-Scanned: amavisd-new at mydomain.com
> Authentication-Results: www.mydomain.com (amavisd-new);
>  dkim=pass (2048-bit key) header.d=yahoo.com
> DKIM-Filter: OpenDKIM Filter v2.10.3 www.mydomain.com 6AA43EB20F
> Authentication-Results: mydomain.com;
>  dkim=pass (2048-bit key; unprotected) header.d=yahoo.com
> header.i=@yahoo.com header.b=trAlWMaE DKIM-Signature: v=1;
> a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1478591383;
> bh=cRZGv5wOLgNFzbAfI5tLNkRMXYbHl/vWifDflA5eMtw=;
> h=Date:From:Reply-To:To:Subject:References:From:Subject;
> b=trAlWMaE/s+6aINuk6b6ySW6h1CZF6LiKQOfQgoUg4i8JzjySXbgBkAOuH+GAb55+QQHA6A8sjJeK77UvhVUS+BkAyZMiTAMkt8m9kMe77m31MjzWQ4Ig82CXogOA5+SESyKrwZZAuipFGuIq4APO06SM0hCGBmUJYHNuYytxKpTrW5FT8TFXm89vq2+MspXjd1k75qcQ+fF1kwst3n6X28teuV6o65mInGqL9vkrPrwtOGihdQqcrepyEkRnU7RflFRb1rtC0zS9pVuo1/ZcJjKeldeHsYzDzDpdiOiJNXokcRot/X5yidLYkgI5JkSPbFHe+HgQupWXOxdMxI8iQ==
> X-Yahoo-Newman-Property: ymail-3 X-Yahoo-Newman-Id:
> 878361.88180...@omp1007.mail.ne1.yahoo.com X-YMail-OSG:
> nEWp4QsVM1nZt5mFz73vbEgYx.Lt3B_GBcEvOTw0Vp0LtD3J99f0OjdWkUcARg5
> fQOYXcuRTpVY9z.FPYba81.F6ZWzTg7R9.2qD4awC6TFWAARiWK43ECrmkWodJuHDdL8gxc3OyX5
> LAcxtI9b9TGqh0OfPAU1dWmpLs3sALzDSN3bWIvvbmDfRoJfwshV.Z3NlBRXE0BTRlXIEZ9yTMHP
> 7hroI1tkmFwOOVOqUs8YFevk0ma39L1OCaZ4tkr2rr0Tv0pkkgrCdXiHJIWrUNNEHrsQsePKlcn7
> 3TI.yj5J2Xocsga14Zqbnn6Nkm8QYuTeELAPA5RIb4VUNcptkCZQcyeUF8ikKx9aVKM31kGveMNe
> ANNorn_lvKSS9u2P95D2V6dsUcZwujC5ctuWOtFZN1qheWGIOXTfP3HkjaVIq9AYQBFX_EA50W1f
> 3.O5tpuiZsim9J7g6CQxJPkQq4HzhmTNxAQ6iKABKju3ukJKUoFtNlC8V5qzon6y5M4AJEH3B1ep
> ObjfCt_ERaTcEhRs2wQ_sCyg-
> 
> from yahoo
> -



Where are the Received: headers?  Don't remove them.



  -- Noel Jones


> 
> 
> # postconf -n (sanitized also)
> 
> 
> broken_sasl_auth_clients = yes
> command_directory = /usr/local/sbin
> compatibility_level = 2
> content_filter = amavisfeed:[127.0.0.1]:10024
> daemon_directory = /usr/local/libexec/postfix
> data_directory = /var/db/postfix
> debug_peer_level = 2
> debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd 
> $daemon_directory/$process_name $process_id & sleep 5
> home_mailbox = Maildir/
> html_directory = /usr/local/share/doc/postfix
> inet_interfaces = all
> inet_protocols = ipv4
> lmtp_tls_mandatory_protocols = !SSLv2, !SSLv3
> lmtp_tls_protocols = !SSLv2, !SSLv3
> mail_owner = postfix
> mailbox_command = /usr/local/libexec/dovecot/deliver
> mailbox_size_limit = 0
> mailq_path = /usr/local/bin/mailq
> manpage_directory = /usr/local/man
> message_size_limit = 0
> milter_default_action = accept
> milter_protocol = 6
> mydomain = somedomain.com
> myhostname = www.somedomain.com
> mynetworks_style = host
> myorigin = $mydomain
> newaliases_path = /usr/local/bin/newaliases
> non_smtpd_milters = $smtpd_milters
> policyd-spf_time_limit = 3600
> queue_directory = /var/spool/postfix
> readme_directory = /usr/local/share/doc/postfix
> sample_directory = /usr/local/etc/postfix
> sendmail_path = /usr/local/sbin/sendmail
> setgid_group = maildrop
> smtp_tls_ciphers = medium
> smtp_tls_exclude_ciphers = EXPORT, LOW
> smtp_tls_loglevel = 2
> smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
> smtp_tls_protocols = !SSLv2, !SSLv3
> smtp_tls_security_level = may
> smtpd_client_restrictions = permit_sasl_authenticated, permit_mynetworks, 
> reject_unauth_destination, check_client_access 
> hash:/usr/local/etc/postfix/spamsources
> smtpd_milters = inet:127.0.0.1:8891
> smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, 
> reject_unauth_destination, check_client_access 
> hash:/usr/local/etc/postfix/rbl_override, reject_rbl_client 
> rhsbl.scientificspam.net, reject_rbl_client bl.spamcop.net, reject_rbl_client 
> cbl.abuseat.org, reject_rbl_client b.barracudacentral.org, reject_rbl_client 
> ix.dnsbl.manitu.net, reject_rbl_client rabl.nuclearelephant.com, 
> reject_rbl_client zen.spamhaus.org, check_policy_service 
> unix:private/policyd-spf, permit
> smtpd_relay_restrictions = permit_sasl_authenticated, permit_mynetworks, 
> reject_unauth_destination
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_path = private/auth
> smtpd_sasl_security_options = noanonymous
>