On Tue, Dec 24, 2013 at 01:16:33AM +0100, li...@rhsoft.net wrote:
> > Deploying digests beyond SHA1 will cause interoperability problems
> > with systems that don't yet support the SHA2 family
>
> Are you aware of systems / mailservers which would have a
> problem with it?
Yes. Any OpenSSL base
nanotek wrote:
>I am receiving a "Certificate Error" when sending mail from K-9 on my
>android. I do not receive any error on my PC client (Thunderbird).
>
>I only have a self-signed public certificate and private key configured
>
>for use by Postfix. Should I create my own Certificate Authorit
Am 23.12.2013 16:09, schrieb Viktor Dukhovni:
> On Tue, Dec 24, 2013 at 01:29:38AM +1100, nanotek wrote:
>> Still, might be a good time to create my own CA and upgrade to 4096 bit
>> keys/certificates
>
> You can deploy 4096-bit RSA key if it makes you feel more cool,
> but there is little point
> this is the postfix (mail software) mailing list. Chances that you'll
> get better answers on postfix admin (the web interface) are greater than
> here.
>
> anyway, there's no way to give you answers without knowing a little
> more of your environment. Are your users virtual ? SQL, LDAP,
On Mon, Dec 23, 2013 at 09:45:45PM +0100, Andreas Schulze wrote:
> I read up to the bottom. I find the Untrusted/Trusted/Verified explanation
> very useful.
Good.
> But I'm still unsure about what an SMTP client could do
> to change a remote servers state from Trusted to Verified.
If you must-h
Andreas Schulze:
> Am 23.12.2013 13:13 schrieb Wietse Venema:
> > Please check out the updated text at
> > http://www.porcupine.org/postfix-mirror/FORWARD_SECRECY_README.html#quick-start
> >
> > This clarifies what is/isn't optional and why one might want to
> > make some change. Only those who w
Am 23.12.2013 13:13 schrieb Wietse Venema:
> Please check out the updated text at
> http://www.porcupine.org/postfix-mirror/FORWARD_SECRECY_README.html#quick-start
>
> This clarifies what is/isn't optional and why one might want to
> make some change. Only those who want the gory details should
>
Em 23/12/13 16:46, renoproc escreveu:
Hi,
I need to create close to 150 virtual mailboxes (with maildir) and 200
aliases,
and I only have text formatted (csv) listings of these mails and aliases
addresses.
I don't see any possibility to do that automaticaly in the postfix admin.
Is there a way
Some years (~7) ago I added this kind of feature to postfixadmin. Not much
job to do this kind of modification to postfixadmin.
--
Eero
2013/12/23 renoproc
> Hi,
> I need to create close to 150 virtual mailboxes (with maildir) and 200
> aliases,
> and I only have text formatted (csv) listings
In our previous episode (Monday, 23-Dec-2013), renoproc said:
> Is there a way I can deal with this job easily ?
mkdir -p /path/to/virtualusers/$user\@$domain/{cur,new,tmp}
Put it in a loop where you get the user and domain from your list.
Can't help you with the aliases, because that depends o
Hi,
I need to create close to 150 virtual mailboxes (with maildir) and 200
aliases,
and I only have text formatted (csv) listings of these mails and aliases
addresses.
I don't see any possibility to do that automaticaly in the postfix admin.
Is there a way I can deal with this job easily ?
Tha
Tom Hendrikx:
> So it doesn't have to be more technical or advanced. There were some
> connections between dots missing in the higher level picture.
Please check out the updated text at
http://www.porcupine.org/postfix-mirror/FORWARD_SECRECY_README.html#quick-start
This clarifies what is/isn't op
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 23-12-13 18:40, Wietse Venema wrote:
> Viktor Dukhovni:
>> On Mon, Dec 23, 2013 at 05:49:40PM +0100, Tom Hendrikx wrote:
>>
I am still fixing it for clarity, but it should be accurate.
Feedback is welcome.
>>>
>>> After reading,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 23-12-13 18:30, Viktor Dukhovni wrote:
> On Mon, Dec 23, 2013 at 05:49:40PM +0100, Tom Hendrikx wrote:
>
>>> I am still fixing it for clarity, but it should be accurate.
>>> Feedback is welcome.
>>>
>>
>> After reading, I'm having some questio
Viktor Dukhovni:
> On Mon, Dec 23, 2013 at 05:49:40PM +0100, Tom Hendrikx wrote:
>
> > > I am still fixing it for clarity, but it should be accurate.
> > > Feedback is welcome.
> > >
> >
> > After reading, I'm having some questions.
>
> s/reading/skimming/ :-)
In this section, the commands tha
On Mon, Dec 23, 2013 at 05:49:40PM +0100, Tom Hendrikx wrote:
> > I am still fixing it for clarity, but it should be accurate.
> > Feedback is welcome.
> >
>
> After reading, I'm having some questions.
s/reading/skimming/ :-)
> The document states that forward secrecy is supported by default o
Tom Hendrikx:
> Setting the files (and refreshing them using a cronjob) specified by
> 'smtpd_tls_mumble_param_file' is a bit unclear though. The default for
> these params is empty, and setting them does not really show a
> different behavior in postfix (i.e. using different ciphers and keys)
> as
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 23-12-13 15:40, Wietse Venema wrote:
> nanotek:
>> Still, might be a good time to create my own CA and upgrade to
>> 4096 bit keys/certificates using SHA512 algorithms and make use
>> of some Diffie-Hellman ephemeral elliptic curve parameters for
On 24/12/2013 3:19 AM, Viktor Dukhovni wrote:
On Tue, Dec 24, 2013 at 03:00:37AM +1100, nanotek wrote:
We obviously don't know which is stronger against hypothetical
unpublished attacks, EDH at 2048-bits or the P-256 curve. Feel
free to roll the dice. Against publically known attacks P-256 is
On Tue, Dec 24, 2013 at 03:00:37AM +1100, nanotek wrote:
> >We obviously don't know which is stronger against hypothetical
> >unpublished attacks, EDH at 2048-bits or the P-256 curve. Feel
> >free to roll the dice. Against publically known attacks P-256 is
> >both more secure and more computatio
On 24/12/2013 2:09 AM, Viktor Dukhovni wrote:
On Tue, Dec 24, 2013 at 01:29:38AM +1100, nanotek wrote:
Still, might be a good time to create my own CA and upgrade to 4096 bit
keys/certificates
You can deploy 4096-bit RSA key if it makes you feel more cool,
but there is little point in going b
On Mon, Dec 23, 2013 at 03:09:09PM +, Viktor Dukhovni wrote:
> > using SHA512 algorithms
>
> TLSv1 and TLSv1.2 does not support negotiation of digest algorithms.
I meant "TLSv1 and TLSv1.1", but typed TLSv1.2.
Speaking of TLSv1.2, does anyone have more information about:
https://rt.ope
On Tue, Dec 24, 2013 at 01:29:38AM +1100, nanotek wrote:
> Still, might be a good time to create my own CA and upgrade to 4096 bit
> keys/certificates
You can deploy 4096-bit RSA key if it makes you feel more cool,
but there is little point in going beyond 2048-bit RSA at this
time. The further
On 24/12/2013 1:40 AM, Wietse Venema wrote:
nanotek:
Still, might be a good time to create my own CA and upgrade to 4096 bit
keys/certificates using SHA512 algorithms and make use of some
Diffie-Hellman ephemeral elliptic curve parameters for perfect forward
secrecy. I've read http://www.postfix
nanotek:
> Still, might be a good time to create my own CA and upgrade to 4096 bit
> keys/certificates using SHA512 algorithms and make use of some
> Diffie-Hellman ephemeral elliptic curve parameters for perfect forward
> secrecy. I've read http://www.postfix.org/TLS_README.html -- Postfix
> docum
Original Message
Date: Tuesday, December 24, 2013 12:57:53 AM +1100
From: nanotek
To: postfix-users@postfix.org
Subject: Certificate Error (android client)
I am receiving a "Certificate Error" when sending mail from K-9 on
my android. I do not receive any error on my
I am receiving a "Certificate Error" when sending mail from K-9 on my
android. I do not receive any error on my PC client (Thunderbird).
I only have a self-signed public certificate and private key configured
for use by Postfix. Should I create my own Certificate Authority and cat
its certific
27 matches
Mail list logo
