On 2021-08-15 01:06, Lauren R wrote:
so for server to server use, we should deploy starttls on port 25?
yes
port 465, 587 is need password
Thank you @raf. We were using the certs from a commercial CA, not the
free one.
On 2021/8/15 8:05 上午, raf wrote:
On Sun, Aug 15, 2021 at 09:37:17AM +1000, raf wrote:
I recommend using a CA-approved certificate like
LetsEncrypt just because Postfix will use the same
certificate for
On Sun, Aug 15, 2021 at 09:37:17AM +1000, raf wrote:
> I recommend using a CA-approved certificate like
> LetsEncrypt just because Postfix will use the same
> certificate for submissions on port 587, and mail
> clients (like Thunderbird) might complain if a
> self-signed certificate is used in
On Sun, Aug 15, 2021 at 07:06:06AM +0800, Lauren R wrote:
> On 2021/8/15 7:04 上午, raf wrote:
> > So "smtps" is dead. Long live "submissions".
> >
> > But it isn't for server-to-server use.
>
> so for server to server use, we should deploy starttls on port 25?
>
> thanks
> Lauren
Yes. Once you
On Sat, Aug 14, 2021 at 10:47:08AM -0400, Viktor Dukhovni
wrote:
> > On 14 Aug 2021, at 1:15 am, raf wrote:
> >
> > According to the hardenize.com security bingo site,
> > they get a green box for their mail server TLS, even
> > though they support TLSv1.0 (yellow), because they
> > don't
so for server to server use, we should deploy starttls on port 25?
thanks
Lauren
On 2021/8/15 7:04 上午, raf wrote:
So "smtps" is dead. Long live "submissions".
But it isn't for server-to-server use.
On Sat, Aug 14, 2021 at 02:43:29PM +0200, Matus UHLAR - fantomas
wrote:
> - dedicated port for smtp/ssl was deprecated (in fact never standrdized)
I think that used to be true, but they had a rethink.
This proposed standard (Jan 2018) indicates so:
3.3. Implicit TLS for SMTP Submission
> On 2021 Aug 14, at 12:27, Viktor Dukhovni wrote:
>
> On Sat, Aug 14, 2021 at 11:54:12AM -0600, @lbutlr wrote:
>
>> On 10 Aug 2021, at 17:48, raf wrote:
>>> Note: I'm not recommending this. I expect that the existing default
>>> has been arrived at after much observation and careful
On Sat, Aug 14, 2021 at 11:54:12AM -0600, @lbutlr wrote:
> On 10 Aug 2021, at 17:48, raf wrote:
> > Note: I'm not recommending this. I expect that the existing default
> > has been arrived at after much observation and careful thought.
> > But the option to do this is there if that's what you
On 10 Aug 2021, at 17:48, raf wrote:
> Note: I'm not recommending this. I expect that the existing default
> has been arrived at after much observation and careful thought.
> But the option to do this is there if that's what you want.
It may be worth testing, as the setting may date from days in
> On 14 Aug 2021, at 1:15 am, raf wrote:
>
> According to the hardenize.com security bingo site,
> they get a green box for their mail server TLS, even
> though they support TLSv1.0 (yellow), because they
> don't support anonymous ciphers (red). If they were
> supporting anonymous ciphers, it
On 14.08.21 20:39, Lauren R wrote:
I have installed postfix on the ubuntu system, SSL port is enabled.
How can I force the other mail systems such as gmail to send messages
to my postfix via only SSL port?
you can't:
- dedicated port for smtp/ssl was deprecated (in fact never standrdized)
-
Hi,
I have installed postfix on the ubuntu system, SSL port is enabled.
How can I force the other mail systems such as gmail to send messages to
my postfix via only SSL port?
Thanks.
On 2021-08-14 01:22, Ken N wrote:
Yes I agree.
On 14.08.21 01:39, Benny Pedersen wrote:
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=purpleemail.com; s=x; h= headers
oversigned headers that dont exits to validators breaks dkim
they don't.
imho some
On Sat, Aug 14, 2021 at 04:56:33AM +, Viktor Dukhovni
wrote:
> > On 14 Aug 2021, at 12:54 am, Benny Pedersen wrote:
> >
> > its then impossible to verify if there ever was an extra header or =
> not, this still make it less strong, it does not more secure or not with =
> that feature
> >
15 matches
Mail list logo
