Re: Postfix 3.5.9 SSL accept error Microsoft Exchange

2022-04-11 Thread Admin Beckspaced
would it be as easy to just add the following to main.cf to use the reommended setting? smtpd_tls_chain_files = /etc/dehydrated/certs/mail-beckspaced-com-rsa/privkey.pem      /etc/dehydrated/certs/mail-beckspaced-com-rsa/fullchain.pem     /etc/dehydrated/certs/mail-beckspaced-com-e

Re: Postfix 3.5.9 SSL accept error Microsoft Exchange

2022-04-10 Thread Viktor Dukhovni
On Sun, Apr 10, 2022 at 10:44:05AM +0200, Admin Beckspaced wrote: > Dehydrated has the option for different certificate types so I went with > ECDSA and RSA > > https://github.com/dehydrated-io/dehydrated/blob/master/docs/domains_txt.md > > Added the following to main.cf > > # RSA default > sm

Re: Postfix 3.5.9 SSL accept error Microsoft Exchange

2022-04-10 Thread Admin Beckspaced
Or switch my cert to RSA for better compatibility? This is my recommendation. On Sat, Apr 09, 2022 at 11:15:37AM +0200, Josef Vybíhal wrote: smtpd_tls_cert_file = /etc/postfix/tls/rsa/_.acme.com.rsa.fullchain.pem smtpd_tls_eccert_file = /etc/postfix/tls/ecc/_.acme.com.ecc.fullchain.pem smtp

Re: Postfix 3.5.9 SSL accept error Microsoft Exchange

2022-04-09 Thread Bill Cole
On 2022-04-09 at 02:52:54 UTC-0400 (Sat, 9 Apr 2022 08:52:54 +0200) Admin Beckspaced is rumored to have said: Dear Postfix users, a client told me they don't receive emails from a specific client. A look in the mail server logs reveals the following: Apr  8 09:53:07 cx20 postfix/smtpd[5402]:

Re: Postfix 3.5.9 SSL accept error Microsoft Exchange

2022-04-09 Thread Viktor Dukhovni
On Sat, Apr 09, 2022 at 10:55:03AM +0200, Admin Beckspaced wrote: > > That host has an ECDSA P384 certificate. This is liable to not be > > supported by older systems. For maximum interoperability, RSA is safer, > > or with ECDSA perhaps P256, though likely that too is not supported by > > a pee

Re: Postfix 3.5.9 SSL accept error Microsoft Exchange

2022-04-09 Thread Josef Vybíhal
I believe I have encountered something similar about a year back. I ended up doing this (becasue I wanted to have ecc in place): smtpd_tls_cert_file = /etc/postfix/tls/rsa/_.acme.com.rsa.fullchain.pem smtpd_tls_eccert_file = /etc/postfix/tls/ecc/_.acme.com.ecc.fullchain.pem smtpd_tls_eckey_file =

Re: Postfix 3.5.9 SSL accept error Microsoft Exchange

2022-04-09 Thread Admin Beckspaced
Am 09.04.2022 um 10:06 schrieb Viktor Dukhovni: On Sat, Apr 09, 2022 at 08:52:54AM +0200, Admin Beckspaced wrote: Apr  8 09:53:07 cx20 postfix/smtpd[5402]: warning: TLS library problem: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher:ssl/statem/statem_srvr.c:226

Re: Postfix 3.5.9 SSL accept error Microsoft Exchange

2022-04-09 Thread Viktor Dukhovni
On Sat, Apr 09, 2022 at 08:52:54AM +0200, Admin Beckspaced wrote: > Apr  8 09:53:07 cx20 postfix/smtpd[5402]: warning: TLS library problem: > error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared > cipher:ssl/statem/statem_srvr.c:2260: > smtpd_tls_cert_file = > /etc/dehydrate

Postfix 3.5.9 SSL accept error Microsoft Exchange

2022-04-08 Thread Admin Beckspaced
Dear Postfix users, a client told me they don't receive emails from a specific client. A look in the mail server logs reveals the following: Apr  8 09:53:07 cx20 postfix/smtpd[5402]: connect from mail.euronet-ag.de[195.14.239.4] Apr  8 09:53:07 cx20 postfix/smtpd[5402]: SSL_accept error from