On Wednesday, February 15, 2017 03:55:45 PM Alice Wonder wrote:
> On 02/15/2017 02:22 AM, Dominic Raferd wrote:
> > Thanks for your answer.
> >
> > There may be a problem between DMARC and mailing lists - I avoid
> > p=reject or p=quarantine on domains I use for posting to mailing
> > lists.
> >
On 02/15/2017 02:22 AM, Dominic Raferd wrote:
Thanks for your answer.
There may be a problem between DMARC and mailing lists - I avoid
p=reject or p=quarantine on domains I use for posting to mailing
lists.
SPF proves sender identity but final recipient MTA cannot rely on it
if there are any
On 15 February 2017 8:34:55 PM AEDT, Viktor Dukhovni
wrote:
>
>> On Feb 15, 2017, at 4:27 AM, Henry wrote:
>>
>> With this being the case what is the point of using SSL certificates
>> for sending?
>
>I repeat myself. Typically none. They largely only caus
On 15 February 2017 at 09:34, Alice Wonder wrote:
> On 02/15/2017 12:32 AM, Dominic Raferd wrote:
>>
>> On 15 February 2017 at 07:58, Richard James Salts
>> wrote:
>>>
>>>
>>>
>>> On 15 February 2017 6:47:31 PM AEDT, Viktor Dukhovni
>>> wrote:
Please do not encourage novice users
On 02/15/2017 01:27 AM, Henry wrote:
On Wed, Feb 15, 2017 at 6:51 PM, Viktor Dukhovni
wrote:
On Feb 15, 2017, at 2:47 AM, Henry wrote:
So you are saying there is no point in securing outbound email in postfix?
I am saying SSL certificates on the sending side have nothing (good)
to do
On 02/15/2017 12:32 AM, Dominic Raferd wrote:
On 15 February 2017 at 07:58, Richard James Salts
wrote:
On 15 February 2017 6:47:31 PM AEDT, Viktor Dukhovni
wrote:
Please do not encourage novice users to configure DMARC. This does
much
more harm than good. DMARC is legitimately for the f
> On Feb 15, 2017, at 4:27 AM, Henry wrote:
>
> With this being the case what is the point of using SSL certificates
> for sending?
I repeat myself. Typically none. They largely only cause some harm.
> There is a long discussion on using is here however I am
> not uns
On Wed, Feb 15, 2017 at 6:51 PM, Viktor Dukhovni
wrote:
>
>> On Feb 15, 2017, at 2:47 AM, Henry wrote:
>>
>> So you are saying there is no point in securing outbound email in postfix?
>
> I am saying SSL certificates on the sending side have nothing (good)
> to
On 02/14/2017 11:17 PM, Viktor Dukhovni wrote:
On Feb 15, 2017, at 2:10 AM, Henry wrote:
When I send a message to Gmail I am informed that it could not be
authenticated and will probably end in the spam folder.
This is largely misinformation. Sites that send bulk mail that might
get classi
On 15 February 2017 at 07:58, Richard James Salts
wrote:
>
>
> On 15 February 2017 6:47:31 PM AEDT, Viktor Dukhovni
> wrote:
>>
>>Please do not encourage novice users to configure DMARC. This does
>>much
>>more harm than good. DMARC is legitimately for the few likePayPal,
>>abusively
>>for too
On 15 February 2017 6:47:31 PM AEDT, Viktor Dukhovni
wrote:
>
>> On Feb 15, 2017, at 2:27 AM, Sebastian Nielsen
>wrote:
>>
>> In Gmail jargong, means you have to set up SPF, DKIM and DMARC
>records.
>
>Please do not encourage novice users to configure DMARC. This does
>much
>more harm than g
> On Feb 15, 2017, at 2:47 AM, Henry wrote:
>
> So you are saying there is no point in securing outbound email in postfix?
I am saying SSL certificates on the sending side have nothing (good)
to do with securing outbound mail.
As for whether DKIM and/or SPF will prove useful to
> On Feb 15, 2017, at 2:27 AM, Sebastian Nielsen wrote:
>
> In Gmail jargong, means you have to set up SPF, DKIM and DMARC records.
Please do not encourage novice users to configure DMARC. This does much
more harm than good. DMARC is legitimately for the few likePayPal, abusively
for too big
thanks Viktor. this is what I was ultimately trying to achieve:
https://kolabsys.com/howtos/secure-kolab-server.html#postfix
So you are saying there is no point in securing outbound email in postfix?
On Wed, Feb 15, 2017 at 6:17 PM, Viktor Dukhovni
wrote:
>
>> On Feb 15, 2017, at 2:10 AM, Henry
; [mailto:owner-postfix-us...@postfix.org] För Henry
> Skickat: den 15 februari 2017 08:10
> Till: postfix-users@postfix.org
> Ämne: SSL Certificates
>
> When I send a message to Gmail I am informed that it could not be
> authenticated and will probably end in the spam folder...
OP, can you te
users@postfix.org
Ämne: SSL Certificates
When I send a message to Gmail I am informed that it could not be authenticated
and will probably end in the spam folder. I understand the resolution to this
is to obtain an SSL certificate and configure postfix to use that certificate.
I have obtai
> On Feb 15, 2017, at 2:10 AM, Henry wrote:
>
> When I send a message to Gmail I am informed that it could not be
> authenticated and will probably end in the spam folder.
This is largely misinformation. Sites that send bulk mail that might
get classified as junk may benefit from DKIM signing
When I send a message to Gmail I am informed that it could not be
authenticated and will probably end in the spam folder. I understand
the resolution to this is to obtain an SSL certificate and configure
postfix to use that certificate.
I have obtained a certificate from LetsEncrypt which is worki
Thanks for the detailed explanation Victor.
I really appreciate both your confirming my submission cert is now
correctly configured, and for taking the time to 'teach me to fish'
rather than just giving me one... ;)
I believe that if I study this reply, and maybe go back and re-read the
post
On Sat, Apr 19, 2014 at 07:06:31AM -0400, Charles Marcus wrote:
> I hate to keep imposing on you, but since I don't have the postfinger tool,
Your submission service configuration is now correct. In each pair
of lines the "issuer" is the name of the certification authority
that signed the certif
Am 19.04.2014 12:59, schrieb Charles Marcus:
> On 4/18/2014 6:52 PM, li...@rhsoft.net wrote:
>> cat whatever-filename.crt your-private.key intermediate-a.crt > your.pem
>>
>> you are done, use that for *whatever* sevrer-software (httpd, postfix, ATS,
>> dovecot)
>> as key and or certificate
On 4/19/2014 6:32 AM, Charles Marcus wrote:
Would you mind a quick check of both our smtp. and mail. (I'm guessing
that I would need to do the same thing for dovecot's cert too)?
Hi Victor,
I hate to keep imposing on you, but since I don't have the postfinger
tool, and have a hard time inter
On 4/18/2014 6:52 PM, li...@rhsoft.net wrote:
cat whatever-filename.crt your-private.key intermediate-a.crt > your.pem
you are done, use that for*whatever* sevrer-software (httpd, postfix, ATS,
dovecot)
as key and or certificate file
Apparently not, if the certs you get are from RapidSS
Am 19.04.2014 12:46, schrieb Charles Marcus:
> On 4/19/2014 6:32 AM, Charles Marcus wrote:
>> Thanks again Victor, without the support on this list many of us wanna-be
>> admins would be in way over our heads...
>
> One other question...
>
> Would I be correct that the following error I'm now
On 4/19/2014 6:32 AM, Charles Marcus wrote:
Thanks again Victor, without the support on this list many of us
wanna-be admins would be in way over our heads...
One other question...
Would I be correct that the following error I'm now seeing since
changing the certs could be caused by some peo
On 4/18/2014 5:14 PM, Viktor Dukhovni wrote:
Though many/most client implementations may not mind, the certificate
chain is not quite in the right order:
$ posttls-finger -cC -Lsummary smtp.media-brokers.com:587 |
openssl crl2pkcs7 -nocrl -certfile /dev/stdin |
openssl
Am 18.04.2014 21:22, schrieb Charles Marcus:
> Ok, if you are willing, could you check me?
>
>> X.509 certificates come in a few data formats:
>>
>> - Binary ASN.1 DER format containing a single certificate.
>>Not directly usable by Postfix.
>>
>> - ASCII PEM format certificate
On Fri, Apr 18, 2014 at 05:00:22PM -0400, Charles Marcus wrote:
> > smtpd_tls_cert_file = ${config_directory}/smtpd-chain.pdf
> > smtpd_tls_key_file = ${config_directory}/smtpd-key.doc
> >
> >[ You'll probably pick less ridiculous file extensions, but they only
> > enlighten or confuse t
On 4/18/2014 3:50 PM, Viktor Dukhovni wrote:
In the sample command, "server_cert.pem" is a plausible name for
a file that holds just the leaf server certificate. While
"intermediate_CA.pem" is a plausible name for a file that hold one
or more intermediate CA issuer certificates (in the right or
On Fri, Apr 18, 2014 at 03:22:25PM -0400, Charles Marcus wrote:
> >>Thanks again, Victor, but again, that is all over my head.
I suspect more lack of confidence than lack of ability. Be more
daring, take a guess, it'll probably be right.
> > - ASCII PEM format certificate which is the base6
On 4/18/2014 3:06 PM, Viktor Dukhovni wrote:
On Fri, Apr 18, 2014 at 02:35:45PM -0400, Charles Marcus wrote:
No. The correct approach is at:
http://www.postfix.org/TLS_README.html#server_cert_key
With legacy public CA trust verification, you can omit the root
certificate from
On Fri, Apr 18, 2014 at 02:35:45PM -0400, Charles Marcus wrote:
> I don't even know the difference between a .pem and .crt, and definitaly
> don't have a clue when iti comes to chainming certs or anything.
Those are just file names. File extensions having meaning is a CP/M and
Windows concept.
Thanks for the response Victor...
On 4/18/2014 2:20 PM, Viktor Dukhovni wrote:
On Fri, Apr 18, 2014 at 02:06:20PM -0400, Charles Marcus wrote:
Ok, been wanting to do this for a while, and I after the Heartbleed fiasco,
the boss finally agreed to let me buy some real certs...
Until now, we've
On Fri, Apr 18, 2014 at 02:06:20PM -0400, Charles Marcus wrote:
> Ok, been wanting to do this for a while, and I after the Heartbleed fiasco,
> the boss finally agreed to let me buy some real certs...
>
> Until now, we've been using self-signed certs with the following postfix
> settings:
>
> sm
Hi all,
Ok, been wanting to do this for a while, and I after the Heartbleed
fiasco, the boss finally agreed to let me buy some real certs...
Until now, we've been using self-signed certs with the following postfix
settings:
smtpd_tls_cert_file = /etc/ssl/ourCerts/smtp_crt.pem
smtpd_tls_key_
May be we can put that into the Postfix documentation page, in "Specific
environments" section. Also, may be DNS can be there, both are
"environments" anyway...
Just 2 cents...
Best regards,
---
Fernando Maciel Souto Maior
On Wed, Feb 27, 2013 at 6:17 PM, /dev/rob0 wrote:
> On Mon, Feb 25, 201
On Mon, Feb 25, 2013 at 04:59:37PM +, Viktor Dukhovni wrote:
> I see negligible benefit from an SNI implementation for Postfix.
>
> Is it time to add an anti-SNI rationale section to TLS_README? This
> would set a bad precedent, there is no limit to the number of
> non-features we could docume
Am 25.02.2013 22:39, schrieb Birta Levente:
>
> On 25/02/2013 22:59, Reindl Harald wrote:
>>
>> Am 25.02.2013 21:54, schrieb Birta Levente:
>>> On 25/02/2013 12:38, marcos gonzalez wrote:
Hi
Thanks for the answer.
I'm reading how more of you separates http of mail, is co
On 25/02/2013 22:59, Reindl Harald wrote:
Am 25.02.2013 21:54, schrieb Birta Levente:
On 25/02/2013 12:38, marcos gonzalez wrote:
Hi
Thanks for the answer.
I'm reading how more of you separates http of mail, is correct but If you needs
the same SSL certificate for more
than one domain, and
Am 25.02.2013 21:54, schrieb Birta Levente:
> On 25/02/2013 12:38, marcos gonzalez wrote:
>> Hi
>>
>> Thanks for the answer.
>>
>> I'm reading how more of you separates http of mail, is correct but If you
>> needs the same SSL certificate for more
>> than one domain, and for legal questions you
On 25/02/2013 12:38, marcos gonzalez wrote:
Hi
Thanks for the answer.
I'm reading how more of you separates http of mail, is correct but If
you needs the same SSL certificate for more than one domain, and for
legal questions you can't include all domains in one certificate, I
don't know If
in other words NO.
in reality outside you dont do this.
the MAILSEERVER authenticates his self with his Cert/key/CA.
NOT the Domains self he is responsible for.
So it doesnt matter, how many domains the mailserver is responsible
for.
You need only one Cert/Key for the Mailserver.
On Https it
On Mon, Feb 25, 2013 at 10:33:09AM +0100, marcos gonzalez wrote:
> Im preparing a server with postfix 2.7.1 and now Im with the process
> to certificate de connection. I have two domains and normally using
> multipli domains certificate ou can join this, but the propierty of
> domains is different
Am 25.02.2013 12:59, schrieb Wietse Venema:
> Reindl Harald:
>>> I'm reading how more of you separates http of mail, is correct but If you
>>> needs the same SSL certificate for more
>>> than one domain, and for legal questions you can't include all domains in
>>> one certificate, I don't know
Reindl Harald:
> > I'm reading how more of you separates http of mail, is correct but If you
> > needs the same SSL certificate for more
> > than one domain, and for legal questions you can't include all domains in
> > one certificate, I don't know If postfix
> > has the possibility to create a t
Am 25.02.2013 11:38, schrieb marcos gonzalez:
> I'm reading how more of you separates http of mail, is correct but If you
> needs the same SSL certificate for more
> than one domain, and for legal questions you can't include all domains in one
> certificate, I don't know If postfix
> has the po
Hi
Thanks for the answer.
I'm reading how more of you separates http of mail, is correct but If
you needs the same SSL certificate for more than one domain, and for
legal questions you can't include all domains in one certificate, I
don't know If postfix has the possibility to create a table
On Feb 25, 2013, at 10:33, marcos gonzalez wrote:
> Im preparing a server with postfix 2.7.1 and now Im with the process to
> certificate de connection. I have two domains and normally using multipli
> domains certificate ou can join this, but the propierty of domains is
> different and you ca
Am 25.02.2013 10:33, schrieb marcos gonzalez:
> Im preparing a server with postfix 2.7.1 and now Im with the process to
> certificate de connection. I have two
> domains and normally using multipli domains certificate ou can join this, but
> the propierty of domains is different
> and you can't
The "one" Mailserver, that is doing mailing for N Domains,
only need "one" Certificate.
Other thing is with "websites", they need each one.
connect multiple ip´s to the server for multiple websites ssl certs.
but the mailserver only one for himself.
the other mailserver dont look "what domain"
HI
Im preparing a server with postfix 2.7.1 and now Im with the process to
certificate de connection. I have two domains and normally using
multipli domains certificate ou can join this, but the propierty of
domains is different and you can't do that. How resolves this problem
the companies w
On 11/23/2012 8:46 PM, The Doctor wrote:
> I was wondering who is the best CA Cert for Postfix?
>
Probably the same as the best CA for dovecot, and it depends on your
needs.
Any certificate will give good security, the difference is how many
end-user software applications will automatically trus
I use StartCOM (http://www.startcom.org/) for all my SSL certificate
needs. I've had no problem with the certificates generated and signed
through them working with Postfix installations.
On 23.11.2012 20:46, The Doctor wrote:
I was wondering who is the best CA Cert for Postfix?
--
Member - Li
On Nov 23, 2012 9:48 PM, "The Doctor" wrote:
>
> I was wondering who is the best CA Cert for Postfix?
The one YOU trust the most - even if that's someone no one else has heard
of.
Simon
I was wondering who is the best CA Cert for Postfix?
--
Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca
God,Queen and country!Never Satan President Republic!Beware AntiChrist rising!
http://www.fullyfollow.me/rootnl2k Merry Christmas 2012 and Happy New Year 2013
-
On 2/4/11 3:31 AM, Alokat wrote:
> On 02/03/2011 08:10 PM, Reindl Harald wrote:
>> AFAIK this is a problem that does not exist in the real world
>> We are hosting 200 mail domains and there is one hostname
>> and one certificate for all of them
> yeah I guess I will just use one certificate for a
On Fri, Feb 04, 2011 at 12:31:49PM +0100, Alokat wrote:
> Yeah I guess I will just use one certificate for all domains.
> But it would be cool if it would work. :-)
Pervasive SNI support in (SMTP) clients and servers is still many years out.
It may even never happen, if DNSSEC is widely adopted a
On 02/03/2011 08:10 PM, Reindl Harald wrote:
Am 03.02.2011 20:05, schrieb Chris Tandiono:
You can get a multi-domain SSL certificate. It is one certificate that lists
all the
domains for which it is valid.
in theory xes
but this is not scaleable
If you get 3 new customers with their own dom
Am 03.02.2011 20:05, schrieb Chris Tandiono:
> You can get a multi-domain SSL certificate. It is one certificate that lists
> all the
> domains for which it is valid.
in theory xes
but this is not scaleable
If you get 3 new customers with their own domains you cert
does not include them and
On Thu, 03 Feb 2011 08:16:58 -0800, Alokat wrote:
On 02/03/2011 05:03 PM, Victor Duchovni wrote:
On Thu, Feb 03, 2011 at 10:30:33AM -0500, Wietse Venema wrote:
Alokat:
Hi,
I have a server which accepts eMails for multiple Domains.
And I wanna provide for each Domain a SSL certificate.
How
Am 03.02.2011 17:16, schrieb Alokat:
> Okay ... thanks for all your comments.
> So how would you solve my problem? Multiple Instances?
>
> Regards,
> Alokat
* One Servername
* One Certificate
I see really no reason why not "mail.yourcompany.tld" using in all
MX-records and client-configs, nobod
enough to not require changes much more frequent than the typical
certificate lifetime.
Are the SSL certificates you want to provision in support of
MUAs or peer MTAs?
If MUAs, do you know whether the MUAs in fact support SNI?
--
Viktor.
On 02/03/2011 05:03 PM, Victor Duchovni wrote:
On Thu, Feb 03, 2011 at 10:30:33AM -0500, Wietse Venema wrote:
Alokat:
Hi,
I have a server which accepts eMails for multiple Domains.
And I wanna provide for each Domain a SSL certificate.
How can I use SNI (Server Name Indication) with postfix
On Thu, Feb 03, 2011 at 10:30:33AM -0500, Wietse Venema wrote:
> Alokat:
> > Hi,
> >
> > I have a server which accepts eMails for multiple Domains.
> > And I wanna provide for each Domain a SSL certificate.
> >
> > How can I use SNI (Server Name Indication) with postfix or is there
> > another
Alokat:
> Hi,
>
> I have a server which accepts eMails for multiple Domains.
> And I wanna provide for each Domain a SSL certificate.
>
> How can I use SNI (Server Name Indication) with postfix or is there
> another way to solve this problem?
This is not yet implemented in Postfix. One option i
Hi,
I have a server which accepts eMails for multiple Domains.
And I wanna provide for each Domain a SSL certificate.
How can I use SNI (Server Name Indication) with postfix or is there
another way to solve this problem?
Regards,
alokat
On Tue, Jun 01, 2010 at 12:42:06PM -0500, /dev/rob0 wrote:
> Is SNI defined for SMTP yet? A quick Google search didn't find it.
> How would that work? The client would have to tell the hostname or
> domain name wanted before the STARTTLS?
SNI works entirely within SSL, the desired hostname is s
On Tue, Jun 01, 2010 at 12:23:38PM -0500, Terry Inzauro wrote:
> Could this be a case where it makes sense to run multiple
> instances of postfix which bind to different IP's and are each
> configured with unique certs?
They don't need to be separate instances, possibly just separate
smtpd(8) li
On Tue, Jun 01, 2010 at 12:23:38PM -0500, Terry Inzauro wrote:
> > Even with SNI support, most SMTP clients will not make use of SNI, so
> > it will take a long time before SMTP STARTTLS servers can expect to
> > support multiple certificates for most clients.
> >
>
> Could this be a case where
On 06/01/2010 10:00 AM, Victor Duchovni wrote:
> On Tue, Jun 01, 2010 at 10:20:56AM -0400, Wietse Venema wrote:
>
>>> Common Name: myserver.domain.com
>>> MX for domain1: smtp.domain1.com
>>> MX for domain2: smtp.domain2.com
>>>
>>> Then, how
match
the FQDN of the SMTP server configured on mail clients (outlook,
thunderbird, etc)
For example:
Common Name: myserver.domain.com
MX for domain1: smtp.domain1.com
MX for domain2: smtp.domain2.com
Then, how i configure SSL Certificates per domain on Postfix?
References?
How would Postfix
On Tue, Jun 01, 2010 at 10:20:56AM -0400, Wietse Venema wrote:
> > Common Name: myserver.domain.com
> > MX for domain1: smtp.domain1.com
> > MX for domain2: smtp.domain2.com
> >
> > Then, how i configure SSL Certificates per domain on Postfix?
> > Referenc
m
> MX for domain1: smtp.domain1.com
> MX for domain2: smtp.domain2.com
>
> Then, how i configure SSL Certificates per domain on Postfix?
> References?
How would Postfix know what certificate to use?
Hint: SMTP is not HTTP.
Wietse
cause the Common Name in the certificate doesn't match
the FQDN of the SMTP server configured on mail clients (outlook,
thunderbird, etc)
For example:
Common Name: myserver.domain.com
MX for domain1: smtp.domain1.com
MX for domain2: smtp.domain2.com
Then, how i configure SSL Certificates per
74 matches
Mail list logo
