On Fri, Aug 04, 2017 at 12:31:53PM +0530, hyndavirap...@bel.co.in wrote:
> >> Can you help me to solve this problem
> >
> > Not without the requested logging, and copy of the server and CA
> > certificates.
> TLS logging is as below,
> Aug 4 11:52:29 AHQ postfix/smtp[11652]: 201.123.1.4[201.123
> On Thu, Aug 03, 2017 at 12:19:55PM +0530, hyndavirap...@bel.co.in wrote:
>
>> > He's not posted the configuration of the sending system or
>> > its logs. This is a waste of everyone's time.
>
> The relevant logging is the TLS-related logging from the sending
> postfix/smtp client process that h
On Thu, Aug 03, 2017 at 12:19:55PM +0530, hyndavirap...@bel.co.in wrote:
> > He's not posted the configuration of the sending system or
> > its logs. This is a waste of everyone's time.
The relevant logging is the TLS-related logging from the sending
postfix/smtp client process that happens *bef
> On Wed, Aug 02, 2017 at 10:00:58AM -0500, Noel Jones wrote:
>
>> >> smtpd_tls_loglevel = 2
>> >
>> > Change that to 1, and also set:
>> >
>> > smtp_tls_security_level = 1
>>
>>
>> Oops, that should be
>>
>>smtp_tls_loglevel = 1
>
> Indeed a typo, thanks for the corection, ... and then th
On Wed, Aug 02, 2017 at 10:00:58AM -0500, Noel Jones wrote:
> >> smtpd_tls_loglevel = 2
> >
> > Change that to 1, and also set:
> >
> > smtp_tls_security_level = 1
>
>
> Oops, that should be
>
>smtp_tls_loglevel = 1
Indeed a typo, thanks for the corection, ... and then the OP must
*P
On 8/2/2017 2:19 AM, Viktor Dukhovni wrote:
> On Wed, Aug 02, 2017 at 12:10:31PM +0530, hyndavirap...@bel.co.in wrote:
>
>> " Aug 2 11:21:34 AHQ postfix/smtp[6372]: BEC5D67928BD:
>> to=, orig_to=,
>> relay=201.123.1.4[201.123.1.4]:25, delay=0.06, delays=0.04/0.01/0.01/0,
>> dsn=4.7.5, status=defe
> On Wed, Aug 02, 2017 at 12:10:31PM +0530, hyndavirap...@bel.co.in wrote:
>> " Aug 2 11:21:34 AHQ postfix/smtp[6372]: BEC5D67928BD:
>> to=, orig_to=,
relay=201.123.1.4[201.123.1.4]:25, delay=0.06, delays=0.04/0.01/0.01/0,
dsn=4.7.5, status=deferred (Server certificate not verified) "
> That's nic
> On Wed, Aug 02, 2017 at 12:10:31PM +0530, hyndavirap...@bel.co.in wrote:
>> " Aug 2 11:21:34 AHQ postfix/smtp[6372]: BEC5D67928BD:
>> to=, orig_to=,
relay=201.123.1.4[201.123.1.4]:25, delay=0.06, delays=0.04/0.01/0.01/0,
dsn=4.7.5, status=deferred (Server certificate not verified) "
> That's nic
On Wed, Aug 02, 2017 at 12:10:31PM +0530, hyndavirap...@bel.co.in wrote:
> " Aug 2 11:21:34 AHQ postfix/smtp[6372]: BEC5D67928BD:
> to=, orig_to=,
> relay=201.123.1.4[201.123.1.4]:25, delay=0.06, delays=0.04/0.01/0.01/0,
> dsn=4.7.5, status=deferred (Server certificate not verified) "
That's nic
Hi,
I have enabled tls in 2 postfix servers(MTA1, MTA2). when i try to send
mail from simple java client to server it is working fine. TLS negotiation
happened properly. But when MTA1 try to send mail to other MTA, mail is
getting deferred by writing following log
" Aug 2 11:21:34 AHQ postfix/
On Sun, Nov 01, 2015 at 08:08:46PM -0500, David Mehler wrote:
> Thanks. Don't ask me how, but flipping the tls protocols from the list
> I had to high and now the 587 works.
No idea what that means, but so long as you're satisfied...
--
Viktor.
> On Sat, Oct 31, 2015 at 04:10:33PM +0530, hyndavirap...@bel.co.in wrote:
>
>> tls_policy file contains:
>>
>> [201.123.80.173]:25 encrypt match=AHQserver
>
> Is the name in the certificate really not fully-qualified? The
> "encrypt" policy does not entail certificate verification.
> Try:
>
>
Hello,
Thanks. Don't ask me how, but flipping the tls protocols from the list
I had to high and now the 587 works. Imap on 143 still won't, but
that's not for this list. The point is for the moment it is working.
Thanks for all your help.
Thanks.
Dave.
On 11/1/15, Viktor Dukhovni wrote:
> On S
On Sun, Nov 01, 2015 at 07:06:42PM -0500, David Mehler wrote:
> Thanks. The only thing I have in the maillog is a connection made, tls
> established, then the connection is dropped.
Not possible. Those logs don't match the report of a failed SSL
connection on the client side.
--
Viktor
Hi,
Thanks. The only thing I have in the maillog is a connection made, tls
established, then the connection is dropped.
Thanks.
Dave.
On 11/1/15, Viktor Dukhovni wrote:
> On Sun, Nov 01, 2015 at 02:49:20PM -0500, David Mehler wrote:
>
>> Still stuck. I've got the below not sure if it helps, it
On Sun, Nov 01, 2015 at 02:49:20PM -0500, David Mehler wrote:
> Still stuck. I've got the below not sure if it helps, it does show
> that on 143 and 587 client wise no peer is being sent or verified.
>
> openssl s_client -starttls smtp -connect localhost:587
> CONNECTED(0003)
> 34379270664:er
Hello,
Still stuck. I've got the below not sure if it helps, it does show
that on 143 and 587 client wise no peer is being sent or verified.
openssl s_client -starttls smtp -connect localhost:587
CONNECTED(0003)
34379270664:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
protocol:/
On Sat, Oct 31, 2015 at 03:35:14PM -0400, David Mehler wrote:
> Thank you. I apologize, let me clarify my statement. I have created my
> own CA on an offline machine which I use to sign all of my
> certificates.
Good, that removes ambiguity.
> When you say the client doesn't trust the server cer
Hello,
Thank you. I apologize, let me clarify my statement. I have created my
own CA on an offline machine which I use to sign all of my
certificates.
When you say the client doesn't trust the server certificate, that's
not the webmail, that's the submission service not trusting the
postfix Serve
On Sat, Oct 31, 2015 at 12:05:29PM -0400, David Mehler wrote:
> I am using self-signed certificates via my own CA if that matters.
A certificate is either self-signed, or issued by a CA. Which is it?
> Oct 30 12:12:01 ohio postfix/submission/smtpd[4795]: SSL_accept error from
> localhost[::1]:
Hello,
I'm running a FreeBSD 10.2 system, postfix 2.11.6, Openssl 1.0.1P. I'm
working on setting up a webmail client to my existing
Postfix/Dovecot/Mysql setup. I've tried two webmail clients both are
giving me the below errors when the webmail client (postfix dovecot
mysql the web server are all
On Sat, Oct 31, 2015 at 10:16:37AM -0400, Wietse Venema wrote:
> hyndavirap...@bel.co.in:
> > AHQ.tcs.mil.example relay:[201.123.80.173]:25
> ...
> > [201.123.80.173]:25 encrypt match=AHQserver
> ...
> > CN=AHQserver/emailAddress=ahqserver_smtp_ad...@tcs.mil.example
>
> The match= requir
hyndavirap...@bel.co.in:
> AHQ.tcs.mil.example relay:[201.123.80.173]:25
...
> [201.123.80.173]:25 encrypt match=AHQserver
...
> CN=AHQserver/emailAddress=ahqserver_smtp_ad...@tcs.mil.example
The match= requires a complete match (case-insensitive). You specify
only a substring of the
On Sat, Oct 31, 2015 at 04:10:33PM +0530, hyndavirap...@bel.co.in wrote:
> tls_policy file contains:
>
> [201.123.80.173]:25 encrypt match=AHQserver
Is the name in the certificate really not fully-qualified? The
"encrypt" policy does not entail certificate verification.
Try:
[201.123.80
> hyndavirap...@bel.co.example:
>> 1. error log before adding "smtp_tls_CAfile" param is as follows
>>
>
> I replaced the top-level domain name for privacy reasons.
>
>> postfix/smtp[3525]: certificate verification failed for
>> 201.123.80.173[201.123.80.173]:25: untrusted issuer
>> /C=EXAMPLE/ST=k
On Fri, Oct 30, 2015 at 09:20:05AM -0400, Wietse Venema wrote:
> > postfix/smtp[6891]: 17A3F232B1: to=,
> > relay=201.123.80.173[201.123.80.173]:25, delay=337, delays=327/0.02/10/0,
> > dsn=4.7.5, status=deferred (Server certificate not verified)
>
> Now it knows the issuer, but the name in the c
hyndavirap...@bel.co.example:
> 1. error log before adding "smtp_tls_CAfile" param is as follows
>
I replaced the top-level domain name for privacy reasons.
> postfix/smtp[3525]: certificate verification failed for
> 201.123.80.173[201.123.80.173]:25: untrusted issuer
> /C=EXAMPLE/ST=karnataka/L
> On 2015-10-29 10:11, hyndavirap...@bel.co.in wrote:
>
> Every 3000 Sheets of paper costs us a tree.. Save trees... Conserve
> Trees. Don't print this email or any Files unless you really need to
this list might be the least appropriate place to spread such agenda.
After all, a MTA is alrea
hyndavirap...@bel.co.in:
>
> Hi,
>
> I have enabled tls in 2 postfix servers(MTA1, MTA2). when i try to send
> mail from simple java client to server it is working fine. TLS negotiation
> happened properly. But when MTA1 try to send mail to other MTA, TLS is
> failing by giving following error.
Hi,
I have enabled tls in 2 postfix servers(MTA1, MTA2). when i try to send
mail from simple java client to server it is working fine. TLS negotiation
happened properly. But when MTA1 try to send mail to other MTA, TLS is
failing by giving following error.
"certificate verification failed for x
30 matches
Mail list logo
