On 2015-08-04 5:59 pm, Viktor Dukhovni wrote:
On Tue, Aug 04, 2015 at 05:04:20PM -0500, Brad Chandler wrote:
I would like to enforce smtp tls for a domain and all of it's
subdomains
except one. For example my tls_policy file would look something like
this:
.example.com encrypt
I would like to enforce smtp tls for a domain and all of it's subdomains
except one. For example my tls_policy file would look something like
this:
.example.com encrypt
test.example.com may
Will this work? Is there a particular order the records should be in?
On Tue, Aug 04, 2015 at 05:04:20PM -0500, Brad Chandler wrote:
I would like to enforce smtp tls for a domain and all of it's subdomains
except one. For example my tls_policy file would look something like this:
.example.com encrypt
test.example.com may
Will this work?
Mostly
On Mon, May 04, 2015 at 08:59:10AM +0300, Birta Levente wrote:
Can you reproduce the problem by using -CAfile $cafile with
s_client(1)? I don't see how adding a trusted CA can break the
handshake if the CA is well formed.
Please provide more information. Please attach a gzipped copy
On 04/05/2015 10:45, Viktor Dukhovni wrote:
On Mon, May 04, 2015 at 08:59:10AM +0300, Birta Levente wrote:
Can you reproduce the problem by using -CAfile $cafile with
s_client(1)? I don't see how adding a trusted CA can break the
handshake if the CA is well formed.
Please provide more
On 30/04/2015 17:38, Viktor Dukhovni wrote:
On Thu, Apr 30, 2015 at 10:29:29AM +0300, Birta Levente wrote:
On 30/04/2015 10:17, Viktor Dukhovni wrote:
On Thu, Apr 30, 2015 at 10:09:36AM +0300, Birta Levente wrote:
OK, I found the problem:
I had configured the smtp_tls_CAfile. Removing
Birta Levente skrev den 2015-04-29 15:47:
But something happening after negotiation.
My knowledge is not deep at all, but certainly they have problem with
TLSv1.2.
posttls-finger -P /etc/ssl/certs irs-ro.mail.eo.outlook.com
shows Verified here
5540c8dc.1000...@.ro Queued mail for delivery)
Looked at the mailing list archive I resolved with smtp_tls_policy_maps =
hash:/etc/postfix/tls_policy:
tls_policy:
irs.ro may protocols=TLSv1 ciphers=medium exclude=3DES:MD5
Instead of forcing TLSv1 (I would
...@.ro Queued mail for delivery)
Looked at the mailing list archive I resolved with
smtp_tls_policy_maps = hash:/etc/postfix/tls_policy:
tls_policy:
irs.ro may protocols=TLSv1 ciphers=medium exclude=3DES:MD5
Instead of forcing TLSv1 (I would recomment specific exclusions
On Thu, Apr 30, 2015 at 09:25:48AM +0300, Birta Levente wrote:
Perhaps some sort of middle-box is interfering with TLS on your
end. Also, what version of OpenSSL are you using?
Well your end can be anywhere between you and the Microsoft email
hosting mail servers.
I make a test on another
On 30 Apr 2015, at 08:46, Birta Levente blevi.li...@gmail.com wrote:
Looked at the mailing list archive I resolved with smtp_tls_policy_maps =
hash:/etc/postfix/tls_policy:
tls_policy:
irs.ro may protocols=TLSv1 ciphers=medium exclude=3DES:MD5
Instead of forcing TLSv1 (I would
On 30/04/2015 09:58, Viktor Dukhovni wrote:
On Thu, Apr 30, 2015 at 09:25:48AM +0300, Birta Levente wrote:
Perhaps some sort of middle-box is interfering with TLS on your
end. Also, what version of OpenSSL are you using?
Well your end can be anywhere between you and the Microsoft email
archive I resolved with smtp_tls_policy_maps =
hash:/etc/postfix/tls_policy:
tls_policy:
irs.ro may protocols=TLSv1 ciphers=medium exclude=3DES:MD5
Instead of forcing TLSv1 (I would recomment specific exclusions).
protocols=!SSLv2:!SSLv3
I tried this too, but same result.
Thanks
On Thu, Apr 30, 2015 at 10:09:36AM +0300, Birta Levente wrote:
OK, I found the problem:
I had configured the smtp_tls_CAfile. Removing everything works fine.
Was the file malformed? I have a hard time imagining any non-empty
set of well-formed certs in that file causing the problem you
On 30/04/2015 10:17, Viktor Dukhovni wrote:
On Thu, Apr 30, 2015 at 10:09:36AM +0300, Birta Levente wrote:
OK, I found the problem:
I had configured the smtp_tls_CAfile. Removing everything works fine.
Was the file malformed? I have a hard time imagining any non-empty
set of well-formed
On Thu, Apr 30, 2015 at 10:29:29AM +0300, Birta Levente wrote:
On 30/04/2015 10:17, Viktor Dukhovni wrote:
On Thu, Apr 30, 2015 at 10:09:36AM +0300, Birta Levente wrote:
OK, I found the problem:
I had configured the smtp_tls_CAfile. Removing everything works fine.
Was the file malformed?
= hash:/etc/postfix/tls_policy:
tls_policy:
irs.ro may protocols=TLSv1 ciphers=medium exclude=3DES:MD5
But all this domains have MX record pointed to
something.othersomething.outlook.com, so I wonder if there is a method
to apply this policy like that:
[.outlook.com]:25 may protocols
in plain.
Looked at the mailing list archive I resolved with smtp_tls_policy_maps =
hash:/etc/postfix/tls_policy:
tls_policy:
irs.ro may protocols=TLSv1 ciphers=medium exclude=3DES:MD5
But all this domains have MX record pointed to
something.othersomething.outlook.com, so I wonder
as RCPT TO:
and the negative reply.
Perhaps some sort of middle-box is interfering with TLS on your
end. Also, what version of OpenSSL are you using?
Looked at the mailing list archive I resolved with smtp_tls_policy_maps =
hash:/etc/postfix/tls_policy:
tls_policy:
irs.ro may protocols
tries postfix send the message in plain.
Looked at the mailing list archive I resolved with smtp_tls_policy_maps =
hash:/etc/postfix/tls_policy:
tls_policy:
irs.ro may protocols=TLSv1 ciphers=medium exclude=3DES:MD5
But all this domains have MX record pointed
20 matches
Mail list logo
