search for: tls_readm

I have a goal of securing email. Updated the company mail server and DNS (CentOS 7 + Postfix, otherwise pretty stock) with support for SPF, DKIM, and DMARC. So far, all good, and everything "just works". Our mail server has supported SMTP / TLS for a long time, but recently I've been considering requring TLS all the time. Is there anybody here who's done this? Has it

...unless you put it into the CA dir (I don't know how exactly that works). I did get tcps running in the meantime following: 1. http://www.zytrax.com/tech/survival/ssl.html ("Method 3" plus "Multi-Server Certificates") 2. postfix' documentation at http://www.postfix.org/TLS_README.html#server_cert_key (here I had to reverse order, meaning CA first) 3. pointing ssl_cert, ssl_key to relevant files in /<path-to>/ssl/ca/certs and /<path-to>/ssl/ca/private, respectively 4. ssl_client_ca_dir = /<path-to>/ssl/ca/certs Question: Why is it neccessary to use ssl_c...

...S parameters smtpd_tls_cert_file = /etc/ssl/certs/server.crt smtpd_tls_key_file = /etc/ssl/private/server.key smtpd_use_tls=yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client. myhostname = mydomain.com alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases alias_database = hash:/etc/aliases myorigin = /etc/mailname mydestination = mydomain.com, localhost mynetworks = 127.0.0...

...rcing tls must not be used on public facing mail servers. So if you want to enforce tls to ensure encryption on purely internal mail servers, that is fine but your external facing smtp servers must not enforce tls. See the Postfix tls documentation for more information: http://www.postfix.org/TLS_README.html

...facing mail servers. > > So if you want to enforce tls to ensure encryption on purely internal > mail servers, that is fine but your external facing smtp servers must > not enforce tls. > > See the Postfix tls documentation for more information: > > http://www.postfix.org/TLS_README.html s there a useful defense against STARTTLS being stripped from unencrypted communications? https://www.eff.org/deeplinks/2014/11/starttls-downgrade-attacks Our company sometimes does business in countries hostile to encryption and if there's a means to enforce this appropriately, I...

...S support, traffic between your SMTP server (or the one from your ISP, that you're using as SMTP relay) and our servers will be encrypted. * If not, it will still be sent in clear, as before More information about "Opportunistic TLS" support for Postfix here : http://www.postfix.org/TLS_README.html#client_tls_may Should you encounter an issue, feel free to either report it on https://bugs.centos.org, or in #centos-devel on irc.freenode.net. on behalf of the Infra team, - -- Fabian Arrotin The CentOS Project | http://www.centos.org gpg key: 56BEC54E | twitter: @arrfab -----BEGIN PGP S...

...the impression from the baove sources that Postfix will then use Dovecot's authentication mechanism via a socket it finds in its private/auth subdirectory. NOT documented in any of those places, someone suggested I must turn on TLS. OK... The documentation found here: http://www.postfix.org/TLS_README.html claims (intimates) that it's not possible to run a site on a self-signed certificate, however, there's ZERO budget for a signed certificate, so unless I can get one for ten bucks somewhere, that could be a deal-breaker here. However, we've been using self-signed certificates for...

Hi List, I have a postfix server based on CentOS 5 in which I have been trying to add TLS encryption support for SMTP. From the localhost when I do an EHLO, following is the output [root at xxxxxxx ~]# nc localhost 25 220 xxxxxxx.xxxx.xxx.xx ESMTP Postfix EHLO localhost 250-xxxxxxx.xxxx.xxx.xx 250-PIPELINING 250-SIZE 41943040 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN

Hi list, I'm trying to get some ideas on this subject. Normally astersik sends emails with voicemail attached trough local MTA. As far as i know there is no way for asterisk to authenticate to an external mailserver to relay these emails. Well, these days every provider has some sort of spam blocking, to add to that usually users of asterisk are behid a dynamic IP with no PTR and list grows

While using Ubuntu 10.10 + Dovecot 1.2.12 + Postfix 2.7.1-1: To enable virtual accounts, I am using the following /etc/dovecot/auth.d/virtualsomename.auth file: passdb passwd-file { args = /etc/dovecot/passwd } userdb static { args = uid=vmail gid=vmail home=/home/vmail/%u } EOT cat /etc/dovecot/passwd looks like this: test:{PLAIN}pass bill:{PLAIN}secret timo at

...le = /etc/ssl/certs/postfix.pem smtpd_tls_key_file = /etc/ssl/private/postfix.pem smtpd_use_tls = yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_tls_auth_only = yes # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client. myhostname = mail.akairnet.com alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = mail.akairnet.com mydestination = localhost, localhost.akairnet.com, akairnet.com #local_recipient_maps =...

...# TLS parameters smtpd_tls_cert_file = /etc/postfix/smtpd.cert smtpd_tls_key_file = /etc/postfix/smtpd.key smtpd_use_tls = yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client. myhostname = pop3.companycouk.com alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = /etc/mailname mydestination = ccpop.itco.co, localhost, localhost.localdomain, companycoServer1, comp...

...S support, traffic between your SMTP server (or the one from your ISP, that you're using as SMTP relay) and our servers will be encrypted. * If not, it will still be sent in clear, as before More information about "Opportunistic TLS" support for Postfix here : http://www.postfix.org/TLS_README.html#client_tls_may Should you encounter an issue, feel free to either report it on https://bugs.centos.org, or in #centos-devel on irc.freenode.net. on behalf of the Infra team, - -- Fabian Arrotin The CentOS Project | http://www.centos.org gpg key: 56BEC54E | twitter: @arrfab -----BEGIN PGP S...