 |
| Prev-20 | Home | Next-20 |
| Re: Enforced Outbound TLS (part deux) | |
| \ Dennis Putnam (15 Jan 2008) | |
| . \ Victor Duchovni (15 Jan 2008) | |
| . . \ Dennis Putnam (15 Jan 2008) | |
| . . . \ Victor Duchovni (15 Jan 2008) | |
| . . . . \ Dennis Putnam (15 Jan 2008) | |
| . . . . . \ Victor Duchovni (15 Jan 2008) | |
| . . . . . . \ Dennis Putnam (15 Jan 2008) | |
| . . . . . . . \ Victor Duchovni (15 Jan 2008) | |
| . . . . . . . . \ Dennis Putnam (15 Jan 2008) | |
| . . . . . . . . . \ Dennis Putnam (15 Jan 2008) | |
| . . . . . . . . . \ (Wietse Venema) (15 Jan 2008) | |
| . . . . . . . . . . \ Dennis Putnam (15 Jan 2008) | |
| . . . . . . . . . . . \ Victor Duchovni (15 Jan 2008) | |
| . . . . . . . . . . . . \ Dennis Putnam (15 Jan 2008) | |
| . . . . . . . . . . . \ (Wietse Venema) (15 Jan 2008) | |
| . . . . . . . . . \ Victor Duchovni (15 Jan 2008) | |
| . . . . . . . . . . \ Dennis Putnam (15 Jan 2008) | |
| . . . . . . . . . . . \ Victor Duchovni (15 Jan 2008) | |
| . . . . . . . . . . . . \ Dennis Putnam (15 Jan 2008) | |
| . . . . . . . . . . . . . \ Victor Duchovni (15 Jan 2008) | |
| . . . . . . . . . . . . . . \ Dennis Putnam (16 Jan 2008) | |
| . . . . . . . . . . . . . . . \ Victor Duchovni (16 Jan 2008) | |
| . . . . . . . . . . . . . . . . \ Dennis Putnam (16 Jan 2008) | |
| . . . . . . . . . . . . . . . . . \ Victor Duchovni (16 Jan 2008) | |
| . . . . . . . . . . . . . . . . . . \ Mark Watts (16 Jan 2008) | |
| . . . . . . . . . . . . . . . . . . . \ John Peach (16 Jan 2008) | |
| . . . . . . . . . . . . . . . . . . . \ Victor Duchovni (16 Jan 2008) | |
| . . . . . . . . . . . . . . . . . . . . \ Dennis Putnam (16 Jan 2008) | |
| . . . . . . . . . . . . . . . . . . \ Dennis Putnam (16 Jan 2008) | |
| . . . . . . . . . . . . . . . . . . . \ Mark Watts (16 Jan 2008) | |
| . . . . . . . . . . . . . . . . . \ Brian Evans (16 Jan 2008) | |
| . . . . . . . . . . . . . . . \ Noel Jones (16 Jan 2008) | |
| . . . . . . . . . . . . . . . . \ Dennis Putnam (16 Jan 2008) | |
| . . . . . . . . . . . . . . . . . \ Noel Jones (16 Jan 2008) | |
| . . . . . . . . . . . . . \ (Wietse Venema) (15 Jan 2008) | |
| . . . . . . . . . . . . . . \ Dennis Putnam (16 Jan 2008) | |
| Prev-20 | Home | Next-20 |
| Prev-Msg | Prev-Thread | Postfix-users | Jan-2008 | Next-Thread | Next-Msg |
| Subject: | Re: Enforced Outbound TLS (part deux) |
| Group: | Postfix-users |
| From: | Noel Jones |
| Date: | 16 Jan 2008 |
> ...Its my opinion that my
> Cisco may be messing up TLS in the other direction as well. Once I get
> that straightened out we'll verify it in both directions.
Apparently you need to remove "inspect estmp" from the cisco.
> anything anyone can tell me to specifically look for in the log, to
> verify incoming TLS sessions, would be appreciated.
in postfix main.cf:
smtpd_tls_loglevel = 1
run "postfix reload" if you make changes to main.cf
initiate a TLS session from localhost or elsewhere on the
local network - ie. don't go through the offending cisco.
# openssl s_client -connect localhost:25 -starttls smtp
Assuming that command works, verify postfix correctly logs
info about the successful TLS connection. Current postfix
versions will log something like:
Jan 16 10:52:52 mgate2 postfix/smtpd[10956]: setting up TLS
connection from localhost.example.com[127.0.0.1]
Jan 16 10:52:52 mgate2 postfix/smtpd[10956]: Anonymous TLS
connection established from localhost.example.com[127.0.0.1]:
TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
Yours will be a little different, but hopefully recognizable.
Now that you know what to look for, see if postfix says
anyone else uses a TLS connection... (Unlikely given your
current cisco setup, unless you are accepting "wrappermode"
connections on some port other than 25 - see your master.cf).
--
Noel Jones
| Prev-Msg | Prev-Thread | Postfix-users | Jan-2008 | Next-Thread | Next-Msg |