[Ach] Applied Crypto PDF - postfix config

crypto at la-system.com crypto at la-system.com
Thu Feb 13 06:45:53 CET 2014 

Hi Sebastian,

it is an ubuntu with that details:

localhost:~# openssl version
OpenSSL 0.9.8k 25 Mar 2009
localhost:~# uname -orv
2.6.32-55-server #117-Ubuntu SMP Tue Dec 3 17:45:11 UTC 2013 GNU/Linux
localhost:~# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 10.04.4 LTS
Release:        10.04
Codename:       lucid

Best Regards,
Thorsten


Zitat von szebi <szebi at gmx.at>:

> Hi Thorsten,
>
> yes, I encountered this also yesterday evening.
>
> Additionally, I think we should give advice which options one should to
> /add/// to the smtps and submission lines. There are usually good
> defaults in master.cf (smtpd_tls_security_level=encrypt is default for
> submission in 2.9.6).
> Furthermore I think it is better readable if we replace '587' by
> 'submission' in the conf for master.cf.
>
> @Thorsten, which OS and OpenSSL-Version did you use to test the
> settings? I'd like to integrate this in the 'tested with versions' section.
>
> regards,
> Sebastian
>
> On 02/12/2014 03:54 PM, crypto at la-system.com wrote:
>>
>> Dear list,
>>
>> in chapter 2.3.4 Postfix is may be a false option for the MSA config
>> written.
>>
>> It states this line:
>> "587 inet n - - - - smtpd
>> -o smtpd_tls_security_level=encrypt -o tls_preempt_cipherlist = yes"
>>
>> In an old postfix version 2.7.0 I get this error:
>>
>> Feb 12 11:58:04 localhost postfix/master[17751]: daemon started --
>> version 2.7.0, configuration /etc/postfix
>> Feb 12 11:58:40 localhost postfix/smtpd[17774]: fatal: invalid "-o
>> tls_preempt_cipherlist" option value: missing '=' after attribute name
>>
>>
>> Removing the spaces before and after "=" will fix this in that
>> version. (-o tls_preempt_cipherlist=yes) will work instead.
>>
>> Best Regards,
>> Thorsten
>>
>>
>> _______________________________________________
>> Ach mailing list
>> Ach at lists.cert.at
>> http://lists.cert.at/cgi-bin/mailman/listinfo/ach


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5829 bytes
Desc: S/MIME-Signatur
URL: <http://lists.cert.at/pipermail/ach/attachments/20140213/ae64ea94/attachment.bin>

More information about the Ach mailing list