Loading ...
Sorry, an error occurred while loading the content.

Re: TLS with openssl-1.0.1a not working with hotmail

Expand Messages
  • Jerry
    On Tue, 24 Apr 2012 12:51:16 -0400 (EDT) ... Thanks Wietse. It took me a while before I realized that I had to use: [smtp.live.com] as the key in the
    Message 1 of 9 , Apr 24, 2012
    • 0 Attachment
      On Tue, 24 Apr 2012 12:51:16 -0400 (EDT)
      Wietse Venema articulated:

      >Jerry:
      >> /etc/postfix/tls_policy:
      >> example.com may protocols=!SSLv2:!TLSv1.1:!TLSv1.2
      >> </quote>
      >>
      >> I did screw it up, I left out the "v"in the "TLSv1.2" protocol name.
      >> However, even changing that did not make any difference.
      >
      >This confirms that Postfix never found the entry in your SMTP TLS
      >policy table (otherwise it would have complained about "TLS1.2").
      >
      >> > smtp_tls_protocols = !SSLv2,!TLSv1.2
      >> > smtp_tls_mandatory_protocols = !SSLv2,!TLSv1.2
      >>
      >> This works fine for me. I fail to understand why the policy map fails
      >> however.
      >
      >I used both main.cf and SMTP TLS policy table settings.
      >
      >However, the SMTP TLS policy table "lookup key" field needs to match
      >the "next-hop" destination that is given to the Postfix SMTP client.
      >
      >If you override the destination with transport maps, per-sender
      >relayhost, etc., then the "lookup key" field needs to match the
      >override.

      Thanks Wietse. It took me a while before I realized that I had to use:
      [smtp.live.com] as the key in the "tls_policy" file in order to get it
      to work. I was not using the "[ ]" brackets and it therefore was not
      working correctly. That also explains why I never received a warning
      message since the key was never found.

      --
      Jerry ✌
      postfix-user@...
      _____________________________________________________________________
      TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail
      TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html
    Your message has been successfully submitted and would be delivered to recipients shortly.