Postscipt: AMaViSd-new TLS Support Question
Patrick Ben Koetter
p at sys4.de
Sun Oct 25 10:22:58 CET 2015
* Klaus Tachtler <klaus at tachtler.net>:
> Hi,
>
> if I enable at /etc/amavisd/amavisd.conf:
>
> $tls_security_level_out = 'may';
There's a patch for TLS/SSL on this mailing list submitted by Markus Benning
which addresses several TLS/SSL settings and *might* fix your issue:
https://www.mail-archive.com/amavis-users@amavis.org/msg03498.html
p at rick
>
> I got following WARNING inside my /var/log/maillog from AMaViSd-new:
>
> Oct 25 07:32:34 server70 amavis[5115]: (05115-01) _WARN:
> *******************************************************************\n
> Using the default of SSL_verify_mode of SSL_VERIFY_NONE for client\n
> is deprecated! Please set SSL_verify_mode to SSL_VERIFY_PEER\n
> together with SSL_ca_file|SSL_ca_path for verification.\n If you
> really don't want to verify the certificate and keep the\n
> connection open to Man-In-The-Middle attacks please set\n
> SSL_verify_mode explicitly to SSL_VERIFY_NONE in your application.\n*******************************************************************\n
> at /usr/sbin/amavisd line 8392.
>
> Maybe there are some problems on CentOS-7 with the defaults for SSL
> at IO::Socket::SSL ...?
>
> Sorry, I'm not a perl programmer...
>
> >Hi,
> >
> >is there a possibility to ENABLE TLS connection between Postfix
> >and AMaViSd-new, because
> >my Postfix and the AMaViSd-new NOT on the same HOST.
> >
> >Postfix --> smtpd_proxy-filter OR content_filter with TLS --> AMaViSd-new
> >
> >I found some parameter at /etc/amavisd.conf, who arouse my interest:
> >
> ># $tls_security_level_in = undef; # undef, 'may', 'encrypt', ...
> ># $smtpd_tls_cert_file = undef;
> ># $smtpd_tls_key_file = undef;
> >
> >Thank you!
> >Klaus.
>
> Thanks for the help!
> Klaus.
>
>
>
> --
>
> ------------------------------------------
> e-Mail : klaus at tachtler.net
> Homepage: http://www.tachtler.net
> DokuWiki: http://www.dokuwiki.tachtler.net
> ------------------------------------------
>
--
[*] sys4 AG
https://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
More information about the amavis-users
mailing list