search

trusteddomainproject / OpenDMARC

This is the Trusted Domain Project's impementation of the DMARC protocol libary and mail filter, called OpenDMARC. A "milter" connects to unix-based mailers (originally, sendmail, but now many) and provides a standard filtering API.
Other
100 stars 53 forks source link

OpenDMARC mailing list uses old TLS #156

Open Swallowtail23 opened 3 years ago

Swallowtail23 commented 3 years ago

This is not an issue with the software, but with the user mailing list. It's kind of ironic really given that this is a product dedicated to improving email security...

Apr  1 22:19:24 emp87 postfix/smtpd[1162142]: connect from medusa.blackops.org[208.69.40.157]
Apr  1 22:19:25 emp87 postfix/smtpd[1162142]: SSL_accept error from medusa.blackops.org[208.69.40.157]: -1
Apr  1 22:19:25 emp87 postfix/smtpd[1162142]: warning: TLS library problem: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:ssl/statem/statem_srvr.c:1686:
Apr  1 22:19:25 emp87 postfix/smtpd[1162142]: lost connection after STARTTLS from medusa.blackops.org[208.69.40.157]
Apr  1 22:19:25 emp87 postfix/smtpd[1162142]: disconnect from medusa.blackops.org[208.69.40.157] ehlo=1 starttls=0/1 commands=1/2

My server is configured as smtpd_tls_security_level = may as the only variation from standard Postfix TLS configuration.

I have a backup MX which the mailing list then connects to (and which accepts the email) - but that isn't really the point... :)

thegushi commented 3 years ago

Thanks for the heads up.

We’re working on some system upgrades in the near future. Not the least of which have to do with getting off a mailing list platform dependent on an EOL version of python.

-Dan

On Apr 1, 2021, at 7:55 PM, Swallowtail23 @.***> wrote:

This is not an issue with the software, but with the user mailing list. It's kind of ironic really given that this is a product dedicated to improving email security...

Apr 1 22:19:24 emp87 postfix/smtpd[1162142]: connect from medusa.blackops.org[208.69.40.157] Apr 1 22:19:25 emp87 postfix/smtpd[1162142]: SSL_accept error from medusa.blackops.org[208.69.40.157]: -1 Apr 1 22:19:25 emp87 postfix/smtpd[1162142]: warning: TLS library problem: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:ssl/statem/statem_srvr.c:1686: Apr 1 22:19:25 emp87 postfix/smtpd[1162142]: lost connection after STARTTLS from medusa.blackops.org[208.69.40.157] Apr 1 22:19:25 emp87 postfix/smtpd[1162142]: disconnect from medusa.blackops.org[208.69.40.157] ehlo=1 starttls=0/1 commands=1/2 My server is configured as smtpd_tls_security_level = may as the only variation from standard Postfix TLS configuration.

I have a backup MX which the mailing list then connects to (and which accepts the email) - but that isn't really the point... :)

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/trusteddomainproject/OpenDMARC/issues/156, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAIWKKAKNGENFTUMM2QPFYLTGUWZRANCNFSM42IEXDEQ.

andreasschulze commented 3 years ago

related: there is really outdated documentation online: http://www.trusteddomain.org/opendmarc/ this shoud be updated or removed.

I transfered the domain opendmarc.org to @mskucherawy years ago. Would be nice to see documentation there. Similar to http://opendkim.org ...