Postfix Encryption for gmail

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Postfix Encryption for gmail

Kent
Hi All,

I'm trying to get my server accepted by gmail as encrypted.

I've managed to get it from   'kamar.nz did not encrypt this message'  to not saying 'none'  - but it still has the opened red padlock icon.

What do I need to do to get this to actually show a green encrypted icon instead ?


We do have a Cisco ASA router with Mailware - would this be getting in the middle ?

thanks

Kent.





main.cf
--------------
# === TLS parameters ===
smtpd_tls_cert_file = /mail/ssl/int.kamar.nz.crt
smtpd_tls_key_file = /mail/ssl/kamar.nz.key
smtpd_tls_CAfile = /mail/ssl/kamar.nz.crt


# === Email Encryption ===
smtpd_tls_security_level = may
smtp_tls_security_level = may
smtp_tls_loglevel = 1
smtpd_tls_loglevel = 1
smtpd_sasl_auth_enable = yes


# === Mail Server Name ===
mydomain = ip195.kamar.nz
myhostname = ip195.kamar.nz
myorigin = ip195.kamar.nz





maillog
----------------------------
Jun 11 20:18:52 kamar postfix/postfix-script[31803]: starting the Postfix mail system
Jun 11 20:18:52 kamar postfix/master[31805]: daemon started -- version 2.10.1, configuration /etc/postfix
Jun 11 20:19:13 kamar postfix/pickup[31806]: 96B265F68C: uid=0 from=<[hidden email]>
Jun 11 20:19:13 kamar postfix/cleanup[31810]: 96B265F68C: message-id=<[hidden email]>
Jun 11 20:19:13 kamar postfix/qmgr[31807]: 96B265F68C: from=<[hidden email]>, size=4085, nrcpt=1 (queue active)
Jun 11 20:19:14 kamar postfix/smtp[31812]: 96B265F68C: enabling PIX workarounds: disable_esmtp delay_dotcrlf for gmail-smtp-in.l.google.com[2404:6800:4008:c00::1b]:25
Jun 11 20:19:15 kamar postfix/smtp[31812]: 96B265F68C: to=<**********@gmail.com>, relay=gmail-smtp-in.l.google.com[2404:6800:4008:c00::1b]:25, delay=2, delays=0.03/0.03/0.71/1.2, dsn=2.0.0, status=sent (250 2.0.0 OK 1497169155 73si4615451pfn.55 - gsmtp)
Jun 11 20:19:15 kamar postfix/qmgr[31807]: 96B265F68C: removed



Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Postfix Encryption for gmail

A. Schulze

Kent:

> Hi All,
>
> I'm trying to get my server accepted by gmail as encrypted.
>
> I've managed to get it from   'kamar.nz <http://kamar.nz/> did not  
> encrypt this message'  to not saying 'none'  - but it still has the  
> opened red padlock icon.
>
> What do I need to do to get this to actually show a green encrypted  
> icon instead ?
>
>
> We do have a Cisco ASA router with Mailware - would this be getting  
> in the middle ?

Disable the SMTP-inspection in your ASA.


>
> thanks
>
> Kent.
>
>
>
>
>
> main.cf
> --------------
> # === TLS parameters ===
> smtpd_tls_cert_file = /mail/ssl/int.kamar.nz.crt
> smtpd_tls_key_file = /mail/ssl/kamar.nz.key
> smtpd_tls_CAfile = /mail/ssl/kamar.nz.crt
>
>
> # === Email Encryption ===
> smtpd_tls_security_level = may
> smtp_tls_security_level = may
> smtp_tls_loglevel = 1
> smtpd_tls_loglevel = 1
> smtpd_sasl_auth_enable = yes
>
>
> # === Mail Server Name ===
> mydomain = ip195.kamar.nz
> myhostname = ip195.kamar.nz
> myorigin = ip195.kamar.nz
>
>
>
>
>
> maillog
> ----------------------------
> Jun 11 20:18:52 kamar postfix/postfix-script[31803]: starting the  
> Postfix mail system
> Jun 11 20:18:52 kamar postfix/master[31805]: daemon started --  
> version 2.10.1, configuration /etc/postfix
> Jun 11 20:19:13 kamar postfix/pickup[31806]: 96B265F68C: uid=0  
> from=<[hidden email]>
> Jun 11 20:19:13 kamar postfix/cleanup[31810]: 96B265F68C:  
> message-id=<[hidden email]>
> Jun 11 20:19:13 kamar postfix/qmgr[31807]: 96B265F68C:  
> from=<[hidden email]>, size=4085, nrcpt=1 (queue active)
> Jun 11 20:19:14 kamar postfix/smtp[31812]: 96B265F68C: enabling PIX  
> workarounds: disable_esmtp delay_dotcrlf for  
> gmail-smtp-in.l.google.com[2404:6800:4008:c00::1b]:25
> Jun 11 20:19:15 kamar postfix/smtp[31812]: 96B265F68C:  
> to=<**********@gmail.com>,  
> relay=gmail-smtp-in.l.google.com[2404:6800:4008:c00::1b]:25,  
> delay=2, delays=0.03/0.03/0.71/1.2, dsn=2.0.0, status=sent (250  
> 2.0.0 OK 1497169155 73si4615451pfn.55 - gsmtp)
> Jun 11 20:19:15 kamar postfix/qmgr[31807]: 96B265F68C: removed



Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Postfix Encryption for gmail

Kent
Thanks  I've turned it off - which is now giving me a secure (gray) icon.

I suspect now however, that mail is no longer going through the mailware provided by the ASA.  I'll check with Cisco about this.


Next Question:


I'm passing to postdrop:  -n  delay,failure,success

This appears to be working, but the success e-mail is coming into  [hidden email]


It looks like it's using the 'Return-Path' which is always set to:  [hidden email].

1) Can I set this to the 'from' e-mail address ?

or

2) Can I set it to a specific e-mail address


I've modified  /etc/aliases   and set 'root' to go to the e-mail address I want - but is there another way ?


Thanks

Kent.



On 11/06/2017, at 8:45 PM, A. Schulze <[hidden email]> wrote:


Kent:

Hi All,

I'm trying to get my server accepted by gmail as encrypted.

I've managed to get it from   'kamar.nz <http://kamar.nz/> did not encrypt this message'  to not saying 'none'  - but it still has the opened red padlock icon.

What do I need to do to get this to actually show a green encrypted icon instead ?


We do have a Cisco ASA router with Mailware - would this be getting in the middle ?

Disable the SMTP-inspection in your ASA.



thanks

Kent.





main.cf
--------------
# === TLS parameters ===
smtpd_tls_cert_file = /mail/ssl/int.kamar.nz.crt
smtpd_tls_key_file = /mail/ssl/kamar.nz.key
smtpd_tls_CAfile = /mail/ssl/kamar.nz.crt


# === Email Encryption ===
smtpd_tls_security_level = may
smtp_tls_security_level = may
smtp_tls_loglevel = 1
smtpd_tls_loglevel = 1
smtpd_sasl_auth_enable = yes


# === Mail Server Name ===
mydomain = ip195.kamar.nz
myhostname = ip195.kamar.nz
myorigin = ip195.kamar.nz





maillog
----------------------------
Jun 11 20:18:52 kamar postfix/postfix-script[31803]: starting the Postfix mail system
Jun 11 20:18:52 kamar postfix/master[31805]: daemon started -- version 2.10.1, configuration /etc/postfix
Jun 11 20:19:13 kamar postfix/pickup[31806]: 96B265F68C: uid=0 from=<[hidden email]>
Jun 11 20:19:13 kamar postfix/cleanup[31810]: 96B265F68C: message-id=<[hidden email]>
Jun 11 20:19:13 kamar postfix/qmgr[31807]: 96B265F68C: from=<[hidden email]>, size=4085, nrcpt=1 (queue active)
Jun 11 20:19:14 kamar postfix/smtp[31812]: 96B265F68C: enabling PIX workarounds: disable_esmtp delay_dotcrlf for gmail-smtp-in.l.google.com[2404:6800:4008:c00::1b]:25
Jun 11 20:19:15 kamar postfix/smtp[31812]: 96B265F68C: to=<**********@gmail.com>, relay=gmail-smtp-in.l.google.com[2404:6800:4008:c00::1b]:25, delay=2, delays=0.03/0.03/0.71/1.2, dsn=2.0.0, status=sent (250 2.0.0 OK 1497169155 73si4615451pfn.55 - gsmtp)
Jun 11 20:19:15 kamar postfix/qmgr[31807]: 96B265F68C: removed




Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Postfix Encryption for gmail

Kent
Okay - ignore this last question.

the   -r  parameter for the sendmail.postfix  command does what I'm wanting.

Kent.



On 11/06/2017, at 10:33 PM, Kent <[hidden email]> wrote:

Thanks  I've turned it off - which is now giving me a secure (gray) icon.

I suspect now however, that mail is no longer going through the mailware provided by the ASA.  I'll check with Cisco about this.


Next Question:


I'm passing to postdrop:  -n  delay,failure,success

This appears to be working, but the success e-mail is coming into  [hidden email]


It looks like it's using the 'Return-Path' which is always set to:  [hidden email].

1) Can I set this to the 'from' e-mail address ?

or

2) Can I set it to a specific e-mail address


I've modified  /etc/aliases   and set 'root' to go to the e-mail address I want - but is there another way ?


Thanks

Kent.



On 11/06/2017, at 8:45 PM, A. Schulze <[hidden email]> wrote:


Kent:

Hi All,

I'm trying to get my server accepted by gmail as encrypted.

I've managed to get it from   'kamar.nz <http://kamar.nz/> did not encrypt this message'  to not saying 'none'  - but it still has the opened red padlock icon.

What do I need to do to get this to actually show a green encrypted icon instead ?


We do have a Cisco ASA router with Mailware - would this be getting in the middle ?

Disable the SMTP-inspection in your ASA.



thanks

Kent.





main.cf
--------------
# === TLS parameters ===
smtpd_tls_cert_file = /mail/ssl/int.kamar.nz.crt
smtpd_tls_key_file = /mail/ssl/kamar.nz.key
smtpd_tls_CAfile = /mail/ssl/kamar.nz.crt


# === Email Encryption ===
smtpd_tls_security_level = may
smtp_tls_security_level = may
smtp_tls_loglevel = 1
smtpd_tls_loglevel = 1
smtpd_sasl_auth_enable = yes


# === Mail Server Name ===
mydomain = ip195.kamar.nz
myhostname = ip195.kamar.nz
myorigin = ip195.kamar.nz





maillog
----------------------------
Jun 11 20:18:52 kamar postfix/postfix-script[31803]: starting the Postfix mail system
Jun 11 20:18:52 kamar postfix/master[31805]: daemon started -- version 2.10.1, configuration /etc/postfix
Jun 11 20:19:13 kamar postfix/pickup[31806]: 96B265F68C: uid=0 from=<[hidden email]>
Jun 11 20:19:13 kamar postfix/cleanup[31810]: 96B265F68C: message-id=<[hidden email]>
Jun 11 20:19:13 kamar postfix/qmgr[31807]: 96B265F68C: from=<[hidden email]>, size=4085, nrcpt=1 (queue active)
Jun 11 20:19:14 kamar postfix/smtp[31812]: 96B265F68C: enabling PIX workarounds: disable_esmtp delay_dotcrlf for gmail-smtp-in.l.google.com[2404:6800:4008:c00::1b]:25
Jun 11 20:19:15 kamar postfix/smtp[31812]: 96B265F68C: to=<**********@gmail.com>, relay=gmail-smtp-in.l.google.com[2404:6800:4008:c00::1b]:25, delay=2, delays=0.03/0.03/0.71/1.2, dsn=2.0.0, status=sent (250 2.0.0 OK 1497169155 73si4615451pfn.55 - gsmtp)
Jun 11 20:19:15 kamar postfix/qmgr[31807]: 96B265F68C: removed





Loading...