Koozali.org: home of the SME Server

550 A TLS connection is required

Offline Knuddi

  • *
  • 540
  • +0/-0
    • http://www.scanmailx.com
Re: 550 A TLS connection is required
« Reply #15 on: April 05, 2019, 09:11:35 AM »
I have installed on one server and it looks very good so far.

Offline Knuddi

  • *
  • 540
  • +0/-0
    • http://www.scanmailx.com
Re: 550 A TLS connection is required
« Reply #16 on: April 11, 2019, 09:58:05 PM »
There are some new standards out there that tries to help the "best effort" TLS on it way for a safer world. I have just implemented MTA-STS (SMTP Mail Transfer Agent Strict Transport Security) on my domain as well as TLS-RPT (SMTP TLS Reporting). With DANE, DMARC, SPF and now also CAA enabled I cannot find better ways to hardening my SME environment :-)

Tests can be done via: https://www.hardenize.com/report/scanmailx.com

/Knuddi

Offline CharlieBrady

  • *
  • 6,918
  • +3/-0
Re: 550 A TLS connection is required
« Reply #17 on: April 12, 2019, 04:14:57 PM »
I only run this

yum update qmail --enablerepo=smeupdates-testing
signal-event post-upgrade; signal-event reboot

I think that only the first of those actions is required. The new qmail-remote binary will be used immediately for outgoing deliveries.

Offline Bozely

  • *
  • 75
  • +0/-0
Re: 550 A TLS connection is required
« Reply #18 on: May 07, 2019, 02:50:01 PM »
I'm interested in testing this in a production environment and hopefully providing some feedback, should I experience any issues how would you go about 'rolling back' this change?

Thanks,

Offline mmccarn

  • *
  • 2,626
  • +10/-0
Re: 550 A TLS connection is required
« Reply #19 on: May 08, 2019, 12:05:35 PM »
Downgrade to the previous version:
Code: [Select]
yum downgrade qmail
Downgrade to a specific version:
Code: [Select]
yum downgrade qmail-1.03-18.el6.sme
If you're worried about qmail-1.03-18.el6.sme  disappearing from the smeos repository, you can save a copy locally as insurance:
Code: [Select]
mkdir ~/save
cd ~/save
wget http://mirror.canada.pialasse.com/releases/9/smeos/x86_64/Packages/qmail-1.03-18.el6.sme.x86_64.rpm

With a copy of the current/old rpm in ~/save, you can downgrade using:
Code: [Select]
cd ~/save
rpm -Uvh --oldpackage qmail-1.03-18.el6.sme.x86_64.rpm
signal-event post-upgrade; signal-event reboot

Offline SchulzStefan

  • *
  • 620
  • +0/-0
Re: 550 A TLS connection is required
« Reply #20 on: May 12, 2019, 10:44:31 AM »
It will benefit everyone if people tested the update qmail that JPP spent a lot of his time on.

https://bugs.contribs.org/show_bug.cgi?id=9349

Currently in smeupdates-testing

The more people test the quicker it will get released.

For my understanding:

I did:
# yum update qmail --enablerepo=smeupdates-testing
# rpm -q qmail
qmail-1.03-23.el6.sme.i386
# uname -r
2.6.32-754.12.1.el6.i686

Is this the version to test?

regards,
stefan
And then one day you find ten years have got behind you.

Time, 1973
(Mason, Waters, Wright, Gilmour)

Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: 550 A TLS connection is required
« Reply #21 on: May 12, 2019, 11:04:39 AM »
Yes.

qmail-1.03-23
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation