Search found 970 matches

by liverpoolfcfan
Thu Jun 17, 2021 10:48 am
Forum: Administrators
Topic: HELP PLZ!! stuck in maintenance mode
Replies: 1
Views: 214

Re: HELP PLZ!! stuck in maintenance mode

If you login to the Admin Portal, you will see that the Account Status column will show "Maintenance" for the account. Double-click the account name to edit it, and in the second panel - Account Setup - you should see that the Status dropdown has "Maintenance" selected. Change it...
by liverpoolfcfan
Wed Jun 16, 2021 8:38 am
Forum: Administrators
Topic: unable to find local issuer with JDunphys method
Replies: 10
Views: 1676

Re: unable to find local issuer with JDunphys method

mttc wrote:I am unable to use the -show_chain command with openssl, not sure whether the syntax has changed but it gives me the help output.

Did you mean -showcerts ?

openssl s_connect -showcerts -connect <mailserver.domain> .......
by liverpoolfcfan
Fri Jun 04, 2021 1:15 pm
Forum: Administrators
Topic: Certificate Error ISRG X1
Replies: 2
Views: 1536

Re: Certificate Error ISRG X1

Download the latest script. They fixed that issue already in version 0.7.12 - It was issue #129 - https://github.com/YetOpen/certbot-zimb ... ANGELOG.md
by liverpoolfcfan
Tue Jun 01, 2021 1:48 pm
Forum: Administrators
Topic: zmcertmgr - errors out with elliptical curve certs - suggested fix
Replies: 1
Views: 775

zmcertmgr - errors out with elliptical curve certs - suggested fix

Not sure what to do with this as bugzilla seems dead - there is an old ticket about the issue https://bugzilla.zimbra.com/show_bug.cgi?id=97200 I recently requested an update to our LetsEncrypt certificates to change the key_type to ecdsa using elliptical-curve secp384r1 which are seen as more secur...
by liverpoolfcfan
Sat May 29, 2021 11:50 am
Forum: Administrators
Topic: Cipher suite problem/advice
Replies: 2
Views: 1759

Re: Cipher suite problem/advice

I followed the old Qualys A+ wiki article you referenced a long time ago. More recently to boost my score back up to A+ I did the following. Have you followed the guidance to enable TLSv1.3? I followed the guidance from the recent patch release notes to enable TLSv1.3, then removed the older SSLProt...
by liverpoolfcfan
Wed May 12, 2021 8:44 am
Forum: Administrators
Topic: No renewals found while renewing letsencrypt
Replies: 1
Views: 1233

Re: No renewals found while renewing letsencrypt

Did you copy over the letsencrypt data store from the old server before trying to renew? Usually it is a directory structure in /etc/letsencrypt It has folders for the certificates (both live and archive), keys, csr, accounts and renewal (tells it how to renew the certificates), and renewal-hooks (i...
by liverpoolfcfan
Mon Apr 19, 2021 9:58 am
Forum: Administrators
Topic: Enabling TLS 1.3, removing v1 and v1.1 and ensuring that only strong ciphers are used
Replies: 3
Views: 718

Re: Enabling TLS 1.3, removing v1 and v1.1 and ensuring that only strong ciphers are used

On the 8.8.15 P20 FOSS - We use the zimbraReverseProxySSLCiphers in the wiki article linked by JDunphy above - prepended with TLS_AES_256_GCM_SHA384: for TLSv1.3

We get an A+ rating - with individual scores on the right of 100,100,90,90
by liverpoolfcfan
Tue Apr 13, 2021 7:43 pm
Forum: Administrators
Topic: copy to Sent items when sending from Pyhton
Replies: 4
Views: 1224

Re: copy to Sent items when sending from Pyhton

How are you sending the emails? Are you using the SOAP API?

In the Admin tool for the user's Class Of Service->Preferences-Sending Mail - do you have "Save to sent" checked? And in the Admin tool for the account ->Preferences-> is the same box checked?
by liverpoolfcfan
Tue Apr 13, 2021 7:39 pm
Forum: Administrators
Topic: Certificate/Certbot - best way?
Replies: 28
Views: 5782

Re: Certificate/Certbot - best way?

There are 2 approaches pinned in this forum. I used this one https://forums.zimbra.org/viewtopic.php?f=15&t=62705 - tweaked to use DNS validation for certbot instead of editing the nginx templates. It has worked great for me this far. See post No.7 in the thread. Many others have used JDunphy's ...
by liverpoolfcfan
Tue Apr 13, 2021 11:32 am
Forum: Administrators
Topic: [SOLVED] Can zimbra/postfix show encryption levels in Received: header?
Replies: 1
Views: 318

Re: Can zimbra/postfix show encryption levels in Received: header?

Answering my own question in case anyone else needs it. The short answer is YES zimbra has an LDAP configuration setting ( zimbraMtaSmtpdTlsReceivedHeader ) to control it. The default is set to no. To enable the TLS details in the header, as the zimbra user set the value to yes, and reload postfix. ...

Go to advanced search