ninjette.org - View Single Post

Alex · April 14th, 2023, 10:12 AM

Learn something new everyday. Or at least every once in awhile. I noticed that some of the email notifications I was getting from ninjette were starting to show up in my email spam folder. That was annoying, but not terribly odd, as I know that there are some blacklists providers that are starting to do weird things with our ISP (see thread right above this one in Forum Info).

But I also noticed that there was a red padlock on the email, and I hadn't remembered seeing that before - but I might have not noticed for awhile. Refreshing myself on the email security settings for this site, I logged back in to the host, had to remember the text-based email client on Centos, and sent myself an email from it - it came just fine, but had same red padlock. But the DKIM/SPF/DMARC settings on the email all looked fine. I sent a test email to one of those mailcheck sites, and it confirmed DKIM/SPF/DMARC were all fine. But - I then clarified that the red padlock had nothing to do directly with those, it was just letting me know that the mail wasn't TLS encrypted.

That's interesting, I was pretty sure I had set up TLS a million years ago, so what would have changed? Looking into it, I realized the issue. I've been updating the certificates for SSL every time they expire, or the website essentially blocks most users from seeing it. But SSL/TLS on the mailserver is different, and I hadn't updated that cert since I installed it in 2014. It still worked for many years, well past the expiration date of that first cert, and mail clients never warned users that the cert was actually expired until more recently. Gmail is now evidently one of them, and if the TLS cert is expired by far enough (apparently some number of years?), it won't connect via TLS and you get the red padlock.

Once I found that, I just had to google the syntax for the postfix config file, and point the cert info to the existing SSL certs that are already on the server for the webserver, reload the new config, and immediately everything started working. Mail is now TLS encrypted with the current cert, so I'm hoping it will now be less likely to show up in some spam boxes, but only time will tell.

April 14th, 2023, 10:12 AM	#32
Alex ninjette.org dude Name: 1 guess :-) Location: SF Bay Area Join Date: Jun 2008 Motorcycle(s): '13 Ninja 300 (white, the fastest color!), '13 R1200RT, '14 CRF250L, '12 TT-R125LE Posts: Too much. Blog Entries: 7	Learn something new everyday. Or at least every once in awhile. I noticed that some of the email notifications I was getting from ninjette were starting to show up in my email spam folder. That was annoying, but not terribly odd, as I know that there are some blacklists providers that are starting to do weird things with our ISP (see thread right above this one in Forum Info). But I also noticed that there was a red padlock on the email, and I hadn't remembered seeing that before - but I might have not noticed for awhile. Refreshing myself on the email security settings for this site, I logged back in to the host, had to remember the text-based email client on Centos, and sent myself an email from it - it came just fine, but had same red padlock. But the DKIM/SPF/DMARC settings on the email all looked fine. I sent a test email to one of those mailcheck sites, and it confirmed DKIM/SPF/DMARC were all fine. But - I then clarified that the red padlock had nothing to do directly with those, it was just letting me know that the mail wasn't TLS encrypted. That's interesting, I was pretty sure I had set up TLS a million years ago, so what would have changed? Looking into it, I realized the issue. I've been updating the certificates for SSL every time they expire, or the website essentially blocks most users from seeing it. But SSL/TLS on the mailserver is different, and I hadn't updated that cert since I installed it in 2014. It still worked for many years, well past the expiration date of that first cert, and mail clients never warned users that the cert was actually expired until more recently. Gmail is now evidently one of them, and if the TLS cert is expired by far enough (apparently some number of years?), it won't connect via TLS and you get the red padlock. Once I found that, I just had to google the syntax for the postfix config file, and point the cert info to the existing SSL certs that are already on the server for the webserver, reload the new config, and immediately everything started working. Mail is now TLS encrypted with the current cert, so I'm hoping it will now be less likely to show up in some spam boxes, but only time will tell. __________________________________________________ Montgomery Street Motorcycle Club / cal24.com / crf250l.org / ninjette.org ninjette.org Terms of Service Shopping for motorcycle parts or equipment? Come here first. The friendliest Ninja 250R/300/400 forum on the internet! (especially Unregistered)
	2 out of 2 members found this post helpful.