From owner-freebsd-questions@freebsd.org Fri Oct 5 00:03:49 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9BB8410BE4C2 for ; Fri, 5 Oct 2018 00:03:49 +0000 (UTC) (envelope-from jjohnstone.nospamfreebsd@tridentusa.com) Received: from mail.tridentusa.com (mail.tridentusa.com [96.225.19.3]) by mx1.freebsd.org (Postfix) with ESMTP id 2645A8AB0B for ; Fri, 5 Oct 2018 00:03:48 +0000 (UTC) (envelope-from jjohnstone.nospamfreebsd@tridentusa.com) Received: (qmail 28279 invoked from network); 4 Oct 2018 19:57:07 -0400 Received: from john-j.tridentusa.com (HELO ?172.16.0.90?) (jjohnstone@tridentusa.com@172.16.0.90) by mail.tridentusa.com with AES128-SHA encrypted SMTP; 4 Oct 2018 19:57:07 -0400 Subject: Re: Finding files on BSD that are hidden by Samba To: freebsd-questions@freebsd.org References: <3b359518d636e474d4630fd108d17f1b.squirrel@webmail.harte-lyne.ca> <2bdffe97dfba5041e71dae1d088c58b5.squirrel@webmail.harte-lyne.ca> From: John Johnstone Message-ID: Date: Thu, 4 Oct 2018 19:57:01 -0400 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: <2bdffe97dfba5041e71dae1d088c58b5.squirrel@webmail.harte-lyne.ca> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Oct 2018 00:03:49 -0000 On 10/4/2018 7:13 PM, James B. Byrne via freebsd-questions wrote: > I would ask on their ML but they changed their smtp service and it > will no longer connect to ours because we use a private CA and provide > the self-signed CA root certificate. I haven't debugged it in detail but I've seen Yahoo / AOL / Oath send mail where they make a connection to port 25, via STARTTLS start a SSL handshake, have something objectionable in the handshake occur (which might be the presence of a self-signed certificate), but then re-connect immediately back to port 25 and do the SMTP transfer un-encrypted without TLS. If you're talking about your server sending mail to the samba mailing list and their server is refusing your attempt at encrypted transfer to their port 25, a workaround is to just not do encryption. Either altogether for all your outgoing mail or configure your system to not do it just when connecting to the samba mailing list server. It's now more common for mail receivers to refuse "sub-standard" encrypted transfers but they essentially have to fall back to un-encrypted to keep mail flowing. You just have to configure your server to do un-encrypted with samba or to automatically fallback and retry un-enncrypted. - John J.