On Mon, Nov 15, 2021 at 02:14:31PM -0600, Tyler Montney wrote:
> I've just recently started using mailing lists, so replying is still a bit
> awkward to me. (Probably be easier if we'd use forums.)
Forums are a mixed bag. Some love them, some hate them.
I previously ran a forum for LedgerSMB.
It
On Sun, 14 Nov 2021, Michael Peddemors wrote:
And there are RBL's now for know IP(s) used by IMAP hackers, including
SpamRats RATS-AUTH that can assist in reducing those attacks.
These guys also lists brute forcers:
http://www.blocklist.de/en/rbldns.html
I don't know how well they ca
> Probably because it can be complex to set up and maintain
Such is mail and many other things, which falls on the admins. I see no
harm in exploring what's what before deciding.
> and more would be gained by educating users
Yes, users are the weakest link. Users are also the biggest challenge.
On 15/11/2021 11:52, Arjen de Korte wrote:
Citeren Benny Pedersen :
On 2021-11-14 20:26, Matthew Richardson wrote:
On Sun, 14 Nov 2021 08:12:53 -0800, Michael Peddemors wrote:-
And there are RBL's now for know IP(s) used by IMAP hackers, including
SpamRats RATS-AUTH that can assist in reduci
Citeren Benny Pedersen :
On 2021-11-14 20:26, Matthew Richardson wrote:
On Sun, 14 Nov 2021 08:12:53 -0800, Michael Peddemors wrote:-
And there are RBL's now for know IP(s) used by IMAP hackers, including
SpamRats RATS-AUTH that can assist in reducing those attacks.
Looking at https://www.s
On 2021-11-14 20:26, Matthew Richardson wrote:
On Sun, 14 Nov 2021 08:12:53 -0800, Michael Peddemors wrote:-
And there are RBL's now for know IP(s) used by IMAP hackers, including
SpamRats RATS-AUTH that can assist in reducing those attacks.
Looking at https://www.spamrats.com/rats-auth.php t
On 2021-11-14 16:55, Lefteris Tsintjelis wrote:
And if you need sporadically to use it outside your white listing, VPN
works great.
with own CA yes
if not to being fooled by others
On Sun, 14 Nov 2021 08:12:53 -0800, Michael Peddemors wrote:-
>And there are RBL's now for know IP(s) used by IMAP hackers, including
>SpamRats RATS-AUTH that can assist in reducing those attacks.
Looking at https://www.spamrats.com/rats-auth.php the "Example Usage in
Dovecot" says "PLEASE UPDAT
On 14/11/2021 18:03, Lefteris Tsintjelis wrote:
On 14/11/2021 14:50, Kees van Vloten wrote:
Apart from a really nice firewall firehol also supplies a good set of
ip-blacklists.
For public exposure of email ports, I am using the combination of
firehol-firewall, firehol-blacklist, fail2ban an
On 14/11/2021 14:50, Kees van Vloten wrote:
Apart from a really nice firewall firehol also supplies a good set of
ip-blacklists.
For public exposure of email ports, I am using the combination of
firehol-firewall, firehol-blacklist, fail2ban and a whitelist based on
geo-ip. The mail-client p
On 2021-11-14 7:55 a.m., Lefteris Tsintjelis wrote:
On 13/11/2021 23:16, Tyler Montney wrote:
With the world of ransomware as it is today (aka attacks seem more
vicious and commonplace), anything I expose to WAN must have
additional protection. I've seen a few posts to this list on it. The
onl
On 13/11/2021 23:16, Tyler Montney wrote:
With the world of ransomware as it is today (aka attacks seem more
vicious and commonplace), anything I expose to WAN must have additional
protection. I've seen a few posts to this list on it. The only thing
that helped was that Dovecot supports OAuth.
On Sat, Nov 13, 2021 at 03:34:12PM -0800, lists wrote:
> [..] Now Yubikey at least has my attention. But people often leave the
> key plugged into their notebook. Very true with the Google equivalent
> which I have heard from Google employees. The keys themselves aren't
> exactly transferable, but
On 14-11-2021 13:56, Marc wrote:
Full access from any IP (except firehol-blacklist and fail2ban) is
possible over VPN (openvpn) with MFA (privacyidea).
Privacyidea also supplies a mobile-app compatible with a.o. TOTP and
HOTP but it provides a more secure way of enrollment (2-step).
How are you
* Tyler Montney:
> I'm getting the feeling that people don't have an MFA implementation.
Probably because it can be complex to set up and maintain, and more
would be gained by educating users and in particular by users actually
giving a damn about password-discipline and -quality.
On a tangent:
> Full access from any IP (except firehol-blacklist and fail2ban) is
> possible over VPN (openvpn) with MFA (privacyidea).
> Privacyidea also supplies a mobile-app compatible with a.o. TOTP and
> HOTP but it provides a more secure way of enrollment (2-step).
How are you managing dns/clients etc so
Apart from a really nice firewall firehol also supplies a good set of
ip-blacklists.
For public exposure of email ports, I am using the combination of
firehol-firewall, firehol-blacklist, fail2ban and a whitelist based on
geo-ip. The mail-client ports exposed are 993 and 465, because startt
I will throw in a few interesting projects which have kept my small
servers safe:
*) firehol.org
*) crowdsec.net
*) www.fail2ban.org
Have a look at those interesting projects!
On 13.11.21 22:16, Tyler Montney wrote:
With the world of ransomware as it is today (aka attacks seem more
vicious
>30(?) years ago the majority of systems were using a user name to access mail.
>Then the 'I want to track everyone companies' made logging in with email the
>standard that everyone blindly followed. Now decades later the brute forcing
>of known passwords etc is a problem, mostly because the log
On 2021-11-13 22:16, Tyler Montney wrote:
Since this is getting increasingly complicated, I wanted to ask before
going further. What do you all do? Any recommendations?
in the end we all know how to play ludo
passwords is hard to guess if its odd number of chars, and random
selected chars fi
about getting it to work.
*From:* montneyty...@gmail.com
*Sent:* November 13, 2021 3:03 PM
*To:* dovecot@dovecot.org
*Subject:* Re: Strategies for protecting IMAP (e.g. MFA)
"Use strong (as in long and/or randomised and impossible to break using
rainbow table attacks) password"
Ag
> Op 13 nov. 2021 om 22:17 heeft Tyler Montney het
> volgende geschreven:
>
>
> With the world of ransomware as it is today (aka attacks seem more vicious
> and commonplace), anything I expose to WAN must have additional protection.
> I've seen a few posts to this list on it. The only thin
He suggested we use should alias as public email? but most providers don't
have aliases such as gmail.
On Sun, Nov 14, 2021 at 4:48 PM Benny Pedersen wrote:
> On 2021-11-14 09:39, Marc wrote:
> > Don't use email addresses as login ;)
>
> why is this funny ?
>
On 2021-11-14 09:39, Marc wrote:
Don't use email addresses as login ;)
why is this funny ?
Don't use email addresses as login ;)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -.
F1 Outsourcing Development Sp. z o.o.
Poland
t: +48 (0)12 4207 835
e: m...@f1-outsourcing.eu
mail.comSent: November 13, 2021 3:03 PMTo: dovecot@dovecot.orgSubject: Re: Strategies for protecting IMAP (e.g. MFA) "Use strong (as in long and/or randomised and impossible to break using
rainbow table attacks) password"Again, since it's just me, this is do-able. But I'm looking fo
"Use strong (as in long and/or randomised and impossible to break using
rainbow table attacks) password"
Again, since it's just me, this is do-able. But I'm looking for something
practical as well.
I'm getting the feeling that people don't have an MFA implementation.
"if the users are sufficientl
* Tyler Montney:
> Since this is getting increasingly complicated, I wanted to ask before
> going further. What do you all do? Any recommendations?
Use strong (as in long and/or randomised and impossible to break using
rainbow table attacks) passwords which are used only once (!) and kept
either
PMTo: dovecot@dovecot.orgSubject: Strategies for protecting IMAP (e.g. MFA) With the world of ransomware as it is today (aka attacks seem more vicious and commonplace), anything I expose to WAN must have additional protection. I've seen a few posts to this list on it. The only thing that helpe
With the world of ransomware as it is today (aka attacks seem more vicious
and commonplace), anything I expose to WAN must have additional protection.
I've seen a few posts to this list on it. The only thing that helped was
that Dovecot supports OAuth. Through OAuth I figure I could implement MFA.
30 matches
Mail list logo
