separate), maybe
even in the mechanism generating out-of-office autoreplies (if
tweakable). Deciding which route would be the *easiest* to take requires
more details of your setup, though ...
Kind regards,
--
Jochen Bern
Systemingenieur
www.binect.de
smime.p7s
Description: S/MIME Cryptographic Signature
keeping the map and
pubkeys updated didn't come for free, either, even though I'm the one
handing our staff their S/MIME certs in the first place.
Regards,
--
Jochen Bern
Systemingenieur
www.binect.de
smime.p7s
Description: S/MIME Cryptographic Signature
-user access rights management, yadda yadda), the
requirement to defeat authentication from SOGo to the IMAP server may
become moot.
But until then - Exchange takes its entire auth from AD, and SOGo's
LDAP, *not* the IMAP server's passdb, is the analogue of that.
Regards,
--
Jochen Bern
ly "encrypted
storage upon/after final delivery", wouldn't it ... ?
FWIW, for auto-encrypting someplace near the MSA, I've used the "GPGPit"
tool that's available on the web (and that I've made into an "SMIMEit"
myself). The nontrivial proble
On 05/16/2018 12:01 PM, Aki Tuomi wrote:
> On 16.05.2018 12:56, Jochen Bern wrote:
>> Considering the keywords "dovecot" and "sieve", that would still not be
>> "end to end" and not even "MSA to MX"(-ish) but merely "encrypted
>>
port, *without* DNS lookups",
whichever your (internal?) networking necessitates).
http://www.postfix.org/transport.5.html
With a bit of luck, that might already "contain" the weirdness to the
point that neither the MX nor dovecot need config hacks.
Regards,
--
Jochen Ber
download, I guess?)
2. Assuming that the incoming e-mail is S/MIME signed *and encrypted*,
is it actually possible to extract the sender cert *without* having
the application's keypair to *decrypt* the e-mail in the process?
Kind regards,
--
Jochen Bern
Systemingenieur
www.binec
7;s MSA and MDA reside within
one and the same MTA and you'll have a filtering config/API where you
already can evaluate *both* parts of the input information - sending
account and that it's to be delivered to all@ - at once.)
Regards,
--
Jochen Bern
Systemingenieur
www.binect.de
www.face
use normal expiry functions to
> clean out that archive after backup.
From a data flow (and privacy protection) POV, that wouldn't be much
different anymore from having *the MTA* feed a copy of (all incoming)
e-mails directly into an archiving mechanism, would it?
http://www.postfix.org/
mail loops.
If you don't know *exactly* what you're doing, maintain your myriad of
users/mailboxes *both* at the ISP and on your internal servers and put
the "mails in ISP mailbox X *all* go into internal mailbox Y, and
nowhere else!" relations "hardcoded" into your r
; e.g., someone addressed it to two aliases that both expand
to you, just to name one possibilty where *both* go through *sieve* as
well.)
Regards,
--
Jochen Bern
Systemingenieur
Binect GmbH
smime.p7s
Description: S/MIME Cryptographic Signature
On 18.01.21 12:18, @lbutlr wrote:
> On 18 Jan 2021, at 04:12, Jochen Bern wrote:
>> (Also, you can legally have several e-mails with the same Message-ID in
>> your mailbox; e.g., someone addressed it to two aliases that both expand
>> to you, just to name one possibilty wh
dare you NOT have an SMTP-out server for
this account at all!" etc..)
Regards,
--
Jochen Bern
Systemingenieur
Binect GmbH
smime.p7s
Description: S/MIME Cryptographic Signature
From:Cc:Reply-To:Subject:In-Reply-To:References:From;
>
> [...] I do not know why Reply-to and From are both listed twice.
(That's Reply-To: (the address(es) to which to send replies) and
*In-*Reply-To: (the Message-ID of the mail that *this* e-mail replies
to), FWIW.)
Regards,
--
Jo
run a scanner like sslyze against the
server.)
Regards,
--
Jochen Bern
Systemingenieur
Binect GmbH
smime.p7s
Description: S/MIME Cryptographic Signature
v1, in the meantime -
at least by Red Hat - downgraded to *not* be a *Remote* Code Execution
(RCE) vuln) ...
Regards,
--
Jochen Bern
Systemingenieur
Binect GmbH
smime.p7s
Description: S/MIME Cryptographic Signature
*should* each have a Message-ID of their own, with the IDs of the
earlier e-mails appearing in In-Reply-To: and References: headers to
support threading in MUAs.)
Kind regards,
--
Jochen Bern
Systemingenieur
Binect GmbH
smime.p7s
Description: S/MIME Cryptographic Signature
erts, so MitM attacks are definitely possible.
[Still vividly remembers finding that a certain camping ground's WiFi
transparently redirects geusts' SMTP/IMAP to a snooping, SSL-enabled
server ...]
Kind regards,
--
Jochen Bern
Systemingenieur
Binect GmbH
smime.p7s
Description: S/MIME Cryptographic Signature
; Found 0 files for UID 139
> Found 0 files for UID 142
> Found 0 files for UID 143
> Found 0 files for UID 144
> Found 0 files for UID 145
> Found 0 files for UID 150
> Found 0 files for UID 151
Is that normal behaviour? If not, how would I try to find out what
happens the
etup but still
being able to quickly grok the occasional "my answers below in red"
reply, QuickFolders to have a bar of main archive folders I can
drag&drop read e-mails into. Address Close Button occupies the "not
*quite that* essential" rung.
Kind regards,
--
Jochen Bern
S
On 11/17/2016 04:58 PM, Steve Litt wrote:
> On Thu, 17 Nov 2016 14:11:45 +0100 Jochen Bern wrote:
>> Plaintext or HTML mails?
>
> I like the ability to see some sort of representation of the links in
> incoming HTML email. I would never send HTML email.
Not quite sure
evin's proxy+docker suggestion) is IMHO the way to go here.
Regards,
--
Jochen Bern
Systemingenieur
Fon:+49 6151 9067-231
Fax:+49 6151 9067-290
E-Mail: jochen.b...@binect.de
www.binect.de
www.facebook.de/binect
Binect ist ausgezeichnet:
Sieger INNOVATIONSPREIS-IT 2017 | Das Büro: Top 10
ifferent server - which did not offer the STARTTLS that I had
my MUA insist on, either.
Kind regards,
--
Jochen Bern
Systemingenieur
Fon:+49 6151 9067-231
Fax:+49 6151 9067-290
E-Mail: jochen.b...@binect.de
www.binect.de
www.facebook.de/binect
Binect ist ausgezeichnet:
Sieger INNOVATI
ccess rights userA->userB *within* dovecot, I'll have
to refer you to others' replies.)
Kind regards,
--
Jochen Bern
Systemingenieur
Fon:+49 6151 9067-231
Fax:+49 6151 9067-290
E-Mail: jochen.b...@binect.de
www.binect.de
www.facebook.de/binect
Binect ist ausgezeichnet:
Si
ant to give up the ESTABLISHED-ACCEPT rule's
priority (it's some additional burden to the CPU to match *all* incoming
IMAP(S) packets against the blocklist, after all), you could always
render it effectively unusable by setting a (blackhole) host route for
the IP.
Regards,
ve a way to communicate with the token directly
(ideally so that the user gets the password-to-enter via the token, say,
per SMS, but for *that* to work out, you need that *every* piece of
software used is willing and able to forward the info "user X wants to
make an attempt at auth"
On 01.07.22 20:02, Jochen Bern wrote:
*Totally* theorizing here, but as far as I'm aware, the SMTP (AUTH),
POP, and IMAP protocol definitions do not provide elbow room to make
*two* rounds of authentication. (Ever pondered why the admin can require
O365 users to "use 2FA", but
ords.
(My first thought was "how many users may there be who flag incoming
e-mails with the due date for the request contained in them, rather than
using a separate calendar or to-do-list application?" ...)
Regards
--
Jochen Bern
Systemingenieur
Binect GmbH
smime.p7s
Description: S/MIME Cryptographic Signature
, with Wireshark) without having to crack any crypto ...
Kind regards,
--
Jochen Bern
Systemingenieur
Binect GmbH
e encryption (that a
MitM may or may not be able to crack), so it's not a clear all-out FAIL
to use those.
Whether the password is still in cleartext *when written to / read from
disk* is another question, but that would be a negligible defense
against someone who rooted your server.
Kin
("no A or RRs found", in fact, I'm getting an NXDOMAIN for the FQDN).
Regards,
--
Jochen Bern
Systemingenieur
Binect GmbH
smime.p7s
Description: S/MIME Cryptographic Signature
as things, especially the number of such fourth parties to
support by the same CA, start to scale up IMHO. Which promptly brings
us back to you running the CA yourself ...
Kind regards,
--
Jochen Bern
Systemingenieur
Binect GmbH
smime.p7s
Description: S/MIME Cryptographic
d . Plus adding it to /etc/shells if
necessary.) Dunno how readily you could find an equivalent for the
*virtual* accounts' password backend ...
(Yes, it'd be better to have it seamlessly integrated into the IMAP
protocol, but don't forget that you'd need the *MUAs* to st
link-local IPv6 addresses assigned - at which point
IPv6 LISTENs will work, too.
Of course, if you "disabled" IPv6 by compiling a kernel without the code
relevant to it (is it still possible to do that?), various things might
break *hard* ...
Kind regards,
--
Jochen Bern
Syste
easily be no info for an IP you look
up, or some that's plain wrong.
And *then* there are things like Anycast or BGP hijacking or VPN
services to obscure one's origin or ...
Kind regards,
--
Jochen Bern
Systemingenieur
Binect GmbH
smime.p7s
Description: S/MIME Cryptographic Sign
just have
a VPN client installed on them? ;-)
Kind regards,
--
Jochen Bern
Systemingenieur
Binect GmbH
smime.p7s
Description: S/MIME Cryptographic Signature
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
d choose to fail the POP requests?
Kind regards,
--
Jochen Bern
Systemingenieur
Binect GmbH
smime.p7s
Description: S/MIME Cryptographic Signature
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
in
that role - having a plugin run amok and cause the master dovecot
process to abort due to OOM sounds like creating an even worse problem,
frankly ...
Kind regards,
--
Jochen Bern
Systemingenieur
Binect GmbH
smime.p7s
Description: S/MIME Cryptographic Signature
]
-d 1.2.2.1 -j DROP
-d 1.2.3.4 -j DROP
Regards,
J. Bern
--
*NEU* - NEC IT-Infrastruktur-Produkte im <http://www.linworks-shop.de/>:
Server--Storage--Virtualisierung--Management SW--Passion for Performance
Jochen Bern, Systemingenieu
J. Bern
--
*NEU* - NEC IT-Infrastruktur-Produkte im <http://www.linworks-shop.de/>:
Server--Storage--Virtualisierung--Management SW--Passion for Performance
Jochen Bern, Systemingenieur --- LINworks GmbH <http://www.LINworks.de/>
Postfach 100121, 64201 Darmstadt | Robert-Koch-S
t the webUI or CLI turned unresponsive).
Good luck getting the co-located dovecot to live up to that level of
resilience. :-}
Regards,
J. Bern
--
*NEU* - NEC IT-Infrastruktur-Produkte im <http://www.linworks-shop.de/>:
Server--Storage--Virtualisierung--Management SW--Pas
ven *half* of the contenders ...)
Regards,
J. Bern
--
*NEU* - NEC IT-Infrastruktur-Produkte im <http://www.linworks-shop.de/>:
Server--Storage--Virtualisierung--Management SW--Passion for Performance
Jochen Bern, Systemingenieur --- LINwork
sl", you could keep all clients that
support those ciphers configured so as to *require* STARTTLS.
Regards,
Jochen Bern
Systemingenieur
--
LINworks GmbH
Fon:+49 6151 9067-231
Fax:+49 6151 9067-299
E-Mail: jochen.b...@linworks.de
Web:http://www.LINworks.de/
NEC IT Infrastrukt
> args = uid=mandanten gid=mandanten home=/[...]/%Ld_[...]/%Ln
> driver = static
> }
> verbose_proctitle = yes
> protocol imap {
> mail_plugins = " mail_log notify"
> }
--
*NEU* - NEC IT-Infrastruktur-Produkte im <http://www.linworks-shop.de/>:
Server--Storag
On -10.01.-28163 20:59, Reindl Harald wrote:
> Am 05.05.2014 22:13, schrieb Jochen Bern:
>> One of the customers has a major networking problem that hasn't been
>> fully analyzed yet. Sniffing his IMAPS connects on the server side, I
>> see [...]
>
> ask that use
On 06.05.2014 14:14, Timo Sirainen wrote:
> On 5.5.2014, at 23.13, Jochen Bern wrote:
>> The problem I'ld like to ask for help with here is that dovecot's
>> imap-login process doesn't terminate when the FIN is received, or when
>> the IMAP protocol's inac
monitor* the
usage, anyway.
Kind regards,
J. Bern
--
*NEU* - NEC IT-Infrastruktur-Produkte im <http://www.linworks-shop.de/>:
Server--Storage--Virtualisierung--Management SW--Passion for Performance
Jochen Bern, Systemingenieur --- LINworks GmbH &
On 06.05.2014 19:06, Jochen Bern wrote:
> On 06.05.2014 14:14, Timo Sirainen wrote:
>> There was bug where a broken handshake could have caused 100% CPU
>> usage. Maybe the same problem could happen in a slightly different
>> way and also not cause CPU usage.
>> http:/
.
Regards,
J. Bern
--
*NEU* - NEC IT-Infrastruktur-Produkte im <http://www.linworks-shop.de/>:
Server--Storage--Virtualisierung--Management SW--Passion for Performance
Jochen Bern, Systemingenieur --- LINworks GmbH <http://www.LI
ive.org/web/20120717010658/http://rfc-ignorant.org/policy-dsn.php
Regards,
J. Bern
--
*NEU* - NEC IT-Infrastruktur-Produkte im <http://www.linworks-shop.de/>:
Server--Storage--Virtualisierung--Management SW--Passion for Perfor
ks-shop.de/>:
Server--Storage--Virtualisierung--Management SW--Passion for Performance
Jochen Bern, Systemingenieur --- LINworks GmbH <http://www.LINworks.de/>
Postfach 100121, 64201 Darmstadt | Robert-Koch-Str. 9, 64331 Weiterstadt
PGP (1024D/4096g) FP = D18B 41B1 16C0 11BA 7F8C DCF7 E1D5
nfrastruktur-Produkte im <http://www.linworks-shop.de/>:
Server--Storage--Virtualisierung--Management SW--Passion for Performance
Jochen Bern, Systemingenieur --- LINworks GmbH <http://www.LINworks.de/>
Postfach 100121, 64201 Darmstadt | Robert-Koch-Str. 9, 64331 Weiterstadt
PGP (1024D/
On 23.05.2014 15:18, Reindl Harald wrote:
> Am 23.05.2014 14:29, schrieb Jochen Bern:
>> On -10.01.-28163 20:59, Reindl Harald wrote:
>>> the user *always must* use the one and only SMTP server
>>> responsible for his domain, especially in times of SPF,
>>> DKI
On -10.01.-28163 20:59, Reindl Harald wrote:
> Am 23.05.2014 17:51, schrieb Jochen Bern:
>> So the specific *LEGAL REQUIREMENTS* I gave as an example don't apply to
>> your servers/organization/country/whatever? Good for you. Now how about
>> we wait for Dmitry to tell us
On -10.01.-28163 20:59, Reindl Harald wrote:
> Am 25.05.2014 01:18, schrieb Jochen Bern:
>> Legal requirements like, for example, these German ones:
>> http://www.recht-im-internet.de/themen/archivierung.htm
>> Note that the legalese addresses users acting in
J. Bern
--
*NEU* - NEC IT-Infrastruktur-Produkte im <http://www.linworks-shop.de/>:
Server--Storage--Virtualisierung--Management SW--Passion for Performance
Jochen Bern, Systemingenieur --- LINworks GmbH <http://www.LINworks.de/>
Postfa
ks-shop.de/>:
Server--Storage--Virtualisierung--Management SW--Passion for Performance
Jochen Bern, Systemingenieur --- LINworks GmbH <http://www.LINworks.de/>
Postfach 100121, 64201 Darmstadt | Robert-Koch-Str. 9, 64331 Weiterstadt
PGP (1024D/4096g) FP = D18B 41B1 16C0 11BA 7F8C DC
than on the last yard into *one
specific* mailbox.
Regards,
J. Bern
--
*NEU* - NEC IT-Infrastruktur-Produkte im <http://www.linworks-shop.de/>:
Server--Storage--Virtualisierung--Management SW--Passion for Performance
Jochen Bern,
eady
breaks the atomicity and allows for a race condition between clients.
Regards,
J. Bern
--
*NEU* - NEC IT-Infrastruktur-Produkte im <http://www.linworks-shop.de/>:
Server--Storage--Virtualisierung--Management SW--Pass
J. Bern
--
*NEU* - NEC IT-Infrastruktur-Produkte im <http://www.linworks-shop.de/>:
Server--Storage--Virtualisierung--Management SW--Passion for Performance
Jochen Bern, Systemingenieur --- LINworks GmbH <http://www.LINworks.de/>
Postfach 100121,
NEC IT-Infrastruktur-Produkte im <http://www.linworks-shop.de/>:
Server--Storage--Virtualisierung--Management SW--Passion for Performance
Jochen Bern, Systemingenieur --- LINworks GmbH <http://www.LINworks.de/>
Postfach 100121, 64201 Darmstadt | Robert-Koch-Str. 9, 64331 Weiterstadt
PGP (1024D/40
t Cisco SMTP Fixup
getting in the way of STARTTLS ... :-C
Regards,
J. Bern
--
*NEU* - NEC IT-Infrastruktur-Produkte im <http://www.linworks-shop.de/>:
Server--Storage--Virtualisierung--Management SW--Passion for Performance
Jochen Bern, Systemingenieur --- LINworks GmbH <htt
save
Regards,
J. Bern
--
*NEU* - NEC IT-Infrastruktur-Produkte im <http://www.linworks-shop.de/>:
Server--Storage--Virtualisierung--Management SW--Passion for Performance
Jochen Bern, Systemingenieur --- LINworks GmbH <http://www.LINworks.de/>
Postfach 100121, 64201 Darm
On -10.01.-28163 20:59, Gedalya wrote:
> On 08/25/2014 08:26 AM, Jochen Bern wrote:
>> Assuming Red Hat or similar with no conflicting iptables rules (yet),
>> # iptables -t nat -A PREROUTING -p tcp --dport 30xxx -j DNAT --to :143
>
> Since you're redirecting to a
e im <http://www.linworks-shop.de/>:
Server--Storage--Virtualisierung--Management SW--Passion for Performance
Jochen Bern, Systemingenieur --- LINworks GmbH <http://www.LINworks.de/>
Postfach 100121, 64201 Darmstadt | Robert-Koch-Str. 9, 64331 Weiterstadt
PGP (1024D/4096g) FP = D18B 41
ds,
J. Bern
--
*NEU* - NEC IT-Infrastruktur-Produkte im <http://www.linworks-shop.de/>:
Server--Storage--Virtualisierung--Management SW--Passion for Performance
Jochen Bern, Systemingenieur --- LINworks GmbH <http://www.LINw
y get hacked
or judicially suborned into creating a working fraudulent one.
(Where "practical" means "you cannot expect the entire, possibly
worldwide, user population to manually strip their clients' list of
accepted CAs down to the one *you* chose".)
Regards,
--
Jo
t mydom.ain and
throw back a HTTP redirect to www.mydom.ain).
Regards,
--
Jochen Bern
Systemingenieur
www.binect.de
www.facebook.de/binect
smime.p7s
Description: S/MIME Cryptographic Signature
bject_r:postfix_pipe_exec_t:s0 gpgit gpgit 12141
> May 11 2015 gpgit.pl
Needless to say, you'll have to "su - gpgit" and "gpg --import ..." the
various(?) recipients' public keys, too. And *monitor* them there, if
there are any with a limited lifetime ...
Ki
@shmoe, jOe@shmoe etc. etc.. They rarely object to plussed user
addresses or single-person-owned domains that could have a catchall
configured, though ...
(I *should* have tried a user part with "ß" on an upcaseing online
service back when that umlaut officially *didn't have* an upp
alled are *otherwise*
true to the requested duration. But shouldn't those other
concurrently-running timeouts notice an actual discontinuity of the
timescale just the same as the first one did? Maybe some sort of "N
'nay's needed for a vote of non
On 24.08.24 05:04, Harlan Stenn wrote:
On 8/23/2024 7:06 PM, Jochen Bern via dovecot wrote:
(As an example for why this is relevant: Several hundred deviations of
100 ms or more per day sum up to several 10+ seconds per day, if only
they all are in the same direction, or several 115+ ppm
nauseam).
If it is indeed possible to make all those decisions on the admins'
behalf and deliver an *actual* turnkey "unwashed Internet access grade"
variant, feel free to call it "dovecot-ee" or somesuch ...
Kind regards,
--
Jochen Bern
Systemingenieur
Binect Gmb
resql-uses-only-one-core
Kind regards,
--
Jochen Bern
Systemingenieur
Binect GmbH
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
syntax definition into
some parser code generator, too
https://www.rfc-editor.org/rfc/rfc5322#section-3.4
Thanks in advance,
--
Jochen Bern
Systemingenieur
Binect GmbH
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
75 matches
Mail list logo
