Unfortunately, I think OAUTH2 discovery/registration is still not ready,
which of course means that you need all the clients to manually support you
(I don't know if some have a manual oauth2 mode, but that would be pretty
limited as well).
If someone has an opinion on when that's likely to have a
Actually, what are some small time providers using for OAUTH2 servers? I was
thinking about checking out WSO2 locally for a dovecot/postfix database, but
open to some other suggestions…
Sincerely,
Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300
> On Sep 11, 2018, at 5:28 PM, Brandon Long via ma
tt
Intelligent Computing Solutions
Midwest Internet Exchange
The Brothers WISP
- Original Message -
From: "Brandon Long"
To: d...@thedave.ca
Cc: mail...@ics-il.net, "mailop"
Sent: Tuesday, September 11, 2018 1:43:05 PM
Subject: Re: [mailop] GMail Delisting
On Tue, Sep 11, 2018 at 2:13 PM Ángel wrote:
> On 2018-09-11 at 10:20 -0600, Dave Warren wrote:
> > In my experience attacks against webmail are quite uncommon, and also
> > can be mitigated with more flexible techniques than the SMTP protocol
> > offers.
>
> Maybe for bruteforcing attacks, but p
On 2018-09-11 at 10:20 -0600, Dave Warren wrote:
> In my experience attacks against webmail are quite uncommon, and also
> can be mitigated with more flexible techniques than the SMTP protocol
> offers.
Maybe for bruteforcing attacks, but phishing pages that attempt to grab
webmail credentials a
On Tue, Sep 11, 2018 at 10:37 AM Dave Warren wrote:
> On 2018-09-11 11:00, Mike Hammett wrote:
> > Most platforms have a password per account. Not a password per
> > account-service combination.
>
> Yes, and?
>
> This isn't an overnight switch or even possible on all platforms, but it
> is a viab
On 2018-09-11 11:00, Mike Hammett wrote:
Most platforms have a password per account. Not a password per
account-service combination.
Yes, and?
This isn't an overnight switch or even possible on all platforms, but it
is a viable way to move forward. Most of the major consumer platforms
(Googl
t: Tuesday, September 11, 2018 11:20:37 AM
Subject: Re: [mailop] GMail Delisting
On 2018-09-07 15:09, Jay Hennigan wrote:
> On 9/7/18 12:32 PM, Michael Peddemors wrote:
>
>> * Do you enforce 'tough' passwords?
>
> Most formula-based "tough" passwords are only &qu
On 2018-09-07 15:09, Jay Hennigan wrote:
On 9/7/18 12:32 PM, Michael Peddemors wrote:
* Do you enforce 'tough' passwords?
Most formula-based "tough" passwords are only "tough" for the legitimate
user, not an attacker.
Consider that with email protocols, this doesn't necessarily apply.
Whi
So then to circle back... is there any good way to solve this or does Google
just give people the middle finger?
-
Mike Hammett
Intelligent Computing Solutions
Midwest Internet Exchange
The Brothers WISP
- Original Message -
From: "Mike Hammett"
To: mailop@mailop.org
S
t; ?
-Original Message-
From: mailop On Behalf Of Michael Peddemors
Sent: Friday, September 7, 2018 3:05 PM
To: mailop@mailop.org
Subject: Re: [mailop] GMail Delisting
On 18-09-07 02:09 PM, Jay Hennigan wrote:
> On 9/7/18 12:32 PM, Michael Peddemors wrote:
>
>> *
On 18-09-07 02:09 PM, Jay Hennigan wrote:
On 9/7/18 12:32 PM, Michael Peddemors wrote:
* Do you enforce 'tough' passwords?
Most formula-based "tough" passwords are only "tough" for the legitimate
user, not an attacker.
Relevant XKCD: https://xkcd.com/936/
Well, statistically, the only t
tails.aspx?id=18275> ?
From: mailop On Behalf Of Mike Hammett
Sent: Friday, September 7, 2018 1:36 PM
Cc: mailop
Subject: Re: [mailop] GMail Delisting
I suppose I would then need something other than a blacklist alert to tell me
something is going on. ;-) I'll see if my mail platform ha
On 9/7/18 12:32 PM, Michael Peddemors wrote:
* Do you enforce 'tough' passwords?
Most formula-based "tough" passwords are only "tough" for the legitimate
user, not an attacker.
Relevant XKCD: https://xkcd.com/936/
--
Jay Hennigan - CCIE #7880 - Network Engineering - j...@impulse.net
Impuls
ssage -
From: "Paul Kincaid-Smith"
To: "Mike Hammett"
Cc: "Michael Peddemors" , "mailop"
Sent: Friday, September 7, 2018 3:29:00 PM
Subject: Re: [mailop] GMail Delisting
Mike Hammett,
> I don't know how much value outbound rate limiters have.
lt;https://www.linkedin.com/company/midwest-internet-exchange>
> <https://twitter.com/mdwestix>
> The Brothers WISP <http://www.thebrotherswisp.com/>
> <https://www.facebook.com/thebrotherswisp>
> <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg>
t;
The Brothers WISP <http://www.thebrotherswisp.com/>
<https://www.facebook.com/thebrotherswisp><https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg>
----------------
*From: *"Michael Peddemors"
*To: *mailop@mailop.org
*
Message -
From: "Michael Peddemors"
To: mailop@mailop.org
Sent: Friday, September 7, 2018 2:32:45 PM
Subject: Re: [mailop] GMail Delisting
The obvious question..
What are your per user outbound rate limiters set to?
If you get a compromised account, and allow it to send &#
ange
The Brothers WISP
- Original Message -
From: "Michael Peddemors"
To: mailop@mailop.org
Sent: Friday, September 7, 2018 2:32:45 PM
Subject: Re: [mailop] GMail Delisting
The obvious question..
What are your per user outbound rate limiters set to?
If you get a compromise
The obvious question..
What are your per user outbound rate limiters set to?
If you get a compromised account, and allow it to send 'a bunch' of
spam, you will have an ongoing problem.
Also, you should look at the obvious ways to reduce compromises.
* Are you enforcing TLS/SSL on all clients?
20 matches
Mail list logo
