On 2006/08/11 19:39, Joachim Schipper wrote:
> As Sigfred pointed out to me privately, of course, GnuPG also leaks this
> information. Still, STARTTLS shouldn't be used for privacy.
They're complementary. STARTTLS is one way to keep sender/rcpt
information a little further away from people who lik
On Fri, Aug 11, 2006 at 06:21:36PM +0200, Joachim Schipper wrote:
> On Fri, Aug 11, 2006 at 03:07:01PM +0200, knitti wrote:
> > On 8/10/06, Will H. Backman <[EMAIL PROTECTED]> wrote:
> > >Darrin Chandler wrote:
> > if you just wan't to have MUAs talk to your exchange, and don't want to use
> > STAR
On Fri, Aug 11, 2006 at 03:07:01PM +0200, knitti wrote:
> On 8/10/06, Will H. Backman <[EMAIL PROTECTED]> wrote:
> >Darrin Chandler wrote:
> if you just wan't to have MUAs talk to your exchange, and don't want to use
> STARTTLS, rdr the Exchange server to port 587 or 465 with pf. If you *want*
> to
* Bob Beck <[EMAIL PROTECTED]> [2006-08-11 08:23]:
> Speaking as someone who does this, for the truly big university
> there are a lot of clueless idiots...
Gee, although I suppose I should use my openbsd.org address when
giving such advice. Let me rephase - At most universities oth
> For those servicing larger networks such as universities' ResNets or
> campus networks, using a mandatory smarthost can be an excellent
> detection tool to see which users/stations need to end up in a
> quarantine.
>
> Granted, the largest customer base for this sort of thing are likely
> to be
On 8/10/06, Will H. Backman <[EMAIL PROTECTED]> wrote:
Darrin Chandler wrote:
> However, if the connecting party *requires* TLS then it would have a
> problem with spamd. Is that the trouble you're having?
>
>
Yes. I'm protecting a Microsoft Exchange server with spamd on an
openbsd bridge. Beca
On Thu, Aug 10, 2006 at 04:06:38PM -0600, Bob Beck wrote:
> > Also, while STARTTLS does have its merits, it's still better suited for
> > handling MTA authentication than protecting user data - use GPG for the
> > latter.
>
> STARTTLS opportunistically between MTA's is wonderful for
> making
On 8/10/06, Joachim Schipper <[EMAIL PROTECTED]> wrote:
> Keep a few sanity checks (e.g. no more than X recipients for a message
> or no more than 100 messages a minute)
This also helps against compromised boxes - i.e., it limits the damage.
So it's generally a good idea to have some limit.
> Also, while STARTTLS does have its merits, it's still better suited for
> handling MTA authentication than protecting user data - use GPG for the
> latter.
STARTTLS opportunistically between MTA's is wonderful for
making shit like Carnivore unusable. The Government should not be
able to
> Yes. I'm protecting a Microsoft Exchange server with spamd on an
> openbsd bridge. Because Microsoft Outlook uses Microsoft's way of
> having MUAs talk to MTAs, there is no problem there.
> I also enabled IMAPS (port 993) and SMTP-TLS (port 25) on the Exchange
> Server so that normal mail cl
Completely correct. spamd does not do TLS. It doesn't
need to. since starttls will fail the mailer will fall back anyway.
* Will H. Backman <[EMAIL PROTECTED]> [2006-08-10 07:58]:
> Am I correct in assuming that spamd and TLS on port 25 don't get along?
>
> -- Will
>
--
| | |
On Thu, Aug 10, 2006 at 09:48:25PM +0200, Rogier Krieger wrote:
> On 8/10/06, Joachim Schipper <[EMAIL PROTECTED]> wrote:
> >Note that at least Postfix has an independent greylisting implementation
>
> True and these implementations may even be quite nice. I never felt
> much of a need to try it o
On 8/10/06, Joachim Schipper <[EMAIL PROTECTED]> wrote:
Note that at least Postfix has an independent greylisting implementation
True and these implementations may even be quite nice. I never felt
much of a need to try it out after having setup spamd.
Both are likely to work with STARTTLS; s
From: [EMAIL PROTECTED]
> Note that at least Postfix has an independent greylisting
> implementation
> (postgrey); I'm fairly sure it's not the only one, and also
> fairly sure
> that there is a piece of code matching /milter/ and /grey/ around.
http://www.greylisting.org/implementations/sendma
On Thu, Aug 10, 2006 at 06:13:07PM +0200, Rogier Krieger wrote:
> On 8/10/06, Will H. Backman <[EMAIL PROTECTED]> wrote:
> >Because I require TLS and SMTP-AUTH for relaying purposes, I'm in a
> >bind. My real problem is getting Exchange to do SMTP-TLS on a different
> >port, so this is really a non
On 8/10/06, Will H. Backman <[EMAIL PROTECTED]> wrote:
Because I require TLS and SMTP-AUTH for relaying purposes, I'm in a
bind. My real problem is getting Exchange to do SMTP-TLS on a different
port, so this is really a non-openbsd issue.
Perhaps you'd benefit from a solution of shielding your
Darrin Chandler wrote:
On Thu, Aug 10, 2006 at 09:39:56AM -0400, Will H. Backman wrote:
Am I correct in assuming that spamd and TLS on port 25 don't get along?
-- Will
Remember that you get *either* spamd *or* your MTA. So there's no
getting along to deal with.
However, if the connec
On Thu, Aug 10, 2006 at 09:39:56AM -0400, Will H. Backman wrote:
> Am I correct in assuming that spamd and TLS on port 25 don't get along?
>
> -- Will
Remember that you get *either* spamd *or* your MTA. So there's no
getting along to deal with.
However, if the connecting party *requires* TLS the
On 8/10/06, Will H. Backman <[EMAIL PROTECTED]> wrote:
Am I correct in assuming that spamd and TLS on port 25 don't get along?
Given a mail server (or MUA) that is configured to require TLS on a
port it connects to, it will likely have a problem with any other end
not offering TLS capability. T
19 matches
Mail list logo
