Bas,
why should that make a difference if it was already proven that
changing the optimization level of the compiler fixes the issue, and
that it is probably a special corner case of hardened gcc3.4? I
suppose it has to do with it's stack protecting techniques etc.
2010/7/22 Bas Mevissen :
> On 0
On 07/22/2010 05:22 AM, Victor Duchovni wrote:
> On Wed, Jul 21, 2010 at 11:16:04PM +0200, Bas Mevissen wrote:
>
>
>> Can you try what happens if you replace at
>>
>> typedef struct LOCAL_STATE {
>> int level;/* nesting level, for logging */
>> DELIVER_ATTR msg_attr;/
Daniel V. Reinhardt put forth on 7/21/2010 2:06 PM:
> Your average joe doesn't need to be running servers, and if you want business
> class services and abilities then pay for it.
Class warfare and/or financial means arguments are invalid in this discussion.
> Bandwidth costs money. You can'
On Wed, Jul 21, 2010 at 11:16:04PM +0200, Bas Mevissen wrote:
> Can you try what happens if you replace at
>
> typedef struct LOCAL_STATE {
> int level;/* nesting level, for logging */
> DELIVER_ATTR msg_attr;/* message/recipient attributes */
> DELIVER_REQUEST *re
Charles Marcus put forth on 7/21/2010 7:46 AM:
> Jonathan Tripathy wrote:
>>> Port 25 outgoing will be blocked by most ISPs
>
>> This may be the case in your country, but from where I'm from, I've
>> never had a problem sending out on port 25, even on home residental
>> ISPs :)
>
> Any ISP that d
"Jonathan Tripathy" wrote:
>
>> Why should home users get business class services at a fraction of the cost?
>> It
>> is quite ignorant to think that.
>Allowing legal data to pass without being monitored, snooped upon, or
>blocked due to the "type" of traffic, is not just for business class
>s
Time of death on Thu, Jul 22: 01:57:34 UTC
END OF THREAD. Please? :-)
--
Sahil Tandon
Charles Marcus wrote:
As I mentioned before, if they really feel that blocking port 25 blocks
spam,
You aren't serious? It isn't a matter of 'feeling'. Blocking port 25 for
residential users blocks TONS of SPAMBOTNETS. This isn't theory or
guesswork, it is a simple fact. It also relievs a huge
Daniel V. Reinhardt wrote:
ISP's should be made responsible and accountable for what their users do. They
hold the rights to the IP Space in use at the time, and such any traffic that
goes over it should be logged for later analysis by authorities if a user is
found to be doing something ille
Why should home users get business class services at a fraction of the cost? It
is quite ignorant to think that.
Allowing legal data to pass without being monitored, snooped upon, or
blocked due to the "type" of traffic, is not just for business class
services.
Are you upset that you live in
Wietse Venema put forth on 7/21/2010 2:22 PM:
> Ram:
>> One server of ours just accepts the mails from clients and then relays
>> the mails to other servers.
>> Since there is almost no mail queued on the server , I think it is will
>> be good to mount /var/spool/postfix on a tmpfs partition.
>
Original-Nachricht
> Datum: Wed, 21 Jul 2010 22:23:06 +0200
> Von: Kai Krakow
> An: Postfix users
> Betreff: Re: postfix/local segfaults
> 2010/7/21 Wietse Venema :
> > That would be a compiler bug, possibly compiler version dependent.
>
> Yep, I'm sure it is. The postfix ebu
I tried, I really did, but I just have to respond to this...
Jonathan Tripathy wrote:
> an ISP should *never* monitor for abuse in the EU, and should
> *never* be made liable for what their customers do.
Correct - they should only be liable for abuse that they allow *their*
networks to relay from
Le Wed, 21 Jul 2010 13:36:08 -0700 (PDT),
"Daniel V. Reinhardt" a écrit :
> Only http and https and submission would be allowed. To help
> conserve the cost of bandwidth and to make more bandwidth available
> to people who want more.
You are driving consumers to that kind of access:
http://cult
Randy Ramsdell a écrit :
> mouss wrote:
>> Simone Caruso a écrit :
>>
>>> Il 19/07/2010 22:04, Jonathan Tripathy ha scritto:
>>>
On 19/07/10 18:07, Angelo Amoruso wrote:
> On 16/07/2010 10.10, Jonathan Tripathy wrote:
>
>> Hi Everyone,
>> I have set up
On 07/21/2010 10:23 PM, Kai Krakow wrote:
> 2010/7/21 Wietse Venema :
>> That would be a compiler bug, possibly compiler version dependent.
>
> Yep, I'm sure it is. The postfix ebuild from gentoo contains some
> evidence that hardened gcc 3.4 may be problematic. In case you are
> interested, follo
* Rod Dorman :
> Have we gone far enough off the topic of Postfix yet for this thread to
> be declared dead?
Yes, especially since this was about SSL attacks.
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hinde
On Wednesday, July 21, 2010, 16:36:08, Daniel V. Reinhardt wrote:
> ...
> ISP's should be made responsible and accountable for what their users
> do. They hold the rights to the IP Space in use at the time, and such
> any traffic that goes over it should be logged for later analysis by
> authorit
On 2010-07-21 Daniel V. Reinhardt wrote:
> ISP's should be made responsible and accountable for what their users
> do.
No, they shouldn't.
> They hold the rights to the IP Space in use at the time, and such any
> traffic that goes over it should be logged for later analysis by
> authorities if a
- Original Message
> From: Jonathan Tripathy
> To: postfix users
> Sent: Wed, July 21, 2010 8:23:31 PM
> Subject: Re: OT: ISP Blocking of port 25
>
>
> On 21/07/10 20:06, Daniel V. Reinhardt wrote:
> >
> >
> >
> > - Original Message
> >
> >> From: Ansgar Wiechers
I treid grey listng and don't use it because too many servers were not
re-sending the e-mail back asap. Alot did and there was no problem.
But some took up to a day to retry the message.
I remeber reading about DPSAM. Also going to look at amavisd-new and assp.
I like the idea of calling it a
2010/7/21 Wietse Venema :
> That would be a compiler bug, possibly compiler version dependent.
Yep, I'm sure it is. The postfix ebuild from gentoo contains some
evidence that hardened gcc 3.4 may be problematic. In case you are
interested, follow up bug report:
http://bugs.gentoo.org/show_bug.cgi?
On 21/07/10 20:06, Daniel V. Reinhardt wrote:
- Original Message
From: Ansgar Wiechers
To: postfix-users@postfix.org
Sent: Wed, July 21, 2010 12:51:34 PM
Subject: Re: OT: ISP Blocking of port 25
On 2010-07-21 Charles Marcus wrote:
[ lots of words ]
Charles, any ISP who restri
Ram:
> One server of ours just accepts the mails from clients and then relays
> the mails to other servers.
> Since there is almost no mail queued on the server , I think it is will
> be good to mount /var/spool/postfix on a tmpfs partition.
You will lose all mail in the queue when the system cr
Kai Krakow:
> Mystery solved:
>
> Adding "-O2" to CFLAGS (an "-Ox" parameter was missing) solved the problem.
> Seems to be an GCC issue. I don't know if postfix should compile and work fine
> without this or with another optimizer level.
It *should* work with all optimization levels. except for:
- Original Message
> From: Ansgar Wiechers
> To: postfix-users@postfix.org
> Sent: Wed, July 21, 2010 12:51:34 PM
> Subject: Re: OT: ISP Blocking of port 25
>
> On 2010-07-21 Charles Marcus wrote:
> [ lots of words ]
>
> Charles, any ISP who restricts network traffic (with or witho
Mystery solved:
Adding "-O2" to CFLAGS (an "-Ox" parameter was missing) solved the problem.
Seems to be an GCC issue. I don't know if postfix should compile and work fine
without this or with another optimizer level.
If someone wants to debug this further: The pointer to the problem is within
src
Crap - sorry, meant that to go private...
Ansgar Wiechers wrote:
> Charles, any ISP who restricts network traffic (with or without packet
> inspection) is clearly violating net neutrality. Period. I suggest you
> look up the term.
1. Net neutrality is simply a 'proposed' priniciple, its meaning is not
set in stone, and probably never will
On 2010-07-21 Charles Marcus wrote:
[ lots of words ]
Charles, any ISP who restricts network traffic (with or without packet
inspection) is clearly violating net neutrality. Period. I suggest you
look up the term.
There may be valid reasons for an ISP to do this, but that doesn't
change one thing
On Wed, Jul 21, 2010 at 06:39:07AM -0400, Wietse Venema wrote:
> > One server of ours just accepts the mails from clients and then relays
> > the mails to other servers.
> > Since there is almost no mail queued on the server , I think it is will
> > be good to mount /var/spool/postfix on a tmpfs
On 2010-07-21 11:16 AM, Gordan Bobic wrote:
>> If you want that level of service, upgrade to a service that
>> provides it, and that will be at least minimally monitored for
>> abuse (it is in the ISPs best interest to avoid getting their IP
>> addresses on blacklists).
> Absolute nonsense. There
> I beg to disagree. Blocking port 25 is a violation of Net Neutrality.
Ridiculous, net neutrality has nothing to do with service level
agreements. Residential service does not in any way, shape or form
equate to requiring full SMTP services to be able to run your own full
blown mail server, nor
mouss wrote:
Simone Caruso a écrit :
Il 19/07/2010 22:04, Jonathan Tripathy ha scritto:
On 19/07/10 18:07, Angelo Amoruso wrote:
On 16/07/2010 10.10, Jonathan Tripathy wrote:
Hi Everyone,
I have set up a mail server (on a VM) as per this article:
http://workaround.org/
On Wed, 2010-07-21 at 11:11 -0400, Charles Marcus wrote:
> Jonathan Tripathy wrote:
> > I beg to disagree. Blocking port 25 is a violation of Net Neutrality.
>
> Ridiculous, net neutrality has nothing to do with service level
> agreements. Residential service does not in any way, shape or form
> e
Jonathan Tripathy wrote:
>> Any ISP that does *not* block port 25 for residential service is a part
>> of the spam/zombie problem, and if yours doesn't, you should complain,
>> loudly if necessary, and encourage them to block it.
> Every ISP in the UK?
Every one that is not, at a bare minimum, cl
Ralf Hildebrandt:
> * Ansgar Wiechers :
>
> > The issue with this attack is that it might exhaust CPU resources on the
> > server without having to saturate the bandwidth, due to cryptographic
> > operations required by SSL.
>
> Correct.
>
> > And that it seems to use BitTorrent as a multiplicat
On 7/21/2010 9:06 AM, Stefano Villa wrote:
> Hi to all! I've a configuration file like this:
>
> smtp inet n - n - - smtpd
>-o content_filter=dfilt:
>
> and I have to *add* another listening port (TCP 37025).
> The line " -o content_filter=dfilt:" has the p
Hi to all! I've a configuration file like this:
smtp inet n - n - - smtpd
-o content_filter=dfilt:
and I have to *add* another listening port (TCP 37025).
The line " -o content_filter=dfilt:" has the purpose to add a
disclaimer to all my outgoing emails.
If
* Ansgar Wiechers :
> The issue with this attack is that it might exhaust CPU resources on the
> server without having to saturate the bandwidth, due to cryptographic
> operations required by SSL.
Correct.
> And that it seems to use BitTorrent as a multiplicator, so it doesn't
> require a botnet
On 2010-07-21 Daniel V. Reinhardt wrote:
>> From: Ralf Hildebrandt
>> To: postfix-users@postfix.org
>> Sent: Wed, July 21, 2010 5:00:16 AM
>> Subject: Is such an SSL attack possible against Postfix?
>>
>> http://blog.fefe.de/?ts=b2b8f9f8
>> sorry, it's in german. I'll translate some bits:
>>
>>
Jonathan Tripathy wrote:
>> Port 25 outgoing will be blocked by most ISPs
> This may be the case in your country, but from where I'm from, I've
> never had a problem sending out on port 25, even on home residental
> ISPs :)
Any ISP that does *not* block port 25 for residential service is a part
o
- Original Message
> From: Ralf Hildebrandt
> To: postfix-users@postfix.org
> Sent: Wed, July 21, 2010 5:00:16 AM
> Subject: Is such an SSL attack possible against Postfix?
>
> http://blog.fefe.de/?ts=b2b8f9f8
> sorry, it's in german. I'll translate some bits:
>
> Sombody went to To
Jonathan Tripathy wrote:
>> Port 25 outgoing will be blocked by most ISPs
> This may be the case in your country, but from where I'm from, I've
> never had a problem sending out on port 25, even on home residental
> ISPs :)
Any ISP that does *not* block port 25 for residential service is a part
o
Ram:
> One server of ours just accepts the mails from clients and then relays
> the mails to other servers.
> Since there is almost no mail queued on the server , I think it is will
> be good to mount /var/spool/postfix on a tmpfs partition.
>
> The machine ( linux Centos 5.4 + postfix 2.7 ) ha
On Wed, 2010-07-21 at 10:02 +0100, Jonathan Tripathy wrote:
> Port 25 outgoing will be blocked by most ISPs
> --
>
> This may be the case in your country, but from where I'm from, I've
> never had a problem sending out on port 25, ev
Port 25 outgoing will be blocked by most ISPs
---
This may be the case in your country, but from where I'm from, I've never had a
problem sending out on port 25, even on home resid
http://blog.fefe.de/?ts=b2b8f9f8
sorry, it's in german. I'll translate some bits:
Sombody went to Torrent trackers and announced blog.fefe.de:443 as
Torrent client (for a really popular download I guess).
Thus, blog.fefe.de:443 got flooded with torrent-client traffic on the
SSL port.
Port 25 out
Thanks for the help all! Now I see that because the e-mail is rejected
during the connection phase the mails never were send in the first place.
And because of this the mail delivery failure is only received by the one
who originally send it, even if he spoofed a domain. I thought these
'mail deliv
On Wed, 2010-07-21 at 08:47 +0200, Aniruddha wrote:
> When somebody emails to a non-existing
> e-mail address postfix bounces these by default with a "Recipient
> address rejected: User unknown in local recipient" error. I wonder
> what the appropriate behavior is. To discard emails for unknow, use
On 2010-07-21 Aniruddha wrote:
> When somebody emails to a non-existing e-mail address postfix bounces these
> by default with a "Recipient address rejected: User unknown in local
> recipient" error.
No. Postfix REJECTS them with a "User unknown in local recipient table"
error. Rejection takes pla
51 matches
Mail list logo
