Hello
I have to setup a "secured" email server
- encrypted filesystem
- SSL or TLS only for SMTP and IMAPS
- Talking only to some known other same-secured servers
Any info/links welcome !
Please do not start some flame war around this !
I've been ordered to set up such server and I KNOW there
He made the same claim, however, but never backed it up. How are you
reaching your conclusion?
Because this only mentions A records and IPv4 prefixes?
http://www.openspf.org/SPF_Record_Syntax#mx
Quick testing:
m...@staticsafe.ca -> @gmail.com account
Received-SPF: pass (google.com: domain of
On Tue, Oct 22, 2013 at 10:58:46AM -0400, Wietse Venema wrote:
> > Fingerprinting the leaf certificate will work until the next time
> > they deploy a new leaf certificate without notifying you in advance.
> > This is because fingerprint security does not rely on a valid chain
> > of signatures fr
Viktor Dukhovni:
> On Tue, Oct 22, 2013 at 11:07:07AM +0200, Tobias Reckhard wrote:
>
> > Maybe fingerprinting would work, though. I'll give it a shot on a test
> > system. Thanks for the suggestion.
>
> Fingerprinting the leaf certificate will work until the next time
> they deploy a new leaf ce
On Tue, Oct 22, 2013 at 11:01:22AM +0200, Tobias Reckhard wrote:
> > The most recent patch levels
> > of Postfix 2.7, 2.8, 2.9 and 2.10 have support for SHA256 turned for
> > SSL/TLS.
>
> postfix 2.8.5 is available as a backport for Ubuntu 10.04 LTS. I've
> suggested upgrading to that, since it
On Tue, Oct 22, 2013 at 11:07:07AM +0200, Tobias Reckhard wrote:
> Maybe fingerprinting would work, though. I'll give it a shot on a test
> system. Thanks for the suggestion.
Fingerprinting the leaf certificate will work until the next time
they deploy a new leaf certificate without notifying you
On Tue, Oct 22, 2013 at 01:15:06PM +0300, Deniss wrote:
> > So this is definitely a version of the broken Windows TLS ciphersuite
> > problem. If you must use TLS with this server, disable TLSv1.2
> > and 3DES, allow medium grade ciphers (i.e. RC4) and make sure your
> > policy tables, ... are po
On 10/22/2013 8:41 AM, btb wrote:
> On 2013.10.21 17.54, Noel Jones wrote:
>> On 10/21/2013 3:53 PM, btb wrote:
>>> i have a scenario in which certain email is sent using envelope
>>> senders that contain host names that are known only on the local
>>> lan/network, and unknown on the internet. mos
On 2013.10.21 17.54, Noel Jones wrote:
> On 10/21/2013 3:53 PM, btb wrote:
>> i have a scenario in which certain email is sent using envelope
>> senders that contain host names that are known only on the local
>> lan/network, and unknown on the internet. most mail expressing that
>> characteristic
Jose Borges Ferreira:
> On Mon, Oct 21, 2013 at 4:40 PM, Wietse Venema wrote:
> > I don't have time for that full analysis, but it looks like
> > internal_mail_filter_classes=bounce can be safe (more on that at
> > the end of this email).
>
> So, can I assume that is safe as long as the Milter se
On Mon, Oct 21, 2013 at 4:40 PM, Wietse Venema wrote:
> I don't have time for that full analysis, but it looks like
> internal_mail_filter_classes=bounce can be safe (more on that at
> the end of this email).
So, can I assume that is safe as long as the Milter server don't block
the email ?
> Wh
On 2013.10.21. 23:31, Viktor Dukhovni wrote:
>
> Once again after the handshake completes.
>
> When I try:
>
> $ posttls-finger -t30 -T 180 -c -Ldebug "[mail.co.inbox.lv]"
> posttls-finger: initializing the client-side TLS engine
> posttls-finger: Connected to mail.co.inbox.lv[195.
Viktor Dukhovni wrote the following on 21.10.2013 17:21:
> On Mon, Oct 21, 2013 at 10:07:13AM -0500, Noel Jones wrote:
>> Looks as if they use a private root CA. Probably the easiest fix is
>> to use "fingerprint" verification. See:
>> http://www.postfix.org/postconf.5.html#smtp_tls_policy_maps
>
Viktor Dukhovni wrote the following on 21.10.2013 17:30:
> This organization uses SHA256 signatures for their certificates, even
> though these are not widely supported.
Ah, OK, thanks for the explanation.
> The most recent patch levels
> of Postfix 2.7, 2.8, 2.9 and 2.10 have support for SHA256
14 matches
Mail list logo
