Re: Blocking LinkedIn 'Intro' mail hijacking?

On 25 October 2013 16:34, Charles Marcus wrote: > Not according to this (from the second paragraph of the linked article): > > "Once you install the Intro app, all of your emails, both sent and > received, are transmitted via LinkedIn’s servers. LinkedIn is forcing all > your IMAP and SMTP data

Re: Blocking LinkedIn 'Intro' mail hijacking?

On 10/25/2013 3:34 PM, Charles Marcus wrote: > On 2013-10-25 4:28 PM, Harald Koch wrote: >> On 25 October 2013 14:42, Charles >> Marcus > > wrote: >> >> Whether it is iOS specific or not (apparently it is, at least >> for the time being, iOS specific), it

Re: Blocking LinkedIn 'Intro' mail hijacking?

On 2013-10-25 4:28 PM, Harald Koch wrote: On 25 October 2013 14:42, Charles Marcus > wrote: Whether it is iOS specific or not (apparently it is, at least for the time being, iOS specific), it also applies to the smtp connection to my *postfix* serve

Re: Blocking LinkedIn 'Intro' mail hijacking?

On 2013-10-25 4:17 PM, Viktor Dukhovni wrote: You've been on this list long enough to know that verbatim restriction definitions don't belong in master.cf: master.cf: submission inet n ... smtpd -o smtpd_client_restrictions=$submission_client_restrictions main.cf:

Re: Blocking LinkedIn 'Intro' mail hijacking?

On 25 October 2013 14:42, Charles Marcus wrote: > Whether it is iOS specific or not (apparently it is, at least for the time > being, iOS specific), it also applies to the smtp connection to my > *postfix* server, so I disagree that it is OT. > > Apparently it is not a hoax, so the question remai

Re: Blocking LinkedIn 'Intro' mail hijacking?

On Fri, Oct 25, 2013 at 04:07:11PM -0400, Charles Marcus wrote: > But should this check go directly on the submission service, ie: > > submission inet n - n - - smtpd > -o syslog_name=postfix-587 -o smtpd_tls_security_level=encrypt > -o smtpd_tls_auth_only=y

Re: Blocking LinkedIn 'Intro' mail hijacking?

On 2013-10-25 3:41 PM, Viktor Dukhovni wrote: On Fri, Oct 25, 2013 at 02:21:11PM -0500, Noel Jones wrote: 1. block all *.linkedin.com clients BEFORE any permit_sasl_authenticated statement. This will also have the effect of blocking all incoming linkedin mail. That may be a little too strict

Re: Blocking LinkedIn 'Intro' mail hijacking?

On 2013.10.25 14:21:11 -0500, Noel Jones wrote: > > Apparently it is not a hoax, so the question remains, for those of > > us who do not have the enterprise tools to lock down iPhones and > > iPads, what is the best/most reliable way to simply block LinkedIn > > from being able to successfully conn

Re: Blocking LinkedIn 'Intro' mail hijacking?

On Fri, Oct 25, 2013 at 02:21:11PM -0500, Noel Jones wrote: > 1. block all *.linkedin.com clients BEFORE any > permit_sasl_authenticated statement. This will also have the effect > of blocking all incoming linkedin mail. That may be a little too > strict for some folks, or maybe just fine with ot

Re: Blocking LinkedIn 'Intro' mail hijacking?

On Sat, Oct 26, 2013, at 06:21 AM, Noel Jones wrote: > 1. block all *.linkedin.com clients BEFORE any > permit_sasl_authenticated statement. This will also have the effect > of blocking all incoming linkedin mail. That may be a little too > strict for some folks, or maybe just fine with others. >

Re: Blocking LinkedIn 'Intro' mail hijacking?

On 10/25/2013 1:42 PM, Charles Marcus wrote: > On 2013-10-25 1:29 PM, Titanus Eramius wrote: >> Well, if the app is not installed, it might solve the problem. Other >> than that, I think this is a bit off-topic for Postfix, since it only >> applys to Apples hand-held devices. > > Whether it is iO

Re: Blocking LinkedIn 'Intro' mail hijacking?

On 2013-10-25 1:29 PM, Titanus Eramius wrote: Well, if the app is not installed, it might solve the problem. Other than that, I think this is a bit off-topic for Postfix, since it only applys to Apples hand-held devices. Whether it is iOS specific or not (apparently it is, at least for the ti

Re: Blocking LinkedIn 'Intro' mail hijacking?

On 25 Oct 2013 18:54, "Charles Marcus" wrote: > > Hello, > > I'm really hoping this is either a hoax or I'm seriously misunderstanding something... > > If it is true, how can they legally do this? And more importantly, how can SASL_AUTH attempts be blocked? Maybe block all SASL attempts from Linke

Re: Blocking LinkedIn 'Intro' mail hijacking?

Fri, 25 Oct 2013 12:53:08 -0400 skrev Charles Marcus : > "Once you install the Intro app" Well, if the app is not installed, it might solve the problem. Other than that, I think this is a bit off-topic for Postfix, since it only applys to Apples hand-held devices. Cheers, Titanus

Blocking LinkedIn 'Intro' mail hijacking?

Hello, I'm really hoping this is either a hoax or I'm seriously misunderstanding something... If it is true, how can they legally do this? And more importantly, how can SASL_AUTH attempts be blocked? Maybe block all SASL attempts from LinkedIn networks? Anyway, article here: http://www.bi

Re: postfix access map for sasl authenticated users

Rudy Gevaert: > Hello, > > I was wondering if I could add a access map (to deny access in fact) for > specific sasl authenticated users? Adding check_sasl_sender_access support would not be difficult. It just hasn't been done yet. > E.g. even if the login succeeds that user can't send email. Y

Re: postfix access map for sasl authenticated users

Rudy Gevaert skrev den 2013-10-25 16:44: I was wondering if I could add a access map (to deny access in fact) for specific sasl authenticated users? remove users is not solution ?

postfix access map for sasl authenticated users

Hello, I was wondering if I could add a access map (to deny access in fact) for specific sasl authenticated users? E.g. even if the login succeeds that user can't send email. I couldn't find anything in the docs, but maybe I'm looking in the wrong place. Thanks, Rudy

Re: secure email server

> - encrypted filesystem > - SSL or TLS only for SMTP and IMAPS > - Talking only to some known other same-secured servers > *Thank you for any infos* If you really need security, do not forget to use a safe source for your mailrouting information (e.g. ipaddresses or *really* secured dns - do not

Re: mynetworks in mysql database

Wietse Venema: > Rune Elvemo: > > Den 25. okt. 2013 11:30, skrev Mikael Bak: > > > Hi, > > > > > > On 10/25/2013 09:48 AM, Rune Elvemo wrote: > > >> Does anyone know how to use a mysql database for mynetworks? > > >> We did manage to use it to match a single ip address, but is there a way > > >> t

Re: mynetworks in mysql database

Rune Elvemo: [ Charset ISO-8859-1 unsupported, converting... ] > Den 25. okt. 2013 11:30, skrev Mikael Bak: > > Hi, > > > > On 10/25/2013 09:48 AM, Rune Elvemo wrote: > >> Does anyone know how to use a mysql database for mynetworks? > >> We did manage to use it to match a single ip address, but is

Re: mynetworks in mysql database

Den 25. okt. 2013 11:30, skrev Mikael Bak: Hi, On 10/25/2013 09:48 AM, Rune Elvemo wrote: Does anyone know how to use a mysql database for mynetworks? We did manage to use it to match a single ip address, but is there a way to match entire networks? That can be done at the sql level. See mysq

Re: mynetworks in mysql database

Hi, On 10/25/2013 09:48 AM, Rune Elvemo wrote: > Does anyone know how to use a mysql database for mynetworks? > We did manage to use it to match a single ip address, but is there a way to > match entire networks? > That can be done at the sql level. See mysql functions "INET_ATON" and "INET_NTOA

Re: Relay Access Denied

On 25/10/2013 09:19, Simon B wrote: This also assumes the OP has set up the DNS correctly. And if he's having trouble understanding how to fix relay access denied, I would suspect not, but I'll be happy to be wrong. I suspect he has, as he showed extracts of his logs showing the mails hittin

Re: Relay Access Denied

On 25 Oct 2013 09:51, "Mark Goodge" wrote: > > On 24/10/2013 23:50, Tim Legg wrote: >> >> Hello, >> I'm not tring to do virtual domains. Just trying to get it to work with >> just one domain. This time, I used this guide: >> https://help.ubuntu.com/12.04/serverguide/postfix.html >> I can telnet

Re: Relay Access Denied

On 24/10/2013 23:50, Tim Legg wrote: Hello, I'm not tring to do virtual domains. Just trying to get it to work with just one domain. This time, I used this guide: https://help.ubuntu.com/12.04/serverguide/postfix.html I can telnet to my machine just fine on port 25. I tried to send an e-mail fr

mynetworks in mysql database

Does anyone know how to use a mysql database for mynetworks? We did manage to use it to match a single ip address, but is there a way to match entire networks? --- Rune Elvemo