[ Original openssl-users thread subject:
openssl update 1.0.1f to 1.0.1g broke sendmail ... ]
In a thread on the openssl-users list there is a report of an
upgrade to OpenSSL 1.0.1g (to deal with "Heartbleed") causing one
Sendmail system delivery problems to a few sites. This is more
noticeabl
Limit the number of destinations (recipients) allowed in an e-mail.
Limit the number of e-mails per minute or half minute or whatever
frequency you observe as their pattern.
Put in a SPAM filter on outgoing mail and drop SPAM.
Block repeated violations from from 1 IP.
Just lock them out for a
Wietse Venema wrote:
OpenSSL versions prior to 1.0.1 don't
have the hearbeat feature and have never been affected by this bug.
ii openssl
0.9.8o-4squeeze14 Secure Socket
Layer (SSL) binary and related crypto
On Thu, Apr 10, 2014 at 05:24:54PM -0600, LuKreme wrote:
> > No, the DKIM spec makes no allowance for signature delimiters. If
> > the body is modified beyond adding removing whitespace (with relaxed
> > canonicalization) the DKIM check fails.
>
> That seems like a bug in the implementation of D
On April 10, 2014 7:24:54 PM EDT, LuKreme wrote:
>
>On 10 Apr 2014, at 17:01 , Viktor Dukhovni
>wrote:
>
>> On Fri, Apr 11, 2014 at 12:57:54AM +0200, li...@rhsoft.net wrote:
>>
That said, I thought DKIM ignored everything after the signature
delimiter, so if the lists attach the footer
On 10 Apr 2014, at 17:01 , Viktor Dukhovni wrote:
> On Fri, Apr 11, 2014 at 12:57:54AM +0200, li...@rhsoft.net wrote:
>
>>> That said, I thought DKIM ignored everything after the signature
>>> delimiter, so if the lists attach the footer *properly* it shouldn?t
>>> be an issue
>
> No, the DKIM
A few things you can do:
1. Many spammers can switch their IP address but you should blacklist any ip
that signs up for an account and spam, it will slow them down at least
2. The 100 cap per day is a good idea but I'd lower it to 5 messages a day,
increasing by a couple messages cap per week.
Believe me, this is everything but spam-related. It's mostly .org and
.edu/.gov kind of mailings (non-profit), but quite a lot of them at
one time. I've seen postfix moments like this quite a lot recently:
Incoming: 6991
Active: 2
Deferred: 7897
Bounced: 2319
Hold: 0
Corrupt: 0
I had to employ
On Fri, Apr 11, 2014 at 12:57:54AM +0200, li...@rhsoft.net wrote:
> > That said, I thought DKIM ignored everything after the signature
> > delimiter, so if the lists attach the footer *properly* it shouldn?t
> > be an issue
No, the DKIM spec makes no allowance for signature delimiters. If
the bo
Am 11.04.2014 00:53, schrieb LuKreme:
>
> On 10 Apr 2014, at 09:08 , Viktor Dukhovni wrote:
>
>> On Thu, Apr 10, 2014 at 06:03:51AM -0400, Miles Fidelman wrote:
>>
>>> I'm sure at least some of you have been bitten by the debacle associated
>>> with Yahoo turning on strict DMARC enforcement (p
On 10 Apr 2014, at 09:08 , Viktor Dukhovni wrote:
> On Thu, Apr 10, 2014 at 06:03:51AM -0400, Miles Fidelman wrote:
>
>> I'm sure at least some of you have been bitten by the debacle associated
>> with Yahoo turning on strict DMARC enforcement (particularly any of you who,
>> like me, manage a
On 10 Apr 2014, at 07:58 , Marcin Szymonik wrote:
> Hello,
>
> We run a free accounts mail server (like gmail) and we struggle with the
> outgoing spam problem.
> Spammers abuse our service by creating accounts and then sending out spam.
>
> It is very easy and free to create an account and w
On Apr 9, 2014, at 9:17 PM, Viktor Dukhovni wrote:
> On Thu, Apr 10, 2014 at 02:38:32AM +, Rob Tanner wrote:
>
>> The policyd daemon is a perfect tool for setting quotas (i.e., number
>> of message per hour, day, etc). The problem is that we depend
>> heavily of Postfix's extraordinary abi
On Thu, Apr 10, 2014 at 06:03:51AM -0400, Miles Fidelman wrote:
> I'm sure at least some of you have been bitten by the debacle associated
> with Yahoo turning on strict DMARC enforcement (particularly any of you who,
> like me, manage a list server).
One option is to do what the Postfix-users li
As accounts are free and you can easily create tens of them, per account
limits don't solve the problem.
Most free mail service providers allow their users to send through SMTP and
we would prefer to do that as well.
Content based filtering may be the way to go indeed - thank you for pointing
it.
On 10/04/2014 14:58, Marcin Szymonik wrote:
Hello,
We run a free accounts mail server (like gmail) and we struggle with
the outgoing spam problem.
Spammers abuse our service by creating accounts and then sending out
spam.
It is very easy and free to create an account and we want it to stay
On Thu, Apr 10, 2014 at 12:14 AM, James Cloos wrote:
>> "AD" == Arthur Dent writes:
>
> AD> I don't want postfix to do anything other than deliver to procmail.
>
> Postfix works fine here for that.
>
> I use, in main.cf:
>
> mailbox_command = /usr/bin/procmail -pt
>
> and, in .fetchmailrc:
Hello,
We run a free accounts mail server (like gmail) and we struggle with the
outgoing spam problem.
Spammers abuse our service by creating accounts and then sending out spam.
It is very easy and free to create an account and we want it to stay that
way so blocking or removing spammers acco
The Heartbleed bug allows a remote attacker to read chunks of memory
from a vulnerable TLS CLIENT PROCESS (e.g., smtp(8)) or TLS SERVER
PROCESS (e.g., smtpd(8)). OpenSSL versions prior to 1.0.1 don't
have the hearbeat feature and have never been affected by this bug.
You can use forward secrecy t
Am 10.04.2014 12:47, schrieb Robert Schetterer:
> Am 10.04.2014 12:03, schrieb Miles Fidelman:
>> Hi Folks,
>>
>> I'm sure at least some of you have been bitten by the debacle associated
>> with Yahoo turning on strict DMARC enforcement (particularly any of you
>> who, like me, manage a list server
Am 10.04.2014 12:03, schrieb Miles Fidelman:
> Hi Folks,
>
> I'm sure at least some of you have been bitten by the debacle associated
> with Yahoo turning on strict DMARC enforcement (particularly any of you
> who, like me, manage a list server).
yes with listserver mailman, had to upgrade to ver
Hi Folks,
I'm sure at least some of you have been bitten by the debacle associated
with Yahoo turning on strict DMARC enforcement (particularly any of you
who, like me, manage a list server).
Which leads to a question: Any suggestions for how to validate a DKIM
signature, and apply an Origin
On 10 Apr 2014, at 08:14, lst_ho...@kwsoft.de wrote:
> I still wonder why OpenSSL does not use the memory wipe before free, is it a
> performance killer or a feature?
I imagine the OpenSSL developers didn't think this was necessary when they
first started on the code 10-15 years ago and that in
Zitat von Viktor Dukhovni :
On Wed, Apr 09, 2014 at 05:54:33PM -0400, Victoriano Giralt wrote:
I'd like to 'hear' Wietse's and Victor's opinion on how could
this nasty bug affect a TLS service like submission?
In pretty much the same way that it applies to web services.
* SSL/TLS Private
24 matches
Mail list logo
