Thats why its important to define which security goal your setup has.
If you really want to PGP-encrypt your mails at receive, you can do it with
Ciphermail:
https://www.ciphermail.com/
Ciphermail is implemented as a SMTP proxy, so you just feed postfix's
smtp-client into ciphermail and then h
> Jun 1 11:00:21 thismachine postfix/local[31382]: 7668220035F:
> to=, relay=local, delay=0.08,
> delays=0.06/0.01/0/0, dsn=2.0.0, status=sent (forwarded as 8374A20020A)
> Jun 1 11:00:21 thismachine postfix/smtp[31351]: 8374A20020A:
> to=, orig_to=,
> relay=master...@domain.com:25, delay=0.06
On 6/2/2015 6:43 PM, ts yrtrt wrote:
> I'm moving off of shared hosting to a VPS and am building up a
> Postfix server for it.
>
> I read through the docs on layers of security & protection against
> spam, viruses, and garbage in general.
>
> I decided to deploy postscreen + sender & recipient he
I'm moving off of shared hosting to a VPS and am building up a Postfix
server for it.
I read through the docs on layers of security & protection against spam,
viruses, and garbage in general.
I decided to deploy postscreen + sender & recipient header checks + DKIM
signing/verification, ClamAV & S
On 2015-06-03 01:16, Sebastian Nielsen wrote:
> If you only are worried by backups or other copies that might come in
> the wrong hands, and not someone directly accessing the server, I would
> suggest setting up a encrypted storage in the server. Since VPS/VM in
> many times give you root access,
I would suggest using Ciphermail / Djigzo for this.
But I think you are solving your problem in a very incorrect way. Since the
hosting company do have access to the VM, they could easy listen on the
memory before the mail is encrypted, just after it has been decrypted by the
TLS handler.
If
--On Tuesday, June 02, 2015 5:26 PM -0400 Wietse Venema
wrote:
Quanah Gibson-Mount:
--On Tuesday, March 17, 2015 12:00 PM -0700 Quanah Gibson-Mount
wrote:
> Hi Viktor,
>
> We've been able to start testing this patch. So far, it is working as
> expected.
It has continued to hold up throug
Hello Everyone,
Thank you for your help. It appears that the problem was my
myorigin setting. When it was changed from
myorigin = $mydomain
to
myorigin = $myhostname
..the .forward file worked as expected.
If I am deluding myself that this is the answer to my problem and that I
have
not cau
Hello,
my Postfix server is running as a VM in a hosted (untrusted)
environment. In theory, the data on the server (i.e. my emails) could be
on some backup tape, or copies could be lying around in the datacenter.
Some of my emails are encrypted (people send me encrypted emails) but
most are not.
On 06/02/2015 11:42 AM, Daniele Nicolodi wrote:
On 02/06/15 22:45, Sharon Stahl wrote:
My problem is that when the .forward file only has just "username",
"thismachine" does not check the aliases file to see that it is the
machine that
keeps mail for that user. It adds @domain to the name and s
On 02/06/15 22:45, Sharon Stahl wrote:
> My problem is that when the .forward file only has just "username",
> "thismachine" does not check the aliases file to see that it is the
> machine that
> keeps mail for that user. It adds @domain to the name and sends it off to
> our main NIS machine that
On 06/01/2015 01:27 PM, Wietse Venema wrote:
Sharon Stahl:
Hi Wietse,
I came back to work and did a lot of testing but adding $mydomain to
the mydestination definition made no difference with the .forward file
only having
a username causing a mail loop. Error in maillog appears to indic
Quanah Gibson-Mount:
> --On Tuesday, March 17, 2015 12:00 PM -0700 Quanah Gibson-Mount
> wrote:
>
>
> > Hi Viktor,
> >
> > We've been able to start testing this patch. So far, it is working as
> > expected.
>
> It has continued to hold up through more extensive testing. Will this make
> it
--On Tuesday, March 17, 2015 12:00 PM -0700 Quanah Gibson-Mount
wrote:
Hi Viktor,
We've been able to start testing this patch. So far, it is working as
expected.
It has continued to hold up through more extensive testing. Will this make
it into Postfix 3.1 or the next 3.0 release?
Tha
On Tue, Jun 2, 2015 at 12:13 PM, Wietse Venema wrote:
> francis picabia:
>> A remaining concern is bypassing the content_filter
>>
>> I've scanned through http://www.postfix.org/FILTER_README.html
>> and googled this issue.
>>
>> I think I'd understand the FILTER documentation better
>> with a rea
francis picabia:
> A remaining concern is bypassing the content_filter
>
> I've scanned through http://www.postfix.org/FILTER_README.html
> and googled this issue.
>
> I think I'd understand the FILTER documentation better
> with a real example.
>
> Let's say I want everything to go through the
A remaining concern is bypassing the content_filter
I've scanned through http://www.postfix.org/FILTER_README.html
and googled this issue.
I think I'd understand the FILTER documentation better
with a real example.
Let's say I want everything to go through the content filter unless
it comes from
> It turns downgrade attacks into denial of service. DANE-enabled
> clients do not deliver mail in cleartext to servers with published
> TLSA RRs.
Thanks, Victor. Should have re-read TLS_README before asking.
> DO NOT publish stale TLSA records!!!
Errm? No I didn't.
On Tue, Jun 2, 2015 at 2:33 AM, furio ercolessi wrote:
>
> Their recommended setting is
>
> reject_rhsbl_client dbl.spamhaus.org=127.0.1.[2..99],
> reject_rhsbl_sender dbl.spamhaus.org=127.0.1.[2..99],
> reject_rhsbl_helo dbl.spamhaus.org=127.0.1.[2..99]
>
> Return code
On Tue, Jun 02, 2015 at 03:55:07PM +0200, Olaf Schreck wrote:
> Slightly OT: These slides
>
> > https://ripe68.ripe.net/presentations/253-DANEs_don%27t_lie-20140512.pdf
>
> state on page 26: "DANE TLSA Benefits: prevents STARTTLS "downgrade" attacks"
>
> I'm probably missing something. How does
Slightly OT: These slides
> https://ripe68.ripe.net/presentations/253-DANEs_don%27t_lie-20140512.pdf
state on page 26: "DANE TLSA Benefits: prevents STARTTLS "downgrade" attacks"
I'm probably missing something. How does publication of a TLSA record
prevent STARTTLS downgrade attacks?
Thanks,
On Tue, Jun 02, 2015 at 11:17:55AM +0200, Per Thorsheim wrote:
> Quite a bit of useful info at sys4.de, but in German. Found this english
> translation as a rather quick guide for parts of the process:
> http://noflex.org/implementing-dnssec-dane-email-step-step/
A few comments:
1. Key generati
courier-imapd ???
this is postfix mailing list...
On Tue, 02 Jun 2015 10:15:24 +
emmanuel wrote:
> I try to connect my outlook with my postfix server and i got this
> errors:
>
> Jun 2 12:14:00 ns204035 courier-imapd: Connection, ip=
> [:::x.x.x.x] Jun 2 12:14:01 ns204035 courier-imap
I try to connect my outlook with my postfix server and i got this errors:
Jun 2 12:14:00 ns204035 courier-imapd: Connection, ip=[:::x.x.x.x]
Jun 2 12:14:01 ns204035 courier-imapd: Disconnected,
ip=[:::x.x.x.x], time=1
Jun 2 12:14:02 ns204035 courier-imapd: Connection, ip=[:::x.x
On Mon, Jun 01, 2015 at 06:08:40PM -0700, Steve Jenkins wrote:
>
> This is expanding a bit on Elijah's OP, but here are my current
> restrictions that I've been running for a while:
>
> smtpd_recipient_restrictions =
> [...]
> reject_rbl_client zen.spamhaus.org,
> reject_rhsbl_cl
On Mon, Jun 01, 2015 at 11:56:18PM +, Daniel Miller wrote:
> Is there a way of removing return-receipt requests from internal senders
> for a particular external recipient? ?Or does this require a separate
> tool/script to pass sent messages through?
This requires a content-filter. Return re
Thx!
Quite a bit of useful info at sys4.de, but in German. Found this english
translation as a rather quick guide for parts of the process:
http://noflex.org/implementing-dnssec-dane-email-step-step/
.per
Den 02.06.2015 10:47, skrev Danny Horne:
> I think this is what I used...a fair bit of scro
I think this is what I used...a fair bit of scrolling to get to relevant
information but I hope it helps
https://ripe68.ripe.net/presentations/253-DANEs_don%27t_lie-20140512.pdf
On 02/06/2015 9:35 am, Per Thorsheim wrote:
> Cannot find a simple process guide for configuring DANE TLSA support &
>
Cannot find a simple process guide for configuring DANE TLSA support &
publish relevant DNSSEC signed information. Anyone got a complete guide
from start to finish?
BR,
Per
29 matches
Mail list logo