On Sun, Jul 19, 2015 at 10:44:09PM -0500, John Gateley wrote:
> However, the question still remains: how can I test this without actually
> making one of my domains live?
Define "test".
It will work as documented. If you want to see what it would block
without blocking anything, consider:
On 7/19/15 10:36 PM, Viktor Dukhovni wrote:
On Sun, Jul 19, 2015 at 10:08:07PM -0500, John Gateley wrote:
I have a host running postfix on port 25 (also 12345 for debugging
purposes[*]),
and I want to test the following line in my main.cf:
smtpd_client_restrictions = reject_unknown_client_hos
On Sun, Jul 19, 2015 at 10:08:07PM -0500, John Gateley wrote:
> I have a host running postfix on port 25 (also 12345 for debugging
> purposes[*]),
> and I want to test the following line in my main.cf:
>
> smtpd_client_restrictions = reject_unknown_client_hostname
You can save yourself some time
I have a host running postfix on port 25 (also 12345 for debugging
purposes[*]),
and I want to test the following line in my main.cf:
smtpd_client_restrictions = reject_unknown_client_hostname
The host is on the internet, publicly accessible, but I haven't pointed any
DNS MX records at it.
The
On 7/18/2015 1:50 PM, Robert Morton wrote:
> After-Queue Content Filter, Injecting Mail Back Into Postfix —
> Mail Loop Problem
>
> I created a stand-alone after-queue content filter, which
> listens on port 10025. The stand-alone content filter
> receives e-mail messages and processes them and
On 19 Jul 2015, at 21:09, Harald Koch wrote:
> Maybe it's just a configuration error on my side, but all SMTP from yahoo.com
> servers to mine still uses RC4...
This depends on your Postfix settings, I reckon. On our setup, with a
non-default cipher set and server-side cipher ordering, we see
On 19 Jul 2015, at 20:26, Wietse Venema wrote:
> Viktor Dukhovni:
>> On Sun, Jul 19, 2015 at 10:41:43AM +0200, DTNX Postmaster wrote:
>>
>> [ Additional data points would be useful, please don't be shy.
>> Is anyone who's had to make adjustments to their cipherlist
>> settings to ensure that R
On Sun, Jul 19, 2015 at 09:24:15PM +0200, DTNX Postmaster wrote:
> * TLSV1 Cipher Suites:
> Preferred:
> RC4-MD5 128 bits
> Accepted:
> RC4-SHA 128 bits
> RC4-M
On 19 Jul 2015, at 17:53, Viktor Dukhovni wrote:
>> The primary reason is that the tail for versions of Postfix running on
>> versions of OpenSSL older than 1.1 will be very long, easily 5-10
>> years, even if all vendors stick with the new defaults.
>
> I'm worried more about early adopters o
Maybe it's just a configuration error on my side, but all SMTP from
yahoo.com servers to mine still uses RC4...
--
Harald
Viktor Dukhovni:
> On Sun, Jul 19, 2015 at 10:41:43AM +0200, DTNX Postmaster wrote:
>
> [ Additional data points would be useful, please don't be shy.
> Is anyone who's had to make adjustments to their cipherlist
> settings to ensure that RC4 is in the first 64 slots for
> Exchange 2003 serv
On Sun, Jul 19, 2015 at 10:41:43AM +0200, DTNX Postmaster wrote:
[ Additional data points would be useful, please don't be shy.
Is anyone who's had to make adjustments to their cipherlist
settings to ensure that RC4 is in the first 64 slots for
Exchange 2003 servers, finding that they no lon
On 18 Jul 2015, at 22:12, Viktor Dukhovni wrote:
> You've likely all been hearing that RC4 is on its way out, with
> increasingly practical attacks to extract fixed plaintext that is
> sent repeatedly in lots of messages (e.g. HTTP cookies).
>
> While it is not clear how to extend these attack
13 matches
Mail list logo
