On 2015/9/14 星期一 12:14, Viktor Dukhovni wrote:
That's clear now. You SHOULD enable STARTTLS on port 25, if you
haven't already. Consider publishing DANE TLSA records, but only
if you can do it right, nobody benefits from badly implemented TLSA
records. Consider enabling DANE for outbound mai
On Mon, Sep 14, 2015 at 11:32:57AM +0800, Ken Peng wrote:
> You are exactly right, we are talking about securing inbound mail.
So finally we have a clear problem statement.
In that case, firstly inbound email is always port 25. Barring
special-case manual routing agreed by both parties, email i
Viktor,
On 2015/9/14 星期一 11:16, Viktor Dukhovni wrote:
On Mon, Sep 14, 2015 at 10:32:46AM +0800, Ken Peng wrote:
All our MX servers can be setup with tls secure.
So the servers in question are inbound MX hosts accepting mail from
other domains on port 25? And you were asking a question abou
On Mon, Sep 14, 2015 at 10:32:46AM +0800, Ken Peng wrote:
> All our MX servers can be setup with tls secure.
So the servers in question are inbound MX hosts accepting mail from
other domains on port 25? And you were asking a question about
securing inbound mail?
If so, why were you asking port
On September 14, 2015 4:32:24 AM Ken Peng wrote:
This is what I actually want to ask for, about the transfer secure.
Thx.
atleast you did not use spamhaus css like postfix.org does, so the reply
you did was rejected on postfix maillist from me, sad anti spammers wins always
https://dane.sy
Hi,
Sorry for my poor expression, :)
All our MX servers can be setup with tls secure.
But as people have said in the list, we should accept the messages which
are not encrypted otherwise it will break RFC.
If the peer MTAs send messages to us, with non-encrypted content, these
messages should n
On Mon, Sep 14, 2015 at 10:05:13AM +0800, Ken Peng wrote:
> My real question is this one I sent before,
You're not listening. The right answer depends on the role your
MTA plays and its relationship to the clients it serves. If you
don't provide the proper context, nobody can give you a sensibl
Hi,
My real question is this one I sent before,
So, if we most time transfer messages between MTAs with non-encrypted,
what destinations should these email systems exist for?
http://www.emailquestions.com/encrypted-email-service-providers/
From production viewpoints, we can develop that a enc
On Mon, Sep 14, 2015 at 09:56:27AM +0800, Ken Peng wrote:
> On 2015/9/14 星期一 9:50, Viktor Dukhovni wrote:
> >What is the Postfix version of your server? What software do the
> >clients use?
>
> We are actually using a customized version of Postfix, adding some features
> to support distributed sy
We are actually using a customized version of Postfix, adding some
features to support distributed systems. Yes I was talking about MTA to
MTA communications, not MUA. We have hundreds of Postfix as MX cluster.
The user number is huge, it's more than 500 millions IMO.
On 2015/9/14 星期一 9:50, V
On Mon, Sep 14, 2015 at 09:07:30AM +0800, Ken Peng wrote:
> For security transfer, can I have the setup in Postfix to force peer MTA
> using SMTP/SSL port (465) for email delivery only? Thx.
You're not asking a sufficiently detailed question, and we're not
psychic, so your question has no answer
On September 14, 2015 3:23:31 AM Alice Wonder wrote:
For security transfer, can I have the setup in Postfix to force peer MTA
using SMTP/SSL port (465) for email delivery only? Thx.
Port 465 is deprecated. It should not be used.
can you say what mua it is that in ?
when i use ssl in thund
So, if we most time transfer messages between MTAs with non-encrypted,
what destinations should these email systems exist for?
http://www.emailquestions.com/encrypted-email-service-providers/
Thanks.
On 2015/9/14 星期一 9:36, Alice Wonder wrote:
But the RFC (I don't know number offhand) says you
On 09/13/2015 06:34 PM, Ken Peng wrote:
On 2015/9/14 星期一 9:23, Alice Wonder wrote:
On 09/13/2015 06:07 PM, Ken Peng wrote:
Hi,
For security transfer, can I have the setup in Postfix to force peer MTA
using SMTP/SSL port (465) for email delivery only? Thx.
Port 465 is deprecated. It sho
On 2015/9/14 星期一 9:23, Alice Wonder wrote:
On 09/13/2015 06:07 PM, Ken Peng wrote:
Hi,
For security transfer, can I have the setup in Postfix to force peer MTA
using SMTP/SSL port (465) for email delivery only? Thx.
Port 465 is deprecated. It should not be used.
25 is what your server sh
On 09/13/2015 06:07 PM, Ken Peng wrote:
Hi,
For security transfer, can I have the setup in Postfix to force peer MTA
using SMTP/SSL port (465) for email delivery only? Thx.
Port 465 is deprecated. It should not be used.
25 is what your server should use to accept mail from other MTAs.
If y
Hi,
For security transfer, can I have the setup in Postfix to force peer MTA
using SMTP/SSL port (465) for email delivery only? Thx.
--
B. Regards,
Ken Peng - k...@cloud-china.org
On Sun, 13 Sep 2015 21:35:56 +0200
Benny Pedersen wrote:
> fail2ban is imho only ipv4 :(
Ah, I didn't know that.
> google autofwd for replacement
>
> http://freecode.com/projects/autofwd
Thanks. This looks interesting.
--
Niklaas
Niklaas Baudet von Gersdorff skrev den 2015-09-13 20:39:
Have a look here:
http://www.sshguard.net/
http://unix.stackexchange.com/questions/44483/protecting-postfix-from-bruteforce-attacks
http://www.djs.to/2013/10/1-postfix-sasl-support-for-sshguard/
fail2ban is imho only ipv4 :(
google aut
On Sun, 13 Sep 2015 00:25:42 +0530
Ram wrote:
> I am seeing a surge in the number of password attempts both at my
> postfix smtp servers as well as imap servers
> These attacks seem to be targetted since the attempts are made at
> correct userids
I am using sshguard. It doesn't support Postfix
On Sun, 13 Sep 2015 16:35:42 +, Viktor Dukhovni stated:
> > tls_medium_cipherlist = AES128+EECDH:AES128+EDH
>
> Never mind all the above, BINGO! Where did that come from? Certainly
> not anything I'd ever recommended to anyone. Remove that setting
> with prejudice.
I have no idea where t
On Sun, Sep 13, 2015 at 12:26:52PM -0400, Postfix User wrote:
> $ postconf -nf
> msa_tls_ciphers = medium
> msa_tls_dh1024_param_file = ${config_directory}/dh2048.pem
> msa_tls_exclude_ciphers = MD5, RC4, 3DES
The client in question likely needs at least one of the above.
Try restoring 3DES (if t
On Sun, 13 Sep 2015 15:54:45 +, Viktor Dukhovni stated:
> On Sun, Sep 13, 2015 at 11:37:07AM -0400, Postfix User wrote:
>
> > Sep 13 11:22:41 scorpio postfix/submission/smtpd[18955]: warning: TLS
> > library problem: error:1408A0C1:SSL routines:ssl3_get_client_hello:no
> > shared cipher:s3_sr
On Sun, Sep 13, 2015 at 11:37:07AM -0400, Postfix User wrote:
> Sep 13 11:22:41 scorpio postfix/submission/smtpd[18955]: warning: TLS library
> problem: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared
> cipher:s3_srvr.c:1413:
Your problem is that in your Postfix SMTP server you've d
Postfix User:
> Sep 13 11:22:41 scorpio postfix/submission/smtpd[18955]: warning: TLS library
> problem: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared
> cipher:s3_srvr.c:1413:
That is your problem.
For more support, see the mailing list welcome message (hint:
postconf -n).
I am using WinZip-19.5 on a Win 10 Pro machine. It has built in
configurations for different email site; Outlook, Gmail, Yahoo. You can also
configure your own server.
I configured it to use Postfix on my FreeBSD-10.1 machine. It fails. This is
from the Postfix logs:
Sep 13 11:22:41 scorpio postf
Kianoosh Kashefi:
> I use zimbra which uses postfix as MTA. I have configured postfix
> message rate limit to 20 mails per minute. As you may know any message
> more this qouta that will be rejected by default.
> but I need these messages to be deferred(delayed) in postfix queue,
Use a policy serv
I use zimbra which uses postfix as MTA. I have configured postfix
message rate limit to 20 mails per minute. As you may know any message
more this qouta that will be rejected by default.
but I need these messages to be deferred(delayed) in postfix queue,
instead of being rejected (it makes more sen
28 matches
Mail list logo
