On Sat, Apr 18, 2020 at 03:01:08PM -0400, Viktor Dukhovni wrote:
> On Sat, Apr 18, 2020 at 01:04:58PM -0400, Rich Felker wrote:
>
> > > You can consider libc-musl as unsupported from now on.
> >
> > I am really not appreciating the hostility and utterly petty
> > vindictiveness of folks from this
On Sat, Apr 18, 2020 at 01:04:58PM -0400, Rich Felker wrote:
> It's not security theater because nobody's claiming it's secure.
> Rather it's a fairly weak form of hardening that increases the
> required capabilities an attacker needs to exploit a known-insecure
> system.
FWIW, Postfix in fact de
On Sat, Apr 18, 2020 at 10:59:51AM -0400, Wietse Venema wrote:
> Rich Felker:
> > > It would be a mistake to use TLSA records from an unsigned domain.
> > > That would be no more secure than accepting a random server
> > > certificate. All the pain of doing TLSA and none of the gain, just
> > > sec
Rich Felker:
> > It would be a mistake to use TLSA records from an unsigned domain.
> > That would be no more secure than accepting a random server
> > certificate. All the pain of doing TLSA and none of the gain, just
> > security theatre.
>
> It's not security theater. It (1) ensures that you do
Hi Becki,
Thanks for the answer. I'm however trying to use the PAM way, because using
the auxprop method involves storing user passwords in plain text, which I'd
like to avoid. I can't seem to find a way to tell the smtpd.conf file to
encrypt passwords, and as per the Postfix documentation it seem
