Phil Biggs via Postfix-users:
> Thursday, December 21, 2023, 10:05:41 AM, Wietse Venema via Postfix-users
> wrote:
>
> > Viktor Dukhovni via Postfix-users:
> >> smtpd_data_restrictions=reject_unauth_pipelining.
>
> > That will, as Viktor observes, on port 25 mitigate the published attack.
>
>
Thursday, December 21, 2023, 10:05:41 AM, Wietse Venema via Postfix-users
wrote:
> Viktor Dukhovni via Postfix-users:
>> smtpd_data_restrictions=reject_unauth_pipelining.
> That will, as Viktor observes, on port 25 mitigate the published attack.
Will postscreen's opportunistically enabled pipe
Viktor Dukhovni via Postfix-users:
> smtpd_data_restrictions=reject_unauth_pipelining.
That will, as Viktor observes, on port 25 mitigate the published attack.
I'll update the text at https://www.postfix.org/smtp-smuggling.html
Wietse
___
Postf
On Wed, Dec 20, 2023 at 05:48:43PM -0500, Wietse Venema via Postfix-users wrote:
> Wietse Venema via Postfix-users:
> > As part of a non-responsible disclosure process, SEC Consult has
> > published an email spoofing attack that involves a composition of
> > different mail service behaviors with r
Wietse Venema via Postfix-users:
> As part of a non-responsible disclosure process, SEC Consult has
> published an email spoofing attack that involves a composition of
> different mail service behaviors with respect to broken line endings.
Also on-line at httpps://www.postfix.org/smtp-smuggling.ht
On Wed, Dec 20, 2023 at 09:12:47PM +0100, John D'Orazio via Postfix-devel wrote:
> I recently encountered on a server of my own a case of SMTP smuggling.
I am very sceptical that this is in fact the case. Which is to say,
very confident it is not.
> I was befuddled by the fact that I received a
I was directed to this thread from the dev mailing list. Seeing I'm using
Postfix 3.4.13 on a server of mine that has an OS of Ubuntu 20.04, I'm
guessing I don't have access to this smtpd restriction. I have however
started implementing amavis as spam detection, which does use -o
smtpd_data_restric
Le 20/12/2023 à 21:25, Joachim Lindenberg via Postfix-users a écrit :
Emmanuel :
That's crazy, If you're able to run a dedicated proxy instance, you're able to
run an outboud postfix instance too: the perfect proxy software for
smtp/postfix is postfix.
Otherwise it means that you're trying to
Emmanuel :
>That's crazy, If you're able to run a dedicated proxy instance, you're able to
>run an outboud postfix instance too: the perfect proxy software for
>smtp/postfix is postfix.
>Otherwise it means that you're trying to solve your use-case at the wrong
>level and that should be dealt at
Le 20/12/2023 à 20:53, Joachim Lindenberg via Postfix-users a écrit :
Wietse:
Obviously, nginx will not know the Postfix SMTP client protocol stage, and the
nginx settings will have to match the largest
Postfix timeouts to avoid persistent mail delivery problems with some sites.
Settings optima
Wietse:
>Obviously, nginx will not know the Postfix SMTP client protocol stage, and the
>nginx settings will have to match the largest
>Postfix timeouts to avoid persistent mail delivery problems with some sites.
>Settings optimal for Postfix may conflict with 'web' proxy usage.
There is no need
Wietse:
>A Postfix implementation will have to work for other use cases,
>too. It would be good to know how nginx in forward proxy mode
>handles or ignores client address and port info, now and in the
>forseeable future.
Joachim Lindenberg via Postfix-users:
> I double checked documentation at
>
>A Postfix implementation will have to work for other use cases, too. It would
>be good to know how nginx in forward proxy mode handles or >ignores client
>address and port info, now and in the forseeable future.
I double checked documentation at
https://nginx.org/en/docs/stream/ngx_stream_prox
On Wed, Dec 20, 2023 at 03:21:03PM +, Linkcheck via Postfix-users wrote:
>
> > How does your milter decide which messages to sign? Does it perhaps
> > look for:
> >
> > milter_macro_daemon_name=ORIGINATING
>
> I originally had this in place but could find no reason for it online nor
> a
Thanks, Bill. That did it. :)
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
I assumed it should be in main.cf. I meant which section. I tried to
redefine it in smtpd_helo_restrictions since that seemed reasonable.
Running postconf shows it, as you say set to no but I cannot set it to yes.
--
Dave Stiles
Linkcheck Bristol Web Design
Tel: 0117 9248413
https://www.bristolw
Linkcheck via Postfix-users:
> On 20/12/2023 3:51 pm, Wietse Venema via Postfix-users wrote:
> > "smtpd_forbid_unauth_pipelining = yes
>
> I tried that (3.7.6) and got...
> warning: unknown smtpd restriction: "smtpd_forbid_unauth_pipelining"
>
> Where should I have placed it?
Ask your vendor. Th
On 20/12/2023 3:51 pm, Wietse Venema via Postfix-users wrote:
"smtpd_forbid_unauth_pipelining = yes
I tried that (3.7.6) and got...
warning: unknown smtpd restriction: "smtpd_forbid_unauth_pipelining"
Where should I have placed it?
___
Postfix-user
Thanks, I've now enabled that.
I'm ptrty sure the reason, though, is the single Received line, which
does (can) not give the domain's signing key from DNS.
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to po
As part of a non-responsible disclosure process, SEC Consult has
published an email spoofing attack that involves a composition of
different mail service behaviors with respect to broken line endings.
A short-term fix may deployed now, before the upcoming long holiday:
- Postfix 3.9 (stable relea
To find out why a milter signs or does not sign, it would be helpful to
see the milter’s configuration. With OpenDKIM, the setting ‘LogWhy yes’
is useful for debugging such issues.
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe
Thank you for your response, Viktor.
> How does your milter decide which messages to sign? Does it perhaps
look for:
> milter_macro_daemon_name=ORIGINATING
I originally had this in place but could find no reason for it online
nor any sufficient reason to use it, so I removed it, with no a
Hi,
That was a long time ago. Postfix has evolved as the Internet has
changed. I am continuing the overhaul of this software, motivated
by people like you on this mailing list.
I just wanted to say thanks - for postfix and your support on the
mailinglist!
Best Regards
Bjoern
__
Thank you Wietse, I have used Postfix since early 2000.
Thanks to you and to the community!!!
On Thu, Dec 14, 2023 at 2:21 PM Wietse Venema via Postfix-users <
postfix-users@postfix.org> wrote:
> As a few on this list may recall, it is 25 years ago today that the
> "IBM secure mailer" had its pub
On Mon, Dec 18, 2023 at 17:40:49 -0500, Wietse Venema via Postfix-users wrote:
> Viktor Dukhovni via Postfix-users:
> > - Postfix 3.9 (pending official release soon), rejects unuthorised
> > pipelining by default: "smtpd_forbid_unauth_pipelining = yes".
> >
> > - Postfix 3.8.1, 3.7.6, 3.6.10 and
25 matches
Mail list logo
