ne via existing VPN tunnels we had - some people mistook that as
local storage with remote dovecot using NFS to access mail stores).
- --
Nikolai Lusan Email: niko...@lusan.id.au
-BEGIN PGP SIGNATURE-
iQIzBAEBCgAdFiEEVfd4GW6z4nsBxdLo4ZaDR
ml
https://www.postfix.com/SMTPD_POLICY_README.html
And if that's not enough just start reading the page with _all_ the
configuration directive and figure out what you need 🙂
- --
Nikolai Lusan
Email: niko...@lusan.id.au
-BEGIN PGP SIGNATURE-
iQIzBAEBCgAdFiEEVfd4G
that you don't end up in a bid like that frequently.
> To my surprise they went away.
The users? or the attacks? - in my mind either is a win 😉
- --
Nikolai Lusan
Email: niko...@lusan.id.au
-BEGIN PGP SIGNATURE-
iQIzBAEBCgAdFiEEVfd4GW6z4nsBxdLo4ZaD
king. With
> > > firewall
> > > rules there's not sufficient forensic evidence left behind.
>
> On 14.02.24 19:11, Nikolai Lusan via Postfix-users wrote:
> > Here's a tip - try the 'LOG' target before you DROP/DENY/REJECT (I
> > prefer REJECT
ou know are legit and block the domain (assuming there is
more than one address sending spam/virus/garbage). Or you could go down
the path most MS hosted domains do, and send everything to SPAM folders
unless the address/domain is in someones contact list (probably means
writing a filter that can co
REJECT with an ICMP host/port unreachable for _all_ ports on my
side of the link).
- --
Nikolai Lusan
Email: niko...@lusan.id.au
-BEGIN PGP SIGNATURE-
iQIzBAEBCgAdFiEEVfd4GW6z4nsBxdLo4ZaDRV2VL6QFAmXMg98ACgkQ4ZaDRV2V
L6TCmA/8DPfKVskn6Cq8k2Da0U/e2JIOgzJgiBdwmNbIyi1J+fJjw3BL2vqp0
ation. Another example of a problematic issue is a
requirement by the Australian government for anyone working on products
that use encryption to insert a backdoor that law enforcement can
activate if requested - a requirement that after legislated saw many
Au
ew files - eventually by
inspecting the relevant hash files I found copies of old certs in them
... hence rebuilding the hash files on update.
- --
Nikolai Lusan
-BEGIN PGP SIGNATURE-
iQIzBAEBCgAdFiEEVfd4GW6z4nsBxdLo4ZaDRV2VL6QFAmJFv1kACgkQ4ZaDRV2V
L6TrkRAAlSg1rsudX3ctj+/kYp0izWVG/xCXZNSD
on in one file (in my case vmail_ssl.map) that file gets
mapped with postmap. When new keys or certs get deployed I delete the
vmail_ssl.map.db file, regenerate it with postmap, and then restart
postfix. (I is worth noting that I host multiple domains and use SNI -
so this solution
tioned to Postfix.
- --
Nikolai Lusan
-BEGIN PGP SIGNATURE-
iQIzBAEBCgAdFiEEVfd4GW6z4nsBxdLo4ZaDRV2VL6QFAmJC9vAACgkQ4ZaDRV2V
L6QuZBAAj7WVOh5wA8ZWRX4FcrtJLR487ofUZX0/JTqOKe9AuRN+naCPlPcaPooG
jH6BTQ1EuFptzPyEUb3T401yX2q9/6UOyPCFnGF8X2R00eXcAb9FVri4b3okotHq
WIiEwWXsDlzSSJsJqEWSj87QMhbZ0
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Sun, 2022-03-27 at 09:08 +0530, Amarjeet Anand wrote:
> What’s the story behind choosing the name as “Postfix”?
As with all children it's what it's parents chose to call it 🙂
- --
Nikolai Lusan
-BEGIN
.tld[private/dovecot-lmtp], delay=0.16,
> delays=0.08/0/0/0.08, dsn=2.0.0, status=sent (250 2.0.0
> YIesL90lwl+2hAEA0J78UA Saved)
>
> How can I lowercase the complete email address in postfix before
> delivery? It happens like this in my case:
>
> vir
me I reviewed the cipherlist, but I have other things
on my plate right now.
- --
Nikolai Lusan
Email: niko...@lusan.id.au
Phone: 0425 661 620
-BEGIN PGP SIGNATURE-
iQIzBAEBCgAdFiEEVfd4GW6z4nsBxdLo4ZaDRV2VL6QFAl89RjwACgkQ4ZaDRV2V
L6SeJg/9HuehYiuG2Ebg8N46og3sJkgtzcsghr1pq3BpiABIiI3m9V
> The OP also has other excessive fine-tuning of the TLS stack that
> is somewhat counter-productive.
>
> * 4096 bit RSA cert
> * TLS 1.0 disabled
> * Overly specific cipherlist
> * ...
>
> For SMTP, try to h
dom_exchange_name = /var/lib/postfix/prng_exch
tls_random_prng_update_period = 3600s
tls_random_reseed_period = 3600s
tls_random_source = dev:/dev/urandom
tls_server_sni_maps = hash:/etc/postfix/vmail_ssl.map
Thanks
- --
Nikolai Lusan
Email: niko...@lusan.id.au
Phone: 0425 661
15 matches
Mail list logo
