On Thu, Mar 18, 2010 at 04:14:31PM -, Jonathan Tripathy wrote:
> > It works in practice. A few Postfix TLS proxies have been terminating TLS
> > connections, making access control decisions and forwarding unencrypted
> > SMTP to a non-Postfix server for many years now.
> >
> > These systems o
It works in practice. A few Postfix TLS proxies have been terminating TLS
connections, making access control decisions and forwarding unencrypted
SMTP to a non-Postfix server for many years now.
These systems only run "smtpd" as a proxy, and use various internal
services, but otherwise there is no
On Thu, Mar 18, 2010 at 11:00:14AM -0300, Reinaldo de Carvalho wrote:
> On Thu, Mar 18, 2010 at 10:53 AM, Jonathan Tripathy
> wrote:
> >
> > BTW, the machines in the CDE will all have anti-virus and automatic updates
> > enabled.
> >
> > So, back to postfix, can it do such a thing? Act as a "pro
Jonathan Tripathy:
> So, back to postfix, can it do such a thing? Act as a "proxy" and
> not a "store and forward relay"
http://www.postfix.org/SMTPD_PROXY_README.html
Someone will still have to monitor the logfile, and deal with
"postmaster notification" email depending on how the notify_classes
On 18/03/2010 13:53, Jonathan Tripathy wrote:
So, back to postfix, can it do such a thing? Act as a "proxy" and not a
"store and forward relay"
In SMTP terms, a proxy is effectively the same thing as a
store-and-forward relay. But yes, Postfix will do this very well. For
inbound mail, you ca
On Thu, Mar 18, 2010 at 10:53 AM, Jonathan Tripathy wrote:
>
> BTW, the machines in the CDE will all have anti-virus and automatic updates
> enabled.
>
> So, back to postfix, can it do such a thing? Act as a "proxy" and not a
> "store and forward relay"
>
>
>
In theory you can to use 'smtpd_proxy
> Any ideas on how to set up an "SMTP Proxy Server" to attain PCI Compliance?
> I literally need postfix to just pass through mail to our ISP's smtp server.
> We would then set outlook to use this local smtp proxy server.
I work for a hosting company, we find it's
On 18 March 2010 23:59, J. Roeleveld wrote:
> Does this mean that the service-desk of companies are not compliant either?
Hehe, in a way. Social engineering is thankfully(?) outside the scope
of PCI-DSS compliance.
> 1) Check in phonebook for number of VISA credit card service desk
> 2) Call lis
On Thursday 18 March 2010 13:26:43 Barney Desmond wrote:
> On 18 March 2010 21:57, Jonathan Tripathy wrote:
> 3. We read the report, and find things like "server exposes its
> hostname in the greeting banner", or "server appears to allow the use
> of the VRFY command".
Does this mean that the
On 18 March 2010 21:57, Jonathan Tripathy wrote:
> Any ideas on how to set up an "SMTP Proxy Server" to attain PCI Compliance?
> I literally need postfix to just pass through mail to our ISP's smtp server.
> We would then set outlook to use this local smtp proxy serve
Hi Folks,
Any ideas on how to set up an "SMTP Proxy Server" to attain PCI Compliance? I
literally need postfix to just pass through mail to our ISP's smtp server. We
would then set outlook to use this local smtp proxy server.
I'm not entirly sure if a "relay" ser
Bastian Blank wrote:
On Mon, Jul 27, 2009 at 08:03:20AM -0400, Wietse Venema wrote:
Jake Vickers:
Now I know I posted the other day about disabling SSLv2, but if I add
That solution was for MANDATORY TLS encryption. If TLS is not mandatory,
then disabling SSLv2 is pointless: you allow plaintex
On Mon, Jul 27, 2009 at 08:03:20AM -0400, Wietse Venema wrote:
> Jake Vickers:
> > Now I know I posted the other day about disabling SSLv2, but if I add
> That solution was for MANDATORY TLS encryption. If TLS is not mandatory,
> then disabling SSLv2 is pointless: you allow plaintext email.
I don
Jake Vickers:
> Now I know I posted the other day about disabling SSLv2, but if I add
That solution was for MANDATORY TLS encryption. If TLS is not mandatory,
then disabling SSLv2 is pointless: you allow plaintext email.
But if it gives someone warm fuzzies, you can use smtpd_tls_protocols
inste
t if I add
the "smtpd_tls_security_level = encrypt" line to my config, I can no
longer receive mail from outside sources (Gmail, Yahoo, etc.). So while
it does disable SSLv2 connections, it does not allow outside email to
come in.
For anyone who has done PCI compliance in the past, am
15 matches
Mail list logo
