Re: Ok. I'm finding a small issue on my server.

2012-01-10 Thread Reindl Harald
Am 10.01.2012 21:32, schrieb Benny Pedersen: > On Tue, 10 Jan 2012 09:34:09 +0100, Reindl Harald wrote: > >> but you have this for your mails rejected outside not >> for incoming > > poor manns srs is .forward who cares poor man in context of professional servers? virtual_alias_maps = proxy:my

Re: Ok. I'm finding a small issue on my server.

2012-01-10 Thread Benny Pedersen
On Tue, 10 Jan 2012 09:34:09 +0100, Reindl Harald wrote: but you have this for your mails rejected outside not for incoming poor manns srs is .forward badly brokken spf checks is not something that postfix can change checking From: header is not correct way of checking spf, srs will not cha

Re: Ok. I'm finding a small issue on my server.

2012-01-10 Thread Reindl Harald
Am 10.01.2012 08:37, schrieb Bastian Blank: > On Tue, Jan 10, 2012 at 01:36:42AM +0100, Reindl Harald wrote: >> Am 09.01.2012 22:07, schrieb Noel Jones: >>> On 1/9/2012 1:24 PM, Jeroen Geilman wrote: Many people (me and most of this list included) reject impersonation of the sender addr

Re: Ok. I'm finding a small issue on my server.

2012-01-09 Thread Bastian Blank
On Tue, Jan 10, 2012 at 01:36:42AM +0100, Reindl Harald wrote: > Am 09.01.2012 22:07, schrieb Noel Jones: > > On 1/9/2012 1:24 PM, Jeroen Geilman wrote: > >> Many people (me and most of this list included) reject impersonation > >> of the sender address unless it is on an encrypted submission port;

Re: Ok. I'm finding a small issue on my server.

2012-01-09 Thread Reindl Harald
Am 10.01.2012 04:32, schrieb Noel Jones: >> in this case this is NOT legit mail, sites implementing this >> way have to be rejected - a "greeting ecard" where you can >> enter a e-mail-address which will be used as ENVELOPE sender >> is badly broken > >> any web-application using a foreign ENVEL

Re: Ok. I'm finding a small issue on my server.

2012-01-09 Thread Noel Jones
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 1/9/2012 6:36 PM, Reindl Harald wrote: > > > Am 09.01.2012 22:07, schrieb Noel Jones: >> On 1/9/2012 1:24 PM, Jeroen Geilman wrote: >>> Many people (me and most of this list included) reject >>> impersonation of the sender address unless it is on

Re: Ok. I'm finding a small issue on my server.

2012-01-09 Thread Reindl Harald
Am 09.01.2012 22:07, schrieb Noel Jones: > On 1/9/2012 1:24 PM, Jeroen Geilman wrote: >> Many people (me and most of this list included) reject impersonation >> of the sender address unless it is on an encrypted submission port; >> this is the norm rather than the exception nowadays. > > Be awar

Re: Ok. I'm finding a small issue on my server.

2012-01-09 Thread Noel Jones
On 1/9/2012 1:24 PM, Jeroen Geilman wrote: > Many people (me and most of this list included) reject impersonation > of the sender address unless it is on an encrypted submission port; > this is the norm rather than the exception nowadays. Be aware this may reject some legit mail. Feel free to do

Re: Ok. I'm finding a small issue on my server.

2012-01-09 Thread Jeroen Geilman
de of your systems but will have your From: address. If you block this, you won't see your own postings to the list. This is an excerpt from the headers in your e-mail: From: Benny Pedersen To: Subject: Re: Ok. I'm finding a small issue on my server. This is a common misc

Re: Ok. I'm finding a small issue on my server.

2012-01-08 Thread Benny Pedersen
ng on that header no matter where its recieved This is an excerpt from the headers in your e-mail: From: Benny Pedersen To: Subject: Re: Ok. I'm finding a small issue on my server. good then fix it :-) space lost before

Re: Ok. I'm finding a small issue on my server.

2012-01-08 Thread Bjørn Ruberg
From: address. If you block this, you won't see your own postings to the list. This is an excerpt from the headers in your e-mail: From: Benny Pedersen To: Subject: Re: Ok. I'm finding a small issue on my server. This is a common misconception. The envelope sender is not the same as t

Re: Ok. I'm finding a small issue on my server.

2012-01-07 Thread Peter
from outside of your systems but will have your From: address. > If you block this, you won't see your own postings to the list. > > This is an excerpt from the headers in your e-mail: > > From: Benny Pedersen > To: > Subject: Re: Ok. I'm finding a small issue on m

Re: Ok. I'm finding a small issue on my server.

2012-01-07 Thread Bjørn Ruberg
o the list. This is an excerpt from the headers in your e-mail: From: Benny Pedersen To: Subject: Re: Ok. I'm finding a small issue on my server. -- Bjørn

Re: Ok. I'm finding a small issue on my server.

2012-01-07 Thread Noel Jones
On 1/7/2012 8:33 PM, Benny Pedersen wrote: > On Tue, 27 Dec 2011 14:07:22 +0100, Jeroen Geilman wrote: > >> smtpd_tls_auth_only = yes >> >> to main.cf; otherwise, all authentication communication is sent "in >> the clear". > > this will only break starttls clients, that means connection must be >

Re: Ok. I'm finding a small issue on my server.

2012-01-07 Thread Benny Pedersen
On Tue, 27 Dec 2011 14:07:22 +0100, Jeroen Geilman wrote: smtpd_tls_auth_only = yes to main.cf; otherwise, all authentication communication is sent "in the clear". this will only break starttls clients, that means connection must be tls before connection, it will not make plain passwords mor

Re: Ok. I'm finding a small issue on my server.

2012-01-07 Thread Benny Pedersen
On Tue, 27 Dec 2011 08:22:47 +0100, Bjørn Ruberg wrote: Be advised that if you plan to reject *sender addresses* claiming to originate from your own domain, you might break legitimate mails. how ?

Re: Ok. I'm finding a small issue on my server.

2011-12-27 Thread /dev/rob0
On Tuesday 27 December 2011 07:07:22 Jeroen Geilman wrote: > On 2011-12-27 06:45, Glenn Sieb wrote: > > While I have SASL set up on port 587, I recently found that > > foreign IPs can connect, pretend to be, say, me, and send mail > > to my users. SPF can catch this, but I think it's something that

Re: Ok. I'm finding a small issue on my server.

2011-12-27 Thread Jeroen Geilman
On 2011-12-27 06:45, Glenn Sieb wrote: Dear list, While I have SASL set up on port 587, I recently found that foreign IPs can connect, pretend to be, say, me, and send mail to my users. SPF can catch this, but I think it's something that should/can be caught by Postfix, no? So I conclude I have

Re: Ok. I'm finding a small issue on my server.

2011-12-26 Thread Bjørn Ruberg
On 12/27/2011 06:45 AM, Glenn Sieb wrote: Dear list, While I have SASL set up on port 587, I recently found that foreign IPs can connect, pretend to be, say, me, and send mail to my users. SPF can catch this, but I think it's something that should/can be caught by Postfix, no? Can, yes. But no

Re: Ok. I'm finding a small issue on my server.

2011-12-26 Thread Steven King
Make sure the submission daemon in master.cf is configured with the following option: -o smtpd_sasl_auth_enable=yes Then ensure that you have SASL properly configured. Also, ensure that your trusted networks is configured properly to ensure you do not inadvertently have an open relay. On 1