Juri Haberland wrote in
<40237927-17b0-e3e1-106d-15ce56966...@koschikode.com>:
|On 08/01/2023 15:56, Benny Pedersen wrote:
...
|The problem is that the OP uses the subnet 192.0.2.0/24 on his network,
|which is only for documentation purposes. See the Whois excerpt:
Having said that, being abl
Benny Pedersen wrote in
:
|Steffen Nurpmeso skrev den 2023-01-07 19:35:
|> Matus UHLAR - fantomas wrote in
|> :
|> ...
|>|one
|>|can disable aDH by adding it to smtp_tls_mandatory_exclude_ciphers.
|>
|> Just last week with the new lighttpd update i followed his
|> maintainer by doing (
On 08/01/2023 15:56, Benny Pedersen wrote:
> Received: by kent.sdaoden.eu (Postfix, from userid 1000)
> id 25D02B4B1E; Sat, 7 Jan 2023 19:35:21 +0100 (CET)
> Date: Sat, 07 Jan 2023 19:35:21 +0100
> Author: Steffen Nurpmeso
> From: Steffen Nurpmeso
>
> you are not using postfix imho when
Viktor Dukhovni:
> On Sun, Jan 08, 2023 at 09:23:52PM +0100, Benny Pedersen wrote:
>
> > > I want again to state that header which says "Received: by
> > > (Postfix, from userid )" is perfectly normal and
> > > expected Postfix behavior when mail is submitted locally. I have
> > > seen it countle
On Sun, Jan 08, 2023 at 09:23:52PM +0100, Benny Pedersen wrote:
> > I want again to state that header which says "Received: by
> > (Postfix, from userid )" is perfectly normal and
> > expected Postfix behavior when mail is submitted locally. I have
> > seen it countless number of times.
>
> mayb
Jaroslaw Rafa skrev den 2023-01-08 21:00:
Dnia 8.01.2023 o godz. 16:20:30 Benny Pedersen pisze:
okay i do "sendmail -f m...@junc.eu -bv m...@junc.eu"
it shows as result in probe attatchment
Received: by mx.junc.eu (Postfix, from userid 0)
id 9743182BDB; Sun, 8 Jan 2023 16:06:26 +0100 (C
Dnia 8.01.2023 o godz. 16:20:30 Benny Pedersen pisze:
>
> okay i do "sendmail -f m...@junc.eu -bv m...@junc.eu"
>
> it shows as result in probe attatchment
>
> Received: by mx.junc.eu (Postfix, from userid 0)
> id 9743182BDB; Sun, 8 Jan 2023 16:06:26 +0100 (CET)
>
> in whole email from th
On Sun, Jan 08, 2023 at 04:33:08AM -0600, Matthew McGehrin wrote:
> The majority of the CBC_SHA ciphers are considered weak and should be
> replaced with stronger ciphers.
Are considered weak for use in browsers when either the server or client
does not support the "Encrypt then MAC" (EtM) TLS e
On Sun, Jan 08, 2023 at 09:51:40AM +0400, Sam wrote:
> Hi Eero. I'm using the default settings in postfix. In fact, you can
> look in my settings you'll find `smtpd_tls_eecdh_grade = ultra`. That's
> the only DH related thing AFAIK.
Unless your Postfix version is very old, that setting is unwise
Jaroslaw Rafa skrev den 2023-01-08 16:01:
Dnia 8.01.2023 o godz. 15:56:17 Benny Pedersen pisze:
Received: by kent.sdaoden.eu (Postfix, from userid 1000)
id 25D02B4B1E; Sat, 7 Jan 2023 19:35:21 +0100 (CET)
Date: Sat, 07 Jan 2023 19:35:21 +0100
Author: Steffen Nurpmeso
From: Steffen Nu
Dnia 8.01.2023 o godz. 15:56:17 Benny Pedersen pisze:
>
> Received: by kent.sdaoden.eu (Postfix, from userid 1000)
> id 25D02B4B1E; Sat, 7 Jan 2023 19:35:21 +0100 (CET)
> Date: Sat, 07 Jan 2023 19:35:21 +0100
> Author: Steffen Nurpmeso
> From: Steffen Nurpmeso
>
> you are not using post
Steffen Nurpmeso skrev den 2023-01-07 19:35:
Matus UHLAR - fantomas wrote in
:
...
|one
|can disable aDH by adding it to smtp_tls_mandatory_exclude_ciphers.
Just last week with the new lighttpd update i followed his
maintainer by doing (the EDH+AESGCM is _my_ addition, blame _me_
for that, i
The majority of the CBC_SHA ciphers are considered weak and should be
replaced with stronger ciphers.
See also:
https://www.tenable.com/plugins/nessus/159543
Recommended ciphers would be:
TLSv1.3:
- 0x13,0x01 TLS_AES_128_GCM_SHA256
- 0x13,0x02 TLS_AES_256_GCM_SHA384
- 0x13,0x03 TLS_CHACHA20_P
Hi Eero. I'm using the default settings in postfix. In fact, you can
look in my settings you'll find `smtpd_tls_eecdh_grade = ultra`. That's
the only DH related thing AFAIK.
On 07/01/2023 1:53 PM, Eero Volotinen wrote:
I think you are using insecure dh group 1?
Eero
la 7. tammik. 2023 klo 1
Matus UHLAR - fantomas wrote in
:
...
|one
|can disable aDH by adding it to smtp_tls_mandatory_exclude_ciphers.
Just last week with the new lighttpd update i followed his
maintainer by doing (the EDH+AESGCM is _my_ addition, blame _me_
for that, it adds four combinations):
# super modern,
Thank you, guys. I appreciate it. Have a great day.
On 07/01/2023 9:23 PM, Viktor Dukhovni wrote:
On Sat, Jan 07, 2023 at 12:38:06PM +0400, Sam wrote:
when I run `nmap --script vuln example.com` against a server I manage, I
get the following vulnerability on my server on both ports 465 and 5
On Sat, Jan 07, 2023 at 12:38:06PM +0400, Sam wrote:
> when I run `nmap --script vuln example.com` against a server I manage, I
> get the following vulnerability on my server on both ports 465 and 587.
> The only solutions I found are for legacy systems.
The "nmap" report is wasting your time.
On 07.01.23 18:53, Sam wrote:
Thank you for explaining. I'm sorry I'm not sure whether I understand
that there's a solution or it's OK. Is there a setting that I can
update in postfix to fix this? I already limited smtpd ciphers to
high, with smtpd_tls_ciphers.
Is there something I can do to
Thank you for explaining. I'm sorry I'm not sure whether I understand
that there's a solution or it's OK. Is there a setting that I can update
in postfix to fix this? I already limited smtpd ciphers to high, with
smtpd_tls_ciphers.
Is there something I can do to fix this "vulnerability"?
PS:
Wietse Venema:
> Sam:
> > Hello everyone
> >
> > when I run `nmap --script vuln example.com` against a server I manage, I
> > get the following vulnerability on my server on both ports 465 and 587.
> > The only solutions I found are for legacy systems.
> >
> >
> > 587/tcp open submission
>
Sam:
when I run `nmap --script vuln example.com` against a server I manage, I
get the following vulnerability on my server on both ports 465 and 587.
The only solutions I found are for legacy systems.
...and theose solutions are?
587/tcp open submission
| ssl-dh-params:
| VULNERABLE:
|
Sam:
> Hello everyone
>
> when I run `nmap --script vuln example.com` against a server I manage, I
> get the following vulnerability on my server on both ports 465 and 587.
> The only solutions I found are for legacy systems.
>
>
> 587/tcp open submission
> | ssl-dh-params:
> | VULNERABL
Hello everyone
when I run `nmap --script vuln example.com` against a server I manage, I
get the following vulnerability on my server on both ports 465 and 587.
The only solutions I found are for legacy systems.
587/tcp open submission
| ssl-dh-params:
| VULNERABLE:
| Anonymous Diffie
23 matches
Mail list logo
