28.04.2011 18:22, Wietse Venema пишет:
> Michael Tokarev:
>> 28.04.2011 15:08, Wietse Venema wrote:
>>> Michael Tokarev:
postfix/cleanup: warning: milter8_message: vstream_fseek
incoming/4BE085028D: File too large
>>>
>>> Why is this reported as a "450 4.3.0" error? This should
>>> be a
On 3/5/2011 1:35 πμ, Steve Jenkins wrote:
I actually didn't have it in either - I was under the (apparently
false) impression that just putting the exclude in yum.conf would
apply to any repo. It's in the CentOS-Base.repo file in [base] and
[updates] now, tho. Thank you. :)
I also have serve
Randy Ramsdell wrote:
I am trying to configure a very selective list on who can send to a
certain local accounts ( could be many and currently contains maybe 30 ).
Currently, this is covered by:
smtpd_recipient_restrictions = check_recipient_access
hash:/etc/postfix/protected_lists,permit_my
Hi,
During a VA scan, it's reported that my postfix server has
a security vulnerability :
EhloCheck: SMTP daemon supports EHLO
1. How can I disable EHLO & still send/receive mails?
2. Or is there a later version of postfix (let me know the
version) that addresses this or any patch to ap
1 more question:
if there's a way to disable EHLO or fixing it via a patch,
how do I verify (without running VA scan) that this EHLO
vulnerability has been fixed?
TIA
Roger
On May 3, 2011, at 8:42 AM, Roger Goh wrote:
> 1 more question:
>
> if there's a way to disable EHLO or fixing it via a patch,
> how do I verify (without running VA scan) that this EHLO
> vulnerability has been fixed?
>
What vulnerability?! Who doesn't use EHLO?!?!
Perhaps you should use a
On 5/3/2011 10:34 AM, Roger Goh wrote:
Hi,
During a VA scan, it's reported that my postfix server has
a security vulnerability :
EhloCheck: SMTP daemon supports EHLO
EHLO is not a security vulnerability, rather it is a standard
feature of SMTP (not just postfix, but all mail servers).
Am 03.05.2011 17:34, schrieb Roger Goh:
> Hi,
>
> During a VA scan, it's reported that my postfix server has
> a security vulnerability :
>
>EhloCheck: SMTP daemon supports EHLO
where exactly is the security hole?
you should not trust the output of every tool blind without
try to understan
On May 3, 2011, at 8:49 AM, Reindl Harald wrote:Am 03.05.2011 17:34, schrieb Roger Goh:Hi,During a VA scan, it's reported that my postfix server hasa security vulnerability : EhloCheck: SMTP daemon supports EHLOwhere exactly is the security hole?you should not trust the output of every tool blind
> During a VA scan, it's reported that my postfix server has a security
> vulnerability : EhloCheck: SMTP daemon supports EHLO
As Roger Klorese pointed out, there is an advertised, fuzzy vulnerability
advisory out there regarding EHLO. However, as Noel Jones indicated, EHLO
is a standard part o
Ok, ok, no offence intended.
Can we mitigate it somewhat like what Roger Klorese suggested,
eg: restrict the info EHLO reveals or don't reveal actual hostname :
smtp_helo_name ($myhostname)
Use a fictitious hostname to send in the SMTP EHLO or HELO
command (& how do I do this?
& from the url Roger Klorese provided,
http://www.iss.net/security_center/reference/vuln/smtp-ehlo.htm
it says :
SMTP daemons that support Extended HELO (EHLO) can release information
that could be useful to an attacker in performing an attack. Attackers
have been known to use the EHLO command t
Am Montag, 2. Mai 2011, 12:57:01 schrieb Reindl Harald:
> Am 02.05.2011 12:49, schrieb Mihira Fernando:
> >> how stoopid can anybody be to make server-answers form a spamfilter
> >> with 451 in polish and a form nobody out there can read followed
> >> by a RED SUCCESS MESSAGE (finding out success a
Roger Goh:
> Hi,
>
> During a VA scan, it's reported that my postfix server has
> a security vulnerability :
>
>EhloCheck: SMTP daemon supports EHLO
EHLO is required by the SMTP standard (RFC 5321).
Wietse
> Can we mitigate it somewhat like what Roger Klorese suggested,
> eg: restrict the info EHLO reveals or don't reveal actual hostname :
All the configuration items you mentioned are things that affect what
your Postfix will or won't do as a client talking to other servers.
These configuration opti
> So what other 'vulnerable' configuration information EHLO reveals
> & how they can disabled/mitigated/fabricated ?
You may want to suppress the SIZE information (maximum size of a
message that your server will accept). Some hackers might take
this as a challenge and try to exploit it in a denia
Hey all,
I just updated by backup mail gateway (Postfix/Clam/SA/Amavis) to 2.8 to
use postscreen.
I followed the instructions from here:
http://www.postfix.org/POSTSCREEN_README.html
I now keep getting these errors in my mail.log:
May 3 13:30:31 ubuntu-spam2 postfix/error[15293]: 012
On Tue, May 03, 2011 at 10:00:58AM -0700, Rich Wales wrote:
> > So what other 'vulnerable' configuration information EHLO reveals
> > & how they can disabled/mitigated/fabricated ?
>
> You may want to suppress the SIZE information (maximum size of a
> message that your server will accept). Some
On Tuesday, May 03, 2011 01:36:50 PM Bailey, Damian S. wrote:
> Hey all,
>
>
>
> I just updated by backup mail gateway (Postfix/Clam/SA/Amavis) to 2.8 to
> use postscreen.
>
You may be suffering from this bug:
https://bugs.launchpad.net/bugs/764096
a duplicate report:
https://bugs.launchpad
> -Original Message-
> From: owner-postfix-us...@postfix.org
> [mailto:owner-postfix-us...@postfix.org] On Behalf Of Rich Wales
> Sent: Tuesday, May 03, 2011 9:18 AM
> To: postfix users
> Subject: Re: security vulnerability : SMTP daemon supports EHLO
>
> I can imagine that some hackers m
Le lundi 2 mai 2011 17:22, Wietse Venema a écrit :
> fakessh:
> > hello list
> > hello gurus
> > hello ? Wietse Venema
> a) Free crystal balls.
yes I possess crystal balls some nice numbers thank you
>
> b) Free telepathic services.
yes I possess powers parapsychic I discuss with a large India
>> You may want to suppress the SIZE information . . . .
>
> No, this is silly, one is better off advertising the maximum size
> to avoid the vast majority unnecessary partial transmission of
> overly large messages. An attacker can tie up SMTP server resources
> whether the SIZE limit is known o
Scott,
Thanks, but I don't think this is my issue. (Thought the bugs are good
to know!)
My mail just isn't being relayed to my email server. I am running
Ubuntu, though it's 10.04.2 LTS
Damian Bailey | baile...@lcps.k12.va.us
Lead Technician | LCPS Technology
540.894.4373x8220
Shipping Address
On Tuesday, May 03, 2011 02:14:40 PM Bailey, Damian S. wrote:
> > -Original Message-
> > From: owner-postfix-us...@postfix.org
> > [mailto:owner-postfix-us...@postfix.org] On Behalf Of Scott Kitterman
> > Sent: Tuesday, May 03, 2011 2:00 PM
> > To: postfix-users@postfix.org
> > Subject: R
Bailey, Damian S.:
> May 3 13:30:31 ubuntu-spam2 postfix/error[15293]: 0126F2235EB:
> to=, relay=none, delay=927,
> delays=927/0.03/0/0.07, dsn=4.3.0, status=deferred (mail transport
> unavailable)
>
> I know it's due to changes I made to activate postscreen, but I honestly
> don't understand eno
Randy Ramsdell wrote:
Randy Ramsdell wrote:
I am trying to configure a very selective list on who can send to a
certain local accounts ( could be many and currently contains maybe 30 ).
Currently, this is covered by:
smtpd_recipient_restrictions = check_recipient_access
hash:/etc/postfix/pr
On Tue, 22 Mar 2011 19:38:22 -0400 (EDT), Wietse Venema
> Sorry, postscreen will not look up client hostnames. It needs to make
> a decision in milliseconds time to avoid slowing down good clients.
postscreen is perfect if i have permit_sasl_authenticated supported, i
have tryed to make this but
On Tue, May 03, 2011 at 11:15:57AM -0700, Rich Wales wrote:
> A followup question. If I suppress the advertising of an extended
> feature by listing it in smtpd_discard_ehlo_keywords, does that also
> disable the feature? Or do I have to do other things to actually
> turn a feature off and make
Am 03.05.2011 19:00, schrieb Rich Wales:
>> So what other 'vulnerable' configuration information EHLO reveals
>> & how they can disabled/mitigated/fabricated ?
>
> You may want to suppress the SIZE information (maximum size of a
> message that your server will accept). Some hackers might take
>
Benny Pedersen:
> On Tue, 22 Mar 2011 19:38:22 -0400 (EDT), Wietse Venema
>
> > Sorry, postscreen will not look up client hostnames. It needs to make
> > a decision in milliseconds time to avoid slowing down good clients.
>
> postscreen is perfect if i have permit_sasl_authenticated supported, i
Hi
I'm trying to change my SASL auth from Cyrus to Dovecot.
I have Dovecot all set up - it's authenticating IMAP users and postfix is using
dovecot-lda to deliver mail, but when I changes main.cf to use Dovecot SMTP
Auth wasn't working.
After a few hours of fruitless searching I finally though
Simon Brereton:
> Hi
>
> I'm trying to change my SASL auth from Cyrus to Dovecot.
You have not shown any evidence that your Postfix version actually
comes with Dovecot support.
Wietse
> -Original Message-
> From: Wietse Venema [mailto:
> Simon Brereton:
> > Hi
> >
> > I'm trying to change my SASL auth from Cyrus to Dovecot.
>
> You have not shown any evidence that your Postfix version actually
> comes with Dovecot support.
Actually - because I knew you'd say that - I i
On Tue, 2011-05-03 at 23:58:47 +0200, Simon Brereton wrote:
> I'm trying to change my SASL auth from Cyrus to Dovecot.
>
> I have Dovecot all set up - it's authenticating IMAP users and postfix
> is using dovecot-lda to deliver mail, but when I changes main.cf to
> use Dovecot SMTP Auth wasn't wo
Hello, recently I purchased the Hildebrandt/Koetter book: Postfix. I read
through chapter 16 minus the dialup material.
SASL by inspection is great but Simple it is not. I have tried many
combinations of Mechanism vs. Method.
Ostensibly this translates to chapters 15 & 16. I have read these over
On Wed, 2011-05-04 at 03:41:11 +, da...@davidwbrown.name wrote:
[inadequate problem report snipped]
> The question is: is there anyone in postfix land that has configured
> SASL successfully in recent history?
Yes. Please carefully review the following link:
http://www.postfix.org/DEBUG_RE
On Tue, May 3, 2011 at 2:48 AM, Nikolaos Milas wrote:
> I only have an exclude for postfix* in yum.conf and all upgrades (with "yum
> update") went without problems. My Postfix was not replaced by the
> distribution's package.
Ahhh... found the problem. I had excluded postfix-* instead of postfix
Hello all,
I had Postfix 2.3 installed on CentOS 5.5. I had Postfix running, but
wasn't able to send mail through it. I recompiled and upgraded to
2.8.2. I have verified that Postfix is running, port 25 is open, and I
have net connectivity. However, I can't send mail.
root 4551 0.0 0.2 54
Hi Everybody,
i find a abnormal log in maillog file for postfix.
a user can send email , non ip address and non from username present in
the log. how can i reslove that ?
[root@mail ~]# less /var/log/maillog
|grep 608D536DA9C |more
May 3 18:10:57 mail postfix/pickup[23046]:
608D536DA9C:
39 matches
Mail list logo
