Stefan Foerster:
> * Viktor Dukhovni :
> > On Sat, Sep 28, 2013 at 12:47:22PM +0200, Peer Heinlein wrote:
> > > Use dovecot with a simple passwd-file-setup in /etc/dovecot/userdb and a
> > > simple relay-domains setup in Postfix and you'll be ready after half an
> > > hour.
> >
> > Generally, with
On Wed, Oct 02, 2013 at 08:25:48AM +0200, Stefan Foerster wrote:
> * Viktor Dukhovni :
> > On Sat, Sep 28, 2013 at 12:47:22PM +0200, Peer Heinlein wrote:
> > > Use dovecot with a simple passwd-file-setup in /etc/dovecot/userdb and a
> > > simple relay-domains setup in Postfix and you'll be ready a
We are currently using dovecot for smtp auth, and due to an increase in
spammers abusing smtp auth we setup dovecot to return an invalid login
for user's that have been set to "disabled" in our provisioning system.
This seemed to work for a while (preventing spammers that are using
auth), but
On Wed, Oct 02, 2013 at 10:17:16AM -0500, List wrote:
> We are currently using dovecot for smtp auth, and due to an increase
> in spammers abusing smtp auth we setup dovecot to return an invalid
> login for user's that have been set to "disabled" in our
> provisioning system. This seemed to work
On 10/2/13 10:32 AM, Viktor Dukhovni wrote:
On Wed, Oct 02, 2013 at 10:17:16AM -0500, List wrote:
We are currently using dovecot for smtp auth, and due to an increase
in spammers abusing smtp auth we setup dovecot to return an invalid
login for user's that have been set to "disabled" in our
pro
On Wed, Oct 02, 2013 at 10:46:12AM -0500, List wrote:
> One thing I noticed
> in the documentation regarding smtpd_recipient_restrictions (under "
> Dangerous use of smtpd_recipient_restrictions") is that recipient
> restrictions can result in too permissive access. I wonder if
> moving the check
On 10/02/2013 05:46 PM, List wrote:
I wonder if moving the
check_client_access and permit_sasl_authenticated below
reject_unauth_destination would help?
Moving 'check_client_access' below 'reject_unauth_destination'
prevents you from wildcards in 'check_client_access' which can make you
an ope
On Wed, Oct 02, 2013 at 07:08:48PM +0200, Manuel Bieling wrote:
> >I wonder if moving the
> >check_client_access and permit_sasl_authenticated below
> >reject_unauth_destination would help?
>
> Moving 'check_client_access' below 'reject_unauth_destination'
> prevents you from wildcards in 'check_
>From my understanding of the way postfix currently operates, there is no
smtpd/stmp TLS setting that can be set that would provide a
configuration that would result in a more 'hardened' configuration,
without causing interoperability problems. If I am wrong, I'm very
interested in knowing where.
On 10/02/2013 07:12 PM, Viktor Dukhovni wrote:
However, now that we see that the OP is using POP before SMTP
Aha I see, interesting relict
Manuel Bieling
Micah Anderson:
>
> From my understanding of the way postfix currently operates, there is no
> smtpd/stmp TLS setting that can be set that would provide a
> configuration that would result in a more 'hardened' configuration,
> without causing interoperability problems. If I am wrong, I'm very
> in
Hello friends, I used The Book of Postfix (thanks Ralf!) to help configure the
installation of Postfix for my website. I would like to ask the community to
examine closely for any flaws or weaknesses in the form I have it now. I have
two domains: timothylegg.com cherokeenewtestament.org that I c
I am so sorry, mail.com seems to have stripped out every one of my carriage
returns! Never seen that before. You'd think they'd have that figured out...
I switched to text from HTML formatting. I'll reformat the message below.
Tim Legg
- Original Message -
Hello friends,
I used The
On 10/02/2013 10:39 PM, Tim Legg wrote:
I have a username on this machine that I log in with, but choose to not have
that username be an e-mail address.
Hopefully this user is not called root. I recommend to disable root
login. And I also recommend to disable any other user how has an e-mail
On Wed, Oct 02, 2013 at 03:39:06PM -0400, Micah Anderson wrote:
> From my understanding of the way postfix currently operates, there is no
> smtpd/stmp TLS setting that can be set that would provide a
> configuration that would result in a more 'hardened' configuration,
> without causing interoper
I have a working postfix server (2.8.11) which looks for incoming mail
on socket, localhost, and my local network. It is also listening on
port 587 for authenticated users and on port 25 for WAN input.
I installed dkproxy (dkimproxy.sourceforge.net) so I can sign my
outgoing mail. I have it
Viktor Dukhovni writes:
> On Wed, Oct 02, 2013 at 03:39:06PM -0400, Micah Anderson wrote:
>
>> From my understanding of the way postfix currently operates, there is no
>> smtpd/stmp TLS setting that can be set that would provide a
>> configuration that would result in a more 'hardened' configurat
On Wed, Oct 02, 2013 at 07:38:42PM -0400, micah wrote:
> I suppose there is no way to achieve some middle ground of doing
> opportunistic encryption, but for those who are only talking with bad
> protocols and ciphers (or clear-text) do a non-permanent failure with a
> message about their bad prot
It is rare for me to log in as root. I have considered seriously about
disabling that login.
Yes, HTTP/S and SMTP will be on the same machine. Is there a hazard to that
end? They are completely different protocols communicating on different ports,
after all.
It does appear to work, my installat
Viktor Dukhovni writes:
> On Wed, Oct 02, 2013 at 07:38:42PM -0400, micah wrote:
>
>> I suppose there is no way to achieve some middle ground of doing
>> opportunistic encryption, but for those who are only talking with bad
>> protocols and ciphers (or clear-text) do a non-permanent failure with
20 matches
Mail list logo
