Hi Becki,
Thanks for the answer. I'm however trying to use the PAM way, because using
the auxprop method involves storing user passwords in plain text, which I'd
like to avoid. I can't seem to find a way to tell the smtpd.conf file to
encrypt passwords, and as per the Postfix documentation it seem
Rich Felker:
> > It would be a mistake to use TLSA records from an unsigned domain.
> > That would be no more secure than accepting a random server
> > certificate. All the pain of doing TLSA and none of the gain, just
> > security theatre.
>
> It's not security theater. It (1) ensures that you do
On Sat, Apr 18, 2020 at 10:59:51AM -0400, Wietse Venema wrote:
> Rich Felker:
> > > It would be a mistake to use TLSA records from an unsigned domain.
> > > That would be no more secure than accepting a random server
> > > certificate. All the pain of doing TLSA and none of the gain, just
> > > sec
On Sat, Apr 18, 2020 at 01:04:58PM -0400, Rich Felker wrote:
> It's not security theater because nobody's claiming it's secure.
> Rather it's a fairly weak form of hardening that increases the
> required capabilities an attacker needs to exploit a known-insecure
> system.
FWIW, Postfix in fact de
On Sat, Apr 18, 2020 at 03:01:08PM -0400, Viktor Dukhovni wrote:
> On Sat, Apr 18, 2020 at 01:04:58PM -0400, Rich Felker wrote:
>
> > > You can consider libc-musl as unsupported from now on.
> >
> > I am really not appreciating the hostility and utterly petty
> > vindictiveness of folks from this
