Wietse Venema wrote:
> Michael Grimm:
>> /usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf:
>> unused parameter: respectful_logging=no
>
> I tested the code with the name cut-and-pasted and did not notice
> that the name had a typo.
>
> postfix-3.6-20210224 is uploaded to
Hi all,
We are hardening our services and would like to run postfix as a
non-root user. All our primary services, including postfix run as
docker containers. We use postfix as a forwarding agent only: mail is
delivered from the other services to postfix and then forwarded to
another MTA. Because p
Is it worth it to fracture the nomenclature of a huge body of software
work .. on a lark? Shouldn't a person lose credibility for doing
something like that so deviant from main stream common sense (colloquial
logic)?
I mean, it's not like we're saying
var nr = new DarkColorsOffendMe();
>
> however, the "allow" and "deny" clearly say something, while for
> understanding what does "white" and "black" mean, you must have some
> background (or, worse, prejudice).
>
However, those are regular Enlgish words that now get mixed up with the
technology making it harder to communicate w
On 24 Feb 2021, at 14:57, Emmett Culley wrote:
On 2/24/21 12:40 PM, Dirk Stöcker wrote:
On Wed, 24 Feb 2021, Wietse Venema wrote:
Postfix version 3.6 deprecates terminology that implies white is
better than black. Instead, Postfix prefers 'allowlist', 'denylist',
and variations on those words
hi,
thanks, we had something to laugh about at our coffee break this morning.
No offense, but if these are the final problems mankind has to solve, then we
are on a good way.
> Postfix version 3.6 deprecates terminology that implies white is
> better than black. Instead, Postfix prefers 'allowli
On 2021-02-24 Emmett Culley wrote:
> On 2/24/21 12:40 PM, Dirk Stöcker wrote:
>> On Wed, 24 Feb 2021, Wietse Venema wrote:
>>
>>> Postfix version 3.6 deprecates terminology that implies white is
>>> better than black. Instead, Postfix prefers 'allowlist', 'denylist',
>>> and variations on those wor
The Native American situation notwithstanding - it's splitting hairs -
the origins of "black balling" predate computer hacking.
For what it's worth, many of the Lakota I know in the area dislike the
term "Native American". They use the term relatives a lot. I like it.
var relative = new Cla
"American concept that racism starts and ends at affecting blacks"
This is an untrue generalization. It's not racist, but is it bigoted?
If anything, Americans are presently too sensitive to this issue and are
being pressed into making bad short sighted reactive policies.
On 2/24/21 8:36 P
John Dale:
> "American concept that racism starts and ends at affecting blacks"
This is the Postfix mailing list. Foolist has been renamed into
Barlist. Stop the non-technical rant, or be deleted.
Wietse
On 25.02.21 13:47, Wietse Venema wrote:
John Dale:
"American concept that racism starts and ends at affecting blacks"
This is the Postfix mailing list. Foolist has been renamed into
Barlist. Stop the non-technical rant, or be deleted.
TBH, you kind of set up yourself for all this discussion
Kudos to you Mauricio (great name, btw :)
If we are changing variable names to fight racism, since racism is not
clearly defined and may not exist, we may be making code changes to
fight something that doesn't exist.
"Race" - doesn't exist. You can't point to it?
I love software, though - g
John Dale:
> Kudos to you Mauricio (great name, btw :)
As the $SUBJECT says.
Wietse
On 2021-02-24 19:23:18, ghe2001 wrote:
> Any chance of terminating this thread -- my disk is only a terabyte.
+1 for terminating this thread.
> Programmers can call a variable or label whatever they want to. It's one of
> their perks.
>
> And they can change it if they want to. But it's often
This discussion was right on track and related to the naming of
variables until this strangeness:
"The Philosophy of Variable Naming with Considerations in the Social
Sciences"
Correcting a fact in mid stream of a legitimately technical discussion
does not justify a non-technical rant.
Del
On 25 Feb 2021, at 5:52, Michael Schumacher wrote:
if these are the final problems mankind has to solve, then we are on a
good way.
I think it's more "low-hanging fruit" than a "final problem." The
problem is a collision of metaphorical usages of "black" and "white" and
it is much simpler to
plus one for terminating this thread, because
On Thu, 2021-02-25 at 09:33 -0500, micah wrote:
> If people don't like it, please do something productive about
> it, rather than make hundreds of people have to hit their delete key.
Impossible. The only thing I found to work is the opposite of
prod
On 25 Feb 2021, at 06:30, John Dale wrote:
> since racism is not clearly defined and may not exist
Please kill this thread before more of this fetid feces gets posted.
--
"If you make people think they're thinking, they'll love you; But if
you really make them think, they'll hate you."
Emond Papegaaij:
> Hi all,
>
> We are hardening our services and would like to run postfix as a
> non-root user.
Good luck with that. Postfix is a general-purpose MTA for POSIX
environments and requires privieleges for certain operations.
- Opening a privileged network port
- Changing privilege
Wietse Venema:
> John Dale:
> > Kudos to you Mauricio (great name, btw :)
>
> As the $SUBJECT says.
And.. terminated.
> On Feb 25, 2021, at 1:53 PM, Wietse Venema wrote:
>
> Also, fixed-unprivileged mode can make Postfix LESS secure: root
> privileges are used by none of the Postfix programs in your forwarding
> path as they handle email. In fixed-unprivileged mode, a compromised
> Postfix daemon process can cor
Hi,
Thanks for your clear and descriptive answer Wietse! My search so far
only revealed the privileged network port. The items you describe make
perfect sense in a POSIX environment, but a lot less in a dockerized
environment.
On Thu, Feb 25, 2021 at 4:53 PM Wietse Venema wrote:
> Good luck with
Emond Papegaaij:
> > You could do an experiment with an LD_PRELOADed shared object that
> > intercepts the problematic getuid() call, and that returns a result
> > that makes Postfix happy. Then you can see what breaks.
> >
>
> To be honest, I'd rather run a supported service as root than hacking
> On 22 Feb 2021, at 18:40, Joe Acquisto-j4 wrote:
>
On 22 Feb 2021, at 17:27, Joe Acquisto-j4 wrote:
>>>
Post fix version 3.4.7. with Spamassassin. While adding virus
scanning (clamav) noticed during testing
that any mail send from the postfix host does not get processed by
s
On 25.02.21 12:57, Joe Acquisto-j4 wrote:
I did not notice that adding non_smtpd_milters also caused off
box (smtpd) mail to be scanned twice, before and after
spamassassin.
Apparently having both smtpd_milters and non_smtpd_milters
specified in main.cf causes that.
Initially it appeared to me
Dnia 25.02.2021 o godz. 12:57:04 Joe Acquisto-j4 pisze:
>
> I did not notice that adding non_smtpd_milters also caused off
> box (smtpd) mail to be scanned twice, before and after
> spamassassin.
That's a good reason to switch from running spamassassin as a post-queue
content filter to runnin
. . .
>
> I did not notice that adding non_smtpd_milters also caused off
> box (smtpd) mail to be scanned twice, before and after
> spamassassin.
>
> Apparently having both smtpd_milters and non_smtpd_milters
> specified in main.cf causes that.
>
> Initially it appeared to me that milte
On 25/02/2021 09:43, Emond Papegaaij wrote:
> Hi all,
>
> We are hardening our services and would like to run postfix as a
> non-root user. All our primary services, including postfix run as
> docker containers. We use postfix as a forwarding agent only: mail is
> delivered from the other servi
>
> It is an *ANCIENT* reference, but the but the O'Reilly book "Building
> Internet
> Firewalls" describes a simple program called smap.
It runs without root privileges and ONLY accepts incoming SMTP connections,
> dropping messages into a queue for processing by another program.
> (Could this be
On Thu, Feb 25, 2021 at 11:39:19PM +, Allen Coates wrote:
> It is an *ANCIENT* reference, but the but the O'Reilly book "Building Internet
> Firewalls" describes a simple program called smap.
>
> It runs without root privileges and ONLY accepts incoming SMTP connections,
> dropping messages i
Root...
On Fri, 26 Feb 2021, IL Ka wrote:
I am not a security expert, but I believe it should be possible to create a
virtual machine dedicated to email processing.
If an attacker breaks it and gets root privileges on this machine it still
wouldn't do much harm to the other services.
... in D
31 matches
Mail list logo
