I am running my postfix (mailcow) in my local network and interface to the
outside via a VPN that is terminated on a VPS with a static address with
adequate reputation. Historically I used NAT in both directions in- and
outbound, but I switched to use proxy protocol inbound as I am in fact now
On 17.12.23 23:12, Kristoff via Postfix-users wrote:
I don't know if this question has already been ask, but I did not find
anything in the archive of the mailing-list.
I co-manage a postfix-server for an hobby-club. We provide
email-addresses to our members, which are linked to aliases, so
Did you mean instead of
inside Postix -> outside Postfix -> remote MTAs in the Internet
Use
inside Postfix -reverse haproxy-> remote MTAs in the Internet
Theat is currently not implemented, and no design exists.
Wietse
___
Postfix-us
Hi Matus,
Thanks.
Yes, I guess it are spam or phishing mails.
The trick with "smtpd_recipient_restrictions" looks interesting. Thanks!
As I understand it now, there are three steps in this:
1/ the spammer sends us an email with destination
"foreign-email-address-in-srs-for...@ourhobbycl
Hello Wietse,
Yes, exactly, no second instance. Ok, implies I haven´t overlooked something.
Is this an option you are willing to consider?
The key benefit to guys like me is that one doesn´t have to manage two
instances, considering setup and maintenance, configuration (like tls
policies), backu
On 18.12.23 13:52, Kristoff via Postfix-users wrote:
Yes, I guess it are spam or phishing mails.
The trick with "smtpd_recipient_restrictions" looks interesting. Thanks!
As I understand it now, there are three steps in this:
1/ the spammer sends us an email with destination
"foreign-email-ad
Hello Viktor, Wietse,
(I am copying the Postfix community as the report is out in the public now)
First of all thank you for your help and response to highlight your approach to
this issue. This may not be the first time you have observed types of abuse
that relate to spoofing.
This research w
On 2023-12-18 at 11:31:47 UTC-0500 (Mon, 18 Dec 2023 16:31:47 +)
Vijay S Sarvepalli via Postfix-users
is rumored to have said:
Hello Viktor, Wietse,
(I am copying the Postfix community as the report is out in the public
now)
First of all thank you for your help and response to highlight
Kristoff via Postfix-users:
> Dec 17 04:32:05 smtp postfix/smtp[725772]: 4F58E6A10A0:
> to=u...@example.com,
> orig_to=SRS0=zxmM=H4=example.com=u...@ourhobbyclubdomain.com,
> relay=mail.example.com[A.B.C.D]:25, delay=0.16, delays=0.05/0/0.08/0.02,
> dsn=2.0.0, status=sent (250 2.0.0 Ok: queued
On Mon, Dec 18, 2023 at 02:48:43PM -0500, Bill Cole via Postfix-users wrote:
> > This research work has now been published by Sec Consult company, see
> > link below .
>
> It is interesting that they seem to be unaware of some SMTP basics, such as
> the fact that message bodies, message headers,
Bill Cole via Postfix-users:
> On 2023-12-18 at 11:31:47 UTC-0500 (Mon, 18 Dec 2023 16:31:47 +)
> Vijay S Sarvepalli via Postfix-users
> is rumored to have said:
>
> > Hello Viktor, Wietse,
> > (I am copying the Postfix community as the report is out in the public
> > now)
> >
> > First of a
Hello Wietse,
>> - Don't accept mail with a broken end-of-data sequence (Postfix
currently allows zero or more followed by ). Or more
generally, don't accept or that aren't part of a
sequence. Postfix does not support BDAT with BINARYMIME, so there
is no valid use of stray or bytes.
If Post
Bill Cole via Postfix-users wrote in
<6039ed61-2c8f-4a12-b736-994d32632...@billmail.scconsult.com>:
|On 2023-12-17 at 09:27:36 UTC-0500 (Sun, 17 Dec 2023 06:27:36 -0800
|(PST))
|saunders.nicholas--- via Postfix-users
|is rumored to have said:
|
|> How is this header populated?
|>
|> X-Go
Viktor Dukhovni via Postfix-users:
> - Postfix 3.9 (pending official release soon), rejects unuthorised
> pipelining by default: "smtpd_forbid_unauth_pipelining = yes".
>
> - Postfix 3.8.1, 3.7.6, 3.6.10 and 3.5.20 include the same supporting
> code as 3.9 snapshots, but the "smtpd_forbid_unau
On Mon, Dec 18, 2023 at 05:40:49PM -0500, Wietse Venema wrote:
> > - Postfix 3.8.1, 3.7.6, 3.6.10 and 3.5.20 include the same supporting
> > code as 3.9 snapshots, but the "smtpd_forbid_unauth_pipelining"
> > parameter defaults to "no".
>
> Indeed, setting "smtpd_forbid_unauth_pipelining = ye
> For now, enforcement of pipelining is actually available, while
> enforcement of vs. is still only a hypothetical.
As an average user without any special or legacy systems, I'd appreciate if one
could configure Postfix as safe and secure as possible regarding this issue. So
I'd value being o
Wietse:
> - Don't accept mail with a broken end-of-data sequence (Postfix
> currently allows zero or more followed by ). Or more
> generally, don't accept or that aren't part of a
> sequence. Postfix does not support BDAT with BINARYMIME, so there
> is no valid use of stray or bytes.
Vijay S
On Tue, Dec 19, 2023 at 12:20:57AM +0100, r.barclay--- via Postfix-users wrote:
> > For now, enforcement of pipelining is actually available, while
> > enforcement of vs. is still only a hypothetical.
>
> As an average user without any special or legacy systems, I'd
> appreciate if one could con
Wietse;
> inside Postfix -reverse haproxy-> remote MTAs in the Internet
> That is currently not implemented, and no design exists.
Joachim Lindenberg via Postfix-users:
> Hello Wietse,
> Yes, exactly, no second instance. Ok, implies I haven't overlooked
> something. Is this an option you are
19 matches
Mail list logo
