Re: [CFP] "Modern Email" Developer Room at FOSDEM '24
This exact message was sent to the Cyrus list, too. On Wed, 2023-11-22 at 14:06 +0100, Joris Baum wrote: > Hi, > > There will be a developer room that I think will be of particular > interest for subscribers of this mailing list for "Modern Email" > during > FOSDEM '24. It will center around the current state of email, > free/open > source software projects related to email and current developments. > > FOSDEM is and event for free software and open source developers. The > event encompasses two main streams: talks curated by organizers > covering > diverse topics and the developer rooms. Spread across multiple > buildings > at the venue, the developer rooms are focusing on specific concepts, > technologies, and ideas. This is where the fun is. And most of the > fun > will obviously happen in the "Modern Email" room. > > The submission deadline for proposals is 1st December 2023. You can > find > more info on GitHub: https://github.com/modern-email/FOSDEM-24 . > > Regards, > > Joris Baum > > -- > Joris Baum > Tel: +49 721 170293 16 > Fax: +49 721 170293 179 > > http://www.audriga.com | http://www.twitter.com/audriga > > - > - > audriga GmbH | Alter Schlachthof 57 | 76137 Karlsruhe > Sitz der Gesellschaft: Karlsruhe - Amtsgericht Mannheim - HRB 713034 > Geschäftsführer: Dr. Frank Dengler, Dr. Hans-Jörg Happel > - > - > > ___ > dovecot mailing list -- dovecot@dovecot.org > To unsubscribe send an email to dovecot-le...@dovecot.org ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
DMARC Failures for Mailing List
Now that we've got our new mail server going and the DMARC reports are coming in, I'm finding a lot of DMARC failures for messages that I'm sending to this list. It seems that when I send a message to this list, the list software forwards it to other people on my behalf, but uses my email address in the header_from. This results in an SPF failure, because SPF only allows our MX to send mail for our domain. The DKIM check is also failing. I think the list software may be re-writing the message bodies. Another user that I replied to on this list a day ago said my list mail went to spam on his gmail. 1. Will our domain reputation be harmed by having a lot of copies of the same messages going to a bunch of different people on different ISPs and all of them failing DMARC? It seems that some places are using databases that look for duplicate content sent to multiple recipients to identify bulk mail and spam. 2. Is there any way to mitigate DMARC issues for mailing lists? It seems like the mailing list software should be sending out the emails as itself, not as the user that submitted the message. ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: Geofencing
My original reason for asking was, in addition to setting up a new mail server, there was a topic that came up about port scanning. My thought was, if the only people that need email services on ports 587 and 993 are employees, there might be a way to close down access to those ports to reasonable ranges that employees might actually use. If ranges are assigned to organizations, and you knew that you only wanted phone access, couldn't you enter the IP ranges assigned to T-Mobile, AT, etc as a firewall rule to allow, else deny? DENY Fail2Ban IPs ALLOW US Based Consumer ISPs ALLOW Our Office DENY others That seems like it would reduce the number of people that could try to brute force your IMAP/SMTP logins. Toronto 416.642.7266 Main 1.866.411.7266 Fax 1.888.892.7266 Email p...@scom.ca On 2023-11-16 5:31 p.m., Jochen Bern wrote: On 16.11.23 16:56, Paul Kudla wrote: the ip that triggered all this says it is allocated from NL (Neatherlands) but physicaly exists in Hawii ? As someone working for a LIR, let me clarify a couple things: IPs get assigned to organizations. The registered contacts may well be that organization's main offices on one continent while the hardware actually using those addresses is located someplace different - and the users whose traffic gets its public IP from that hardware could well be in a third. ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: Anyone Watching Actvity from this network? Attempting Dovecot Buffer Overflows?
Are there publicly available lists of IP ranges by region?
There's no reason for any IP outside of North America to be contacting Postfix
on Submission (587) or IMAP, since these are employee only services.
If not for mobile phones, we could really close it off.
On Thu, 2023-11-16 at 08:27 -0500, Paul Kudla wrote:
Good day to all .
Just adding to the conversation with how I had to deal with this
years ago.
Basically hacks to any server are an issue today but it is cat &
mouse
trying to track all of this.
That being said using the reported ip address below, I patched
postfix
to log the ip address in one syslog pass (to id the sasl user account
+
ip etc)
Along with the above dovecot logging is verbose (dovecot already does
all access in one line - ie ip address, username (email address) etc)
combining the two I run my own ip address firewall tracking system
based
on the syslogging in real time.
For Example :
__
# ipinfo 104.156.155.21
IP Status for : 104.156.155.21
IP Status : IPv4
NS Lookup (Forward) : 104.156.155.21
NS Lookup (Reverse) : None
IP Blacklisted Status : Found 104.156.155. for
104.156.155.21
[D] {Asterisk}
Last Program : sshd
Ip Location Info for : 104.156.155.21
No Ip Information Found
(ie ip location lookup failed / does not exist for this ip ?)
__
basically the ip address block was found in my firewall so something,
someone etc has tried to hack one of my servers
in the case of scom.ca i run an asterisk server and since the
asterisk
is noted someone tried hacking that one as well.
Basically i run a database that tracks and updates all firewall in
real
time.
Running FreeBSD I use PF and asterisk is linux based so i use the
iptables and update every 10 minutes.
Only time now a days I get involved if a customer calls and complains
they are not getting emails etc ...
That happens a few times a year.
Again just an FYI
This reply was more to indicate all email servers (and anything
attached
to the internet) really need to run some sort of automated ip
firewall
when username password hacks occur, no reverse ip address etc etc etc
Food for thought.
Have A Happy Thursday !!!
Thanks - Paul Kudla (Manager SCOM.CA Internet Services Inc.)
Scom.ca Internet Services
004-1009 Byron Street South
Whitby, Ontario - Canada
L1N 4S3
Toronto 416.642.7266
Main 1.866.411.7266
Fax 1.888.892.7266
Email p...@scom.ca
On 11/15/2023 5:53 PM, Simon B wrote:
On Wed, 15 Nov 2023, 23:25 Michael Peddemors,
wrote:
There is a network claiming to be a security company,
however the
activity appears to be a little more malicious, and
appears to be
attempting buffer overflows against POP-SSL
services.. (and other
attacks).
https://www.abuseipdb.com/check/104.156.155.21
Just thought it would be worth mentioning, you might
want to keep an
eye
out for traffic from this company...
Might want to make up your own mind, or maybe someone
has more
information, but enough of a red flag, that thought
it warranted
posting
on the list.
Not sure yet if it is Dovecot, or the SSL libraries
they are
attempting
to break, but using a variety of SSL/TLS methods and
connections...
They are not interested in dovecot per se. They scan for
TLS vulnerabilities,
mostly.
Anyone with more information?
NetRange: 104.156.155.0 - 104.156.155.255
CIDR: 104.156.155.0/24
NetName: ACDRESEARCH
NetHandle: NET-104-156-155-0-1
Parent: NET104 (NET-104-0-0-0-0)
NetType: Direct Allocation
OriginAS:
Organization: Academy of Internet Research Limited
Liability
Company
(AIRLL)
RegDate: 2022-01-07
Updated: 2022-01-07
Ref: https://rdap.arin.net/registry/ip/
104.156.155.0
OrgName: Academy of Internet Research Limited
Liability
Company
OrgId:
Re: Minimum configuration for Dovecot SASL only?
On Sat, 2023-11-04 at 16:32 -0700, Michael Peddemors wrote:
> Why use Dovecot/IMAP at all for the SMTP Authentication, can't you
> simply go direct to your database?
>
> On 2023-11-03 09:55, Nick Lockheart wrote:
> > I have a Dovecot IMAP server and a Postfix server on separate
> > machines.
> > The user information is stored in a MariaDB database that is
> > replicated
> > on both servers.
> >
> > Postfix needs to authenticate outgoing mail against our valid user
> > database. I believe this requires us to install a "dummy" Dovecot
> > on
> > the Postfix server so that Dovecot SASL can provide authentication
> > to
> > Postfix from the database.
> >
> > I think Cyrus had a standalone Cyrus-SASL package, but Dovecot
> > doesn't?
> >
> > If I wanted to setup a Dovecot instance on the Postfix server just
> > for
> > the purposes of SMTP authentication, and not use it to handle any
> > mail,
> > what is the minimum configuration required to make that work?
> >
> > Is the dovecot-common package (Debian) enough? Or do I need the
> > full
> > dovecot-imap package?
> >
> > What protocols go in the protocols directive? Can you just make it
> > "protocols = auth" to disable IMAP connections?
> >
> > ___
> > dovecot mailing list -- dovecot@dovecot.org
> > To unsubscribe send an email to dovecot-le...@dovecot.org
>
>
As far as I am aware, the only way to authenticate users for relay with
Postfix is to use SASL with either the Dovecot SASL implementation or
the Cyrus SASL implementation.
https://www.postfix.org/SASL_README.html
"Actually postfix can auth with sasl without dovecot"
@Paul Kudla: It looks like you may be using the Cyrus SASL
implementation, which is part of the Cyrus IMAP server, but they make
the SASL module a separate binary.
If I could use Postfix to mysql directly, that would be great.
But since it seems like you need one of the two SASL implementations
(Dovecot or Cyrus), I was preferring to use Dovecot since it will
support the same password encryption schemes that the Dovecot IMAP
server uses, and the SMTP and IMAP servers can then share a replicated
user database.
I can't use the real Dovecot IMAP server for auth, because it runs on a
separate server, and Postfix does not support TLS connections for SASL.
So I need a Dovecot SASL-only instance on the server with Postifx,
while the Dovecot IMAP instance with real mail runs on another server.
My question is, what is the minimum config for Dovecot to make it do
SASL auth, but not do anything else?
Is the dovecot-common package enough to get the auth module? Can you
even start dovecot-common as a service, or must I use either the
dovecot-pop or dovcot-imap to actually get a usable daemon? Which (pop
or imap) is lighter weight, since mail services will be shutoff anyway?
Should I put `protocols = none` in the configuration file to make it do
nothing but auth:
protocols = none
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
}
And then configure passdb and userdb per normal?
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
Minimum configuration for Dovecot SASL only?
I have a Dovecot IMAP server and a Postfix server on separate machines. The user information is stored in a MariaDB database that is replicated on both servers. Postfix needs to authenticate outgoing mail against our valid user database. I believe this requires us to install a "dummy" Dovecot on the Postfix server so that Dovecot SASL can provide authentication to Postfix from the database. I think Cyrus had a standalone Cyrus-SASL package, but Dovecot doesn't? If I wanted to setup a Dovecot instance on the Postfix server just for the purposes of SMTP authentication, and not use it to handle any mail, what is the minimum configuration required to make that work? Is the dovecot-common package (Debian) enough? Or do I need the full dovecot-imap package? What protocols go in the protocols directive? Can you just make it "protocols = auth" to disable IMAP connections? ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
