28.04.2011 18:22, Wietse Venema пишет:
Michael Tokarev:
28.04.2011 15:08, Wietse Venema wrote:
Michael Tokarev:
postfix/cleanup: warning: milter8_message: vstream_fseek
incoming/4BE085028D: File too large
Why is this reported as a 450 4.3.0 error? This should
be a permanent error
On 3/5/2011 1:35 πμ, Steve Jenkins wrote:
I actually didn't have it in either - I was under the (apparently
false) impression that just putting the exclude in yum.conf would
apply to any repo. It's in the CentOS-Base.repo file in [base] and
[updates] now, tho. Thank you. :)
I also have
Randy Ramsdell wrote:
I am trying to configure a very selective list on who can send to a
certain local accounts ( could be many and currently contains maybe 30 ).
Currently, this is covered by:
smtpd_recipient_restrictions = check_recipient_access
Hi,
During a VA scan, it's reported that my postfix server has
a security vulnerability :
EhloCheck: SMTP daemon supports EHLO
1. How can I disable EHLO still send/receive mails?
2. Or is there a later version of postfix (let me know the
version) that addresses this or any patch to
1 more question:
if there's a way to disable EHLO or fixing it via a patch,
how do I verify (without running VA scan) that this EHLO
vulnerability has been fixed?
TIA
Roger
On May 3, 2011, at 8:42 AM, Roger Goh wrote:
1 more question:
if there's a way to disable EHLO or fixing it via a patch,
how do I verify (without running VA scan) that this EHLO
vulnerability has been fixed?
What vulnerability?! Who doesn't use EHLO?!?!
Perhaps you should use a
On 5/3/2011 10:34 AM, Roger Goh wrote:
Hi,
During a VA scan, it's reported that my postfix server has
a security vulnerability :
EhloCheck: SMTP daemon supports EHLO
EHLO is not a security vulnerability, rather it is a standard
feature of SMTP (not just postfix, but all mail servers).
Am 03.05.2011 17:34, schrieb Roger Goh:
Hi,
During a VA scan, it's reported that my postfix server has
a security vulnerability :
EhloCheck: SMTP daemon supports EHLO
where exactly is the security hole?
you should not trust the output of every tool blind without
try to understand
On May 3, 2011, at 8:49 AM, Reindl Harald wrote:Am 03.05.2011 17:34, schrieb Roger Goh:Hi,During a VA scan, it's reported that my postfix server hasa security vulnerability : EhloCheck: SMTP daemon supports EHLOwhere exactly is the security hole?you should not trust the output of every tool blind
During a VA scan, it's reported that my postfix server has a security
vulnerability : EhloCheck: SMTP daemon supports EHLO
As Roger Klorese pointed out, there is an advertised, fuzzy vulnerability
advisory out there regarding EHLO. However, as Noel Jones indicated, EHLO
is a standard part of
Ok, ok, no offence intended.
Can we mitigate it somewhat like what Roger Klorese suggested,
eg: restrict the info EHLO reveals or don't reveal actual hostname :
smtp_helo_name ($myhostname)
Use a fictitious hostname to send in the SMTP EHLO or HELO
command ( how do I do
from the url Roger Klorese provided,
http://www.iss.net/security_center/reference/vuln/smtp-ehlo.htm
it says :
SMTP daemons that support Extended HELO (EHLO) can release information
that could be useful to an attacker in performing an attack. Attackers
have been known to use the EHLO command
Am Montag, 2. Mai 2011, 12:57:01 schrieb Reindl Harald:
Am 02.05.2011 12:49, schrieb Mihira Fernando:
how stoopid can anybody be to make server-answers form a spamfilter
with 451 in polish and a form nobody out there can read followed
by a RED SUCCESS MESSAGE (finding out success after
Roger Goh:
Hi,
During a VA scan, it's reported that my postfix server has
a security vulnerability :
EhloCheck: SMTP daemon supports EHLO
EHLO is required by the SMTP standard (RFC 5321).
Wietse
Can we mitigate it somewhat like what Roger Klorese suggested,
eg: restrict the info EHLO reveals or don't reveal actual hostname :
All the configuration items you mentioned are things that affect what
your Postfix will or won't do as a client talking to other servers.
These configuration
So what other 'vulnerable' configuration information EHLO reveals
how they can disabled/mitigated/fabricated ?
You may want to suppress the SIZE information (maximum size of a
message that your server will accept). Some hackers might take
this as a challenge and try to exploit it in a
Hey all,
I just updated by backup mail gateway (Postfix/Clam/SA/Amavis) to 2.8 to
use postscreen.
I followed the instructions from here:
http://www.postfix.org/POSTSCREEN_README.html
I now keep getting these errors in my mail.log:
May 3 13:30:31 ubuntu-spam2 postfix/error[15293]:
On Tue, May 03, 2011 at 10:00:58AM -0700, Rich Wales wrote:
So what other 'vulnerable' configuration information EHLO reveals
how they can disabled/mitigated/fabricated ?
You may want to suppress the SIZE information (maximum size of a
message that your server will accept). Some hackers
On Tuesday, May 03, 2011 01:36:50 PM Bailey, Damian S. wrote:
Hey all,
I just updated by backup mail gateway (Postfix/Clam/SA/Amavis) to 2.8 to
use postscreen.
You may be suffering from this bug:
https://bugs.launchpad.net/bugs/764096
a duplicate report:
-Original Message-
From: owner-postfix-us...@postfix.org
[mailto:owner-postfix-us...@postfix.org] On Behalf Of Rich Wales
Sent: Tuesday, May 03, 2011 9:18 AM
To: postfix users
Subject: Re: security vulnerability : SMTP daemon supports EHLO
I can imagine that some hackers might
Le lundi 2 mai 2011 17:22, Wietse Venema a écrit :
fakessh:
hello list
hello gurus
hello ? Wietse Venema
a) Free crystal balls.
yes I possess crystal balls some nice numbers thank you
b) Free telepathic services.
yes I possess powers parapsychic I discuss with a large Indian
You may want to suppress the SIZE information . . . .
No, this is silly, one is better off advertising the maximum size
to avoid the vast majority unnecessary partial transmission of
overly large messages. An attacker can tie up SMTP server resources
whether the SIZE limit is known or not.
Scott,
Thanks, but I don't think this is my issue. (Thought the bugs are good
to know!)
My mail just isn't being relayed to my email server. I am running
Ubuntu, though it's 10.04.2 LTS
Damian Bailey | baile...@lcps.k12.va.us
Lead Technician | LCPS Technology
540.894.4373x8220
Shipping
On Tuesday, May 03, 2011 02:14:40 PM Bailey, Damian S. wrote:
-Original Message-
From: owner-postfix-us...@postfix.org
[mailto:owner-postfix-us...@postfix.org] On Behalf Of Scott Kitterman
Sent: Tuesday, May 03, 2011 2:00 PM
To: postfix-users@postfix.org
Subject: Re: Silly
Bailey, Damian S.:
May 3 13:30:31 ubuntu-spam2 postfix/error[15293]: 0126F2235EB:
to=spam...@lcps.k12.va.us, relay=none, delay=927,
delays=927/0.03/0/0.07, dsn=4.3.0, status=deferred (mail transport
unavailable)
I know it's due to changes I made to activate postscreen, but I honestly
Randy Ramsdell wrote:
Randy Ramsdell wrote:
I am trying to configure a very selective list on who can send to a
certain local accounts ( could be many and currently contains maybe 30 ).
Currently, this is covered by:
smtpd_recipient_restrictions = check_recipient_access
On Tue, 22 Mar 2011 19:38:22 -0400 (EDT), Wietse Venema
Sorry, postscreen will not look up client hostnames. It needs to make
a decision in milliseconds time to avoid slowing down good clients.
postscreen is perfect if i have permit_sasl_authenticated supported, i
have tryed to make this but
On Tue, May 03, 2011 at 11:15:57AM -0700, Rich Wales wrote:
A followup question. If I suppress the advertising of an extended
feature by listing it in smtpd_discard_ehlo_keywords, does that also
disable the feature? Or do I have to do other things to actually
turn a feature off and make it
Am 03.05.2011 19:00, schrieb Rich Wales:
So what other 'vulnerable' configuration information EHLO reveals
how they can disabled/mitigated/fabricated ?
You may want to suppress the SIZE information (maximum size of a
message that your server will accept). Some hackers might take
this as
Benny Pedersen:
On Tue, 22 Mar 2011 19:38:22 -0400 (EDT), Wietse Venema
Sorry, postscreen will not look up client hostnames. It needs to make
a decision in milliseconds time to avoid slowing down good clients.
postscreen is perfect if i have permit_sasl_authenticated supported, i
have
Hi
I'm trying to change my SASL auth from Cyrus to Dovecot.
I have Dovecot all set up - it's authenticating IMAP users and postfix is using
dovecot-lda to deliver mail, but when I changes main.cf to use Dovecot SMTP
Auth wasn't working.
After a few hours of fruitless searching I finally
-Original Message-
From: Wietse Venema [mailto:
Simon Brereton:
Hi
I'm trying to change my SASL auth from Cyrus to Dovecot.
You have not shown any evidence that your Postfix version actually
comes with Dovecot support.
Actually - because I knew you'd say that - I included
Hello, recently I purchased the Hildebrandt/Koetter book: Postfix. I read
through chapter 16 minus the dialup material.
SASL by inspection is great but Simple it is not. I have tried many
combinations of Mechanism vs. Method.
Ostensibly this translates to chapters 15 16. I have read these over
On Wed, 2011-05-04 at 03:41:11 +, da...@davidwbrown.name wrote:
[inadequate problem report snipped]
The question is: is there anyone in postfix land that has configured
SASL successfully in recent history?
Yes. Please carefully review the following link:
On Tue, May 3, 2011 at 2:48 AM, Nikolaos Milas nmi...@noa.gr wrote:
I only have an exclude for postfix* in yum.conf and all upgrades (with yum
update) went without problems. My Postfix was not replaced by the
distribution's package.
Ahhh... found the problem. I had excluded postfix-* instead
35 matches
Mail list logo