Re: Email message encryption
Zitat von Paul Bronson via Info-cyrus: I am looking for an open source Cisco Ironport type email message encryption solution that is open source. I've looked for years but can't find anything. Anyone have an ideas? We use this one since some years : http://www.djigzo.com/ It's a full featured gateway solution. Another one would be https://goodcrypto.com/ but this one i have not used until now. Regards Andreas smime.p7s Description: S/MIME Cryptographic Signature Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Request: Please sign this list's messages via DKIM or SPF
Zitat von Binarus via Info-cyrus: Combine SPF / DKIM with domain blacklisting, and then you *have* an efficient spam fighting tool. As stated the spam actually reaching our inboxes after around 90% cutoff is valid DKIM/SPF signed as it is mostly from the big free providers like Outlook.com, Google and Yahoo. Some other big share is from professional spam farms with always alternating IP and Domains ranges from all over the world with also valid DKIM/SPF. Next big share is from educational servers also mostly valid DKIM/SPF. The tiny rest with around 10% is in fact not DKIM/SPF signed. From the valid e-mail around 20% looks like having a valid SPF/DKIM, mostly professional newsletters not personal mail from customers. So No, SPF/DKIM is no useful spam fighting tool at least not in our corner of the world. Regards Andreas smime.p7s Description: S/MIME Cryptographic Signature Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Request: Please sign this list's messages via DKIM or SPF
Zitat von Binarus via Info-cyrus: On 04.04.2016 18:12, Sebastian Hagedorn via Info-cyrus wrote: Personally, I think that's a phenomenally stupid approach. As long as you can't show me an RFC that says you MUST or even SHOULD use SPF or DKIM, you're breaking SMTP. I think it's a phenomenally intelligent approach. I can't see in which way SMTP is broken by using DKIM or SPF. The DKIM signature is in an additional header (additional headers *are* allowed by the RFCs), and signing and checking usually is done by milters (I am sure that you know them). If a message is rejected by the receiving MTA due to failing SPF or DKIM, the sender will get a DSN (which is perfectly in conformance with the RFCs). By the way, many people use all sorts of mail filtering and DSNs (and do so since 20 years and more) without an RFC saying they SHOULD or MUST do so. Are all people which use any sort of mail filter breaking SMTP as well? Could you please give an example of an SMTP RFC which is violated by SPF or DKIM? Regards, Binarus Due to the exponential increase of spam, we generally have to reject all messages which are not secured by SPF or DKIM, and we know a lot of other people who do the same (by the way, this has proven to be extremely effective in our case). When our MTA encounters such a message, it rejects it and returns a bounce message to the pretended sender, notifying him about the problem. The "we generally have to reject all messages which are not secured by SPF or DKIM" mean you want to force others to use non standard headers so in fact you are breaking SMTP RFC. It is your server so your rules, but don't complain if other do not agree with you. Regards Andreas smime.p7s Description: S/MIME Cryptographic Signature Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Request: Please sign this list's messages via DKIM or SPF
Zitat von Binarus via Info-cyrus: Dave, On 04.04.2016 13:22, Dave McMurtrie wrote: the messages which are being sent from this mailing list's server don't seem to be protected by SPF or signed by DKIM. Are there plans to implement at least one of these in the near future? We currently have no plans to implement either, but I can put it on our list of things to do. Thank you very much for considering. Due to the exponential increase of spam, we generally have to reject all messages which are not secured by SPF or DKIM, and we know a lot of other people who do the same (by the way, this has proven to be extremely effective in our case). When our MTA encounters such a message, it rejects it and returns a bounce message to the pretended sender, notifying him about the problem. You are for sure aware that neither SPF nor DKIM are able or designed to fight Spam. In fact more than half of the Spam reaching our inboxes are valid according DKIM/SPF so we even might reduce spam by rejecting DKIM/SPF signed mail. DKIM/SPF does only include that the sending server is mandated by DNS to send mail for the given domain and this is easily done with all modern spammer tools. But this is also OT here Regards Andreas smime.p7s Description: S/MIME Cryptographic Signature Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: IPv6
Zitat von Sebastian Hagedorn via Info-cyrus: Hi, we've been using IPv6 for a few years now, but so far we haven't used it with Cyrus. Now we want to, and I have a few questions: Is it correct that if we use host names in the listen statement and add a record to the DNS that Cyrus will automatically listen to both the IPv4 and the IPv6 address? I have manually added listen statements with literal IPv6 addresses to cyrus.conf and HUP'ed the master, but that didn't seem to work. What format do I have to use? Plain addresses (e.g. 2001:DB8::6f0:484c:df5:e8b1:28cd), in brackets like in a browser (e.g. [2001:DB8::6f0:484c:df5:e8b1:28cd]), sendmail-style (e.g. IPv6:2001:DB8::6f0:484c:df5:e8b1:28cd) or ...? Or is the problem that for changes like that I have to restart the service? Cheers Sebastian Hm, the man page say "bracket-enclosed IP address" but until now we have only used the port as service name "imap" e.g. listen="imap" which works fine for both IPv4 and IPv6 on a dual stack host. Do you have any special need to use the hostname/IP address and not bind to all local addresses? Regards Andreas smime.p7s Description: S/MIME Cryptographic Signature Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Advise needed for new mail server
Zitat von Michael Menge via Info-cyrus: Hi Mufit, Quoting Mufit Eribol via Info-cyrus : Hello, I have been successfully using postfix+cyrus-imapd (2.4.17) for our small company for years on our local server. The emails are now accounting to a size of some 160GB. As we are having power and internet problems quite often, I rented a VPS from a world renowned hosting company and installed postfix+cyrus-imapd there. My question is, as I have limited hard disk space (40GB) on VPS, I can't (and don't want to) copy all of my local emails to the VPS. The new mail server will have a fresh start. But old emails needs to be accessible on the local server as well. Currently, I am planning to change the names of local domains to some non-existent name just for the internal lookup (example.com --> example2.com), so that we can setup example2.com on our email clients on lan. The real domain example.com will be setup on our desktop email clients as usual. I think, using example2.com on local lan just for reading mails by cyrus will work, but it is not an elegant solution. I would appreciate any ideas. Cyrus Murder my be the solution for you. https://cyrusimap.org/mediawiki/index.php/Cyrus_Murder The Clients will only connect to one server (VPS), and the mails can be stored on different backend servers. There is only minimal configuration change needed on your old server, but you would need to rename the folders. 1 backend (VPS) for the INBOX and folders with new Mail 1 backend (old System) with all old folders in an archive subfolder for each user 1 mupdate master (VPS) 1 frontend (VPS) Regards Michael Menge Depending on the mail clients used and the number of clients you can also simply setup the new server as a additional IMAP Account and disable the (incoming) SMTP service on the old server. With this you will have the internal IMAP server as "archive" with a lot of storage and the new server for internet related traffic. Regards Andreas smime.p7s Description: S/MIME Cryptographic Signature Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus