from:"lst_hoe02\-\-\- via Info\-cyrus"

Re: Email message encryption

2016-04-06 Thread lst_hoe02--- via Info-cyrus



Zitat von Paul Bronson via Info-cyrus :

I am looking for an open source Cisco Ironport type email message  
encryption solution that is open source. I've looked for years but  
can't find anything. Anyone have an ideas?




We use this one since some years :

http://www.djigzo.com/

It's a full featured gateway solution. Another one would be

https://goodcrypto.com/

but this one i have not used until now.

Regards

Andreas




smime.p7s
Description: S/MIME Cryptographic Signature

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Request: Please sign this list's messages via DKIM or SPF

2016-04-05 Thread lst_hoe02--- via Info-cyrus



Zitat von Binarus via Info-cyrus :



Combine SPF / DKIM with domain blacklisting, and then you *have* an  
efficient spam fighting tool.




As stated the spam actually reaching our inboxes after around 90%  
cutoff is valid DKIM/SPF signed as it is mostly from the big free  
providers like Outlook.com, Google and Yahoo. Some other big share is  
from professional spam farms with always alternating IP and Domains  
ranges from all over the world with also valid DKIM/SPF. Next big  
share is from educational servers also mostly valid DKIM/SPF. The tiny  
rest with around 10% is in fact not DKIM/SPF signed.
From the valid e-mail around 20% looks like having a valid SPF/DKIM,  
mostly professional newsletters not personal mail from customers.


So No, SPF/DKIM is no useful spam fighting tool at least not in our  
corner of the world.


Regards

Andreas




smime.p7s
Description: S/MIME Cryptographic Signature

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Request: Please sign this list's messages via DKIM or SPF

2016-04-05 Thread lst_hoe02--- via Info-cyrus



Zitat von Binarus via Info-cyrus :


On 04.04.2016 18:12, Sebastian Hagedorn via Info-cyrus wrote:
Personally, I think that's a phenomenally stupid approach. As long  
as you can't show me an RFC that says you MUST or even SHOULD use  
SPF or DKIM, you're breaking SMTP.


I think it's a phenomenally intelligent approach. I can't see in  
which way SMTP is broken by using DKIM or SPF. The DKIM signature is  
in an additional header (additional headers *are* allowed by the  
RFCs), and signing and checking usually is done by milters (I am  
sure that you know them). If a message is rejected by the receiving  
MTA due to failing SPF or DKIM, the sender will get a DSN (which is  
perfectly in conformance with the RFCs).


By the way, many people use all sorts of mail filtering and DSNs  
(and do so since 20 years and more) without an RFC saying they  
SHOULD or MUST do so. Are all people which use any sort of mail  
filter breaking SMTP as well?


Could you please give an example of an SMTP RFC which is violated by  
SPF or DKIM?


Regards,

Binarus




Due to the exponential increase of spam, we generally have to reject all
messages which are not secured by SPF or DKIM, and we know a lot of other
people who do the same (by the way, this has proven to be extremely
effective in our case). When our MTA encounters such a message, it
rejects it and returns a bounce message to the pretended sender,
notifying him about the problem.


The "we generally have to reject all messages which are not secured by  
SPF or DKIM" mean you want to force others to use non standard headers  
so in fact you are breaking SMTP RFC.


It is your server so your rules, but don't complain if other do not  
agree with you.


Regards

Andreas





smime.p7s
Description: S/MIME Cryptographic Signature

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Request: Please sign this list's messages via DKIM or SPF

2016-04-04 Thread lst_hoe02--- via Info-cyrus



Zitat von Binarus via Info-cyrus :


Dave,

On 04.04.2016 13:22, Dave McMurtrie wrote:
the messages which are being sent from this mailing list's server  
don't seem to be protected by SPF or signed by DKIM. Are there  
plans to implement at least one of these in the near future?




We currently have no plans to implement either, but I can put it on our
list of things to do.



Thank you very much for considering.

Due to the exponential increase of spam, we generally have to reject  
all messages which are not secured by SPF or DKIM, and we know a lot  
of other people who do the same (by the way, this has proven to be  
extremely effective in our case). When our MTA encounters such a  
message, it rejects it and returns a bounce message to the pretended  
sender, notifying him about the problem.


You are for sure aware that neither SPF nor DKIM are able or designed  
to fight Spam. In fact more than half of the Spam reaching our inboxes  
are valid according DKIM/SPF so we even might reduce spam by rejecting  
DKIM/SPF signed mail.
DKIM/SPF does only include that the sending server is mandated by DNS  
to send mail for the given domain and this is easily done with all  
modern spammer tools.


But this is also OT here

Regards

Andreas




smime.p7s
Description: S/MIME Cryptographic Signature

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: IPv6

2016-03-23 Thread lst_hoe02--- via Info-cyrus



Zitat von Sebastian Hagedorn via Info-cyrus :


Hi,

we've been using IPv6 for a few years now, but so far we haven't  
used it with Cyrus. Now we want to, and I have a few questions:


Is it correct that if we use host names in the listen statement and  
add a  record to the DNS that Cyrus will automatically listen to  
both the IPv4 and the IPv6 address?


I have manually added listen statements with literal IPv6 addresses  
to cyrus.conf and HUP'ed the master, but that didn't seem to work.  
What format do I have to use? Plain addresses (e.g.  
2001:DB8::6f0:484c:df5:e8b1:28cd), in brackets like in a browser  
(e.g. [2001:DB8::6f0:484c:df5:e8b1:28cd]), sendmail-style (e.g.  
IPv6:2001:DB8::6f0:484c:df5:e8b1:28cd) or ...? Or is the problem  
that for changes like that I have to restart the service?


Cheers
Sebastian


Hm, the man page say "bracket-enclosed IP address" but until now we  
have only used the port as service name "imap" e.g. listen="imap"  
which works fine for both IPv4 and IPv6 on a dual stack host. Do you  
have any special need to use the hostname/IP address and not bind to  
all local addresses?


Regards

Andreas




smime.p7s
Description: S/MIME Cryptographic Signature

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Advise needed for new mail server

2015-11-19 Thread lst_hoe02--- via Info-cyrus



Zitat von Michael Menge via Info-cyrus :


Hi Mufit,

Quoting Mufit Eribol via Info-cyrus :


Hello,

I have been successfully using postfix+cyrus-imapd (2.4.17) for our  
small company for years on our local server. The emails are now  
accounting to a size of  some 160GB. As we are having power and  
internet problems quite often, I rented a VPS from a world renowned  
hosting company and installed postfix+cyrus-imapd there.


My question is, as I have limited hard disk space (40GB) on VPS, I  
can't (and don't want to) copy all of my local emails to the VPS.  
The new mail server will have a fresh start. But old emails needs  
to be accessible on the local server as well.


Currently, I am planning to change the names of local domains to  
some non-existent name just for the internal lookup (example.com  
--> example2.com), so that we can setup example2.com on our email  
clients on lan. The real domain example.com will be setup on our  
desktop email clients as usual. I think, using example2.com on  
local lan just for reading mails by cyrus will work, but it is not  
an elegant solution.


I would appreciate any ideas.




Cyrus Murder my be the solution for you.
https://cyrusimap.org/mediawiki/index.php/Cyrus_Murder

The Clients will only connect to one server (VPS), and the mails can  
be stored on different
backend servers. There is only minimal configuration change needed  
on your old server, but you

would need to rename the folders.


1 backend (VPS) for the INBOX and folders with new Mail
1 backend (old System) with all old folders in an archive subfolder  
for each user

1 mupdate master (VPS)
1 frontend (VPS)


Regards

   Michael Menge



Depending on the mail clients used and the number of clients you can  
also simply setup the new server as a additional IMAP Account and  
disable the (incoming) SMTP service on the old server. With this you  
will have the internal IMAP server as "archive" with a lot of storage  
and the new server for internet related traffic.


Regards

Andreas



smime.p7s
Description: S/MIME Cryptographic Signature

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Email message encryption

Re: Request: Please sign this list's messages via DKIM or SPF

Re: Request: Please sign this list's messages via DKIM or SPF

Re: Request: Please sign this list's messages via DKIM or SPF

Re: IPv6

Re: Advise needed for new mail server

6 matches

Site Navigation

Mail list logo

Footer information