On Thu, Aug 10, 2006 at 04:06:38PM -0600, Bob Beck wrote:
Also, while STARTTLS does have its merits, it's still better suited for
handling MTA authentication than protecting user data - use GPG for the
latter.
STARTTLS opportunistically between MTA's is wonderful for
making shit
On 8/10/06, Will H. Backman [EMAIL PROTECTED] wrote:
Darrin Chandler wrote:
However, if the connecting party *requires* TLS then it would have a
problem with spamd. Is that the trouble you're having?
Yes. I'm protecting a Microsoft Exchange server with spamd on an
openbsd bridge. Because
For those servicing larger networks such as universities' ResNets or
campus networks, using a mandatory smarthost can be an excellent
detection tool to see which users/stations need to end up in a
quarantine.
Granted, the largest customer base for this sort of thing are likely
to be
* Bob Beck [EMAIL PROTECTED] [2006-08-11 08:23]:
Speaking as someone who does this, for the truly big university
there are a lot of clueless idiots...
Gee, although I suppose I should use my openbsd.org address when
giving such advice. Let me rephase - At most universities other
On Fri, Aug 11, 2006 at 03:07:01PM +0200, knitti wrote:
On 8/10/06, Will H. Backman [EMAIL PROTECTED] wrote:
Darrin Chandler wrote:
if you just wan't to have MUAs talk to your exchange, and don't want to use
STARTTLS, rdr the Exchange server to port 587 or 465 with pf. If you *want*
to have a
On Fri, Aug 11, 2006 at 06:21:36PM +0200, Joachim Schipper wrote:
On Fri, Aug 11, 2006 at 03:07:01PM +0200, knitti wrote:
On 8/10/06, Will H. Backman [EMAIL PROTECTED] wrote:
Darrin Chandler wrote:
if you just wan't to have MUAs talk to your exchange, and don't want to use
STARTTLS, rdr
On 2006/08/11 19:39, Joachim Schipper wrote:
As Sigfred pointed out to me privately, of course, GnuPG also leaks this
information. Still, STARTTLS shouldn't be used for privacy.
They're complementary. STARTTLS is one way to keep sender/rcpt
information a little further away from people who like
Am I correct in assuming that spamd and TLS on port 25 don't get along?
-- Will
On 8/10/06, Will H. Backman [EMAIL PROTECTED] wrote:
Am I correct in assuming that spamd and TLS on port 25 don't get along?
Given a mail server (or MUA) that is configured to require TLS on a
port it connects to, it will likely have a problem with any other end
not offering TLS capability
On Thu, Aug 10, 2006 at 09:39:56AM -0400, Will H. Backman wrote:
Am I correct in assuming that spamd and TLS on port 25 don't get along?
-- Will
Remember that you get *either* spamd *or* your MTA. So there's no
getting along to deal with.
However, if the connecting party *requires* TLS
Darrin Chandler wrote:
On Thu, Aug 10, 2006 at 09:39:56AM -0400, Will H. Backman wrote:
Am I correct in assuming that spamd and TLS on port 25 don't get along?
-- Will
Remember that you get *either* spamd *or* your MTA. So there's no
getting along to deal with.
However
On 8/10/06, Will H. Backman [EMAIL PROTECTED] wrote:
Because I require TLS and SMTP-AUTH for relaying purposes, I'm in a
bind. My real problem is getting Exchange to do SMTP-TLS on a different
port, so this is really a non-openbsd issue.
Perhaps you'd benefit from a solution of shielding your
On Thu, Aug 10, 2006 at 06:13:07PM +0200, Rogier Krieger wrote:
On 8/10/06, Will H. Backman [EMAIL PROTECTED] wrote:
Because I require TLS and SMTP-AUTH for relaying purposes, I'm in a
bind. My real problem is getting Exchange to do SMTP-TLS on a different
port, so this is really a non-openbsd
From: [EMAIL PROTECTED]
Note that at least Postfix has an independent greylisting
implementation
(postgrey); I'm fairly sure it's not the only one, and also
fairly sure
that there is a piece of code matching /milter/ and /grey/ around.
On 8/10/06, Joachim Schipper [EMAIL PROTECTED] wrote:
Note that at least Postfix has an independent greylisting implementation
True and these implementations may even be quite nice. I never felt
much of a need to try it out after having setup spamd.
Both are likely to work with STARTTLS;
On Thu, Aug 10, 2006 at 09:48:25PM +0200, Rogier Krieger wrote:
On 8/10/06, Joachim Schipper [EMAIL PROTECTED] wrote:
Note that at least Postfix has an independent greylisting implementation
True and these implementations may even be quite nice. I never felt
much of a need to try it out
Completely correct. spamd does not do TLS. It doesn't
need to. since starttls will fail the mailer will fall back anyway.
* Will H. Backman [EMAIL PROTECTED] [2006-08-10 07:58]:
Am I correct in assuming that spamd and TLS on port 25 don't get along
Yes. I'm protecting a Microsoft Exchange server with spamd on an
openbsd bridge. Because Microsoft Outlook uses Microsoft's way of
having MUAs talk to MTAs, there is no problem there.
I also enabled IMAPS (port 993) and SMTP-TLS (port 25) on the Exchange
Server so that normal mail
Also, while STARTTLS does have its merits, it's still better suited for
handling MTA authentication than protecting user data - use GPG for the
latter.
STARTTLS opportunistically between MTA's is wonderful for
making shit like Carnivore unusable. The Government should not be
able to
On 8/10/06, Joachim Schipper [EMAIL PROTECTED] wrote:
Keep a few sanity checks (e.g. no more than X recipients for a message
or no more than 100 messages a minute)
snip
This also helps against compromised boxes - i.e., it limits the damage.
So it's generally a good idea to have some limit.
20 matches
Mail list logo