Am 08.11.2015 um 13:52 schrieb John Allen:
I ran the ssl-tools tests on my mail server.
Everything seems to be OK, *BUT* it reports that i am using a weak
cipher "ECDHE_RSA_WITH_RC4_128_SHA"!
So I sat down and googled - postfix/dovecot/apache - ciphers
suites/recommendations less than one year
> I can't help but notice that
>
> http://www.postfix.org/POSTSCREEN_README.html#config
>
> suggests to disable the chroot on all new services, and notably
> smtpd. Also, all socket paths (e.g. milter) have to be updated.
>
> Is this necessary? postscreen seems to work fine with all these
>
Hey folks,
thanks to a hint on IRC, I started experimenting with postscreen(8)
to fend off some hefty zombie attacks.
I can't help but notice that
http://www.postfix.org/POSTSCREEN_README.html#config
suggests to disable the chroot on all new services, and notably
smtpd. Also, all socket
I ran the ssl-tools tests on my mail server.
Everything seems to be OK, *BUT* it reports that i am using a weak
cipher "ECDHE_RSA_WITH_RC4_128_SHA"!
So I sat down and googled - postfix/dovecot/apache - ciphers
suites/recommendations less than one year old.
I gave up at about the fifteenth
Hi John,
On 2015-11-08 13:52, John Allen wrote:
I ran the ssl-tools tests on my mail server.
Everything seems to be OK, BUT it reports that i am using a weak
cipher "ECDHE_RSA_WITH_RC4_128_SHA"!
So I sat down and googled - postfix/dovecot/apache - ciphers
suites/recommendations less than one
http://disablessl3.com/
When I ran a series of email server checks, I was surprised that one claimed to
disable ssl3 to avoid the poodle hack. Seems very unlikely to me. Anyway, the
link above does suggest doing that.
Original Message
From: Alice Wonder
Sent: Sunday, November 8, 2015
On Sun, Nov 08, 2015 at 07:52:27AM -0500, John Allen wrote:
> I ran the ssl-tools tests on my mail server.
> Everything seems to be OK, *BUT* it reports that i am using a weak cipher
> "ECDHE_RSA_WITH_RC4_128_SHA"!
Ignore their report for now. I am tentatively planning to disable
RC4 in default
To be RFC compliant port 25 must accept MTA to MTA connections with no
encryption.
When another server can't connect with encryption, it will try without.
Allowing weak ciphers is better than the result where ciphers are not
used because the other server only supports older ciphers in my
On 11/7/2015 10:03 AM, yahoogro...@lazygranch.xyz wrote:
> Note that Domain Keys is not the same as DKIM. DKIM supercedes Domain Keys.
>
> http://support2.constantcontact.com/articles/FAQ/2213
>
> I'm no guru on this, so correct away if I'm wrong.
>
> I can pass DKIM, but not Domain Keys. I
On 11/08/2015 07:18 PM, Viktor Dukhovni wrote:
> No need, just use "postmap -q".
Good idea, I didn't think of that.
> You can also ask postmap to
> read multi-line message headers from a message file.
>
> See the postmap(1) manpage for details of the "-h", "-m" (and "-b")
> options.
Thanks, I
On Mon, Nov 09, 2015 at 03:09:39PM +1100, Robert Mueller wrote:
> > Alternatively, I guess you could add something like a
> > smtpd_end_of_session_restrictions that runs after the cleanup commit is
> > complete?
At that point is already either queued or rejected by cleanup. So
such a "callback"
> I see that there are smtp_header_checks that must run during the smtp
> sending phase, would it be worth adding smtpd_header_checks (with some
> restrictions likes the smtp_* ones) that run in smtpd during the message
> reading phase?
Having a look at the code, this appears annoying. It
12 matches
Mail list logo
