Re: Mitigating DROWN

2016-03-10 Thread Viktor Dukhovni
On Thu, Mar 10, 2016 at 04:40:37PM -0600, Blake Hudson wrote: > >>>smtpd_tls_exclude_ciphers = > >>>EXPORT, LOW, MD5, SEED, IDEA, RC2 > >>> smtp_tls_exclude_ciphers = > >>>EXPORT, LOW, MD5, aDSS, kECDHe, kECDHr, kDHd, kDHr, SEED, IDEA, RC2 > >With opportunistic TLS one should be

Re: Mitigating DROWN

2016-03-10 Thread Blake Hudson
Viktor Dukhovni wrote on 3/10/2016 11:57 AM: On Thu, Mar 10, 2016 at 05:22:22AM -0700, @lbutlr wrote: smtpd_tls_exclude_ciphers = EXPORT, LOW, MD5, SEED, IDEA, RC2 smtp_tls_exclude_ciphers = EXPORT, LOW, MD5, aDSS, kECDHe, kECDHr, kDHd, kDHr, SEED, IDEA, RC2 With

Re: Mitigating DROWN

2016-03-10 Thread Viktor Dukhovni
On Thu, Mar 10, 2016 at 05:22:22AM -0700, @lbutlr wrote: > > smtpd_tls_exclude_ciphers = > >EXPORT, LOW, MD5, SEED, IDEA, RC2 > > smtp_tls_exclude_ciphers = > >EXPORT, LOW, MD5, aDSS, kECDHe, kECDHr, kDHd, kDHr, SEED, IDEA, RC2 With opportunistic TLS one should be somewhat

Re: MAIL FROM validiity

2016-03-10 Thread Wietse Venema
Pascal Maes: > Would it be possible to test only the existence of the MAIL FROM ? With "smtpd_sender_restrictions = reject_unlisted_sender", or with "smtpd_reject_unlisted_sender = yes". http://www.postfix.org/postconf.5.html#reject_unlisted_sender

Re: MAIL FROM validiity

2016-03-10 Thread /dev/rob0
On Thu, Mar 10, 2016 at 01:54:12PM +, Pascal Maes wrote: > From time to time, one of our users is caught by a phishing > attempt. His account is then used to send spam and generally > the MAIL FROM does not match one of our addresses. snip > Would it be possible to test only the existence of

SV: MAIL FROM validiity

2016-03-10 Thread Sebastian Nielsen
Create a file containing the following (where yourdomain.com is the domain your authenticated users send from): yourdomain.com: permit_sasl_authenticated, reject postmap the file. Then use: smtpd_recipient_restrictions = ... check_sender_access hash:/path/to/file ...

MAIL FROM validiity

2016-03-10 Thread Pascal Maes
Hello, >From time to time, one of our users is caught by a phishing attempt. His account is then used to send spam and generally the MAIL FROM does not match one of our addresses. I found this to test the validity of the MAIL FROM /etc/postfix/main.cf : smtpd_sender_login_maps =

Re: Mitigating DROWN

2016-03-10 Thread Joan Aymà
El 10/03/16 a les 13:22, @lbutlr ha escrit: > smtpd_tls_exclude_ciphers = aNULL, DES, 3DES, MD5, DES+MD5, RC4, LOW, EXPORT > smtp_tls_exclude_ciphers = MD5, aDSS, SRP, PSK, aECDH, aDH, SEED, IDEA, RC2, > RC5 I have set this on my postfix: smtp_tls_exclude_ciphers = MEDIUM, LOW, aNULL, eNULL,

Re: Mitigating DROWN

2016-03-10 Thread @lbutlr
On Tue Mar 01 2016 10:16:51 Viktor Dukhovni said: > > smtpd_tls_exclude_ciphers = >EXPORT, LOW, MD5, SEED, IDEA, RC2 > smtp_tls_exclude_ciphers = >EXPORT, LOW, MD5, aDSS, kECDHe, kECDHr, kDHd, kDHr, SEED, IDEA, RC2 I have

add maildrop transport

2016-03-10 Thread Joan Aymà [ackstorm]
Hi, We are planning to add maildrop to get some filter functionality, i.e. reformail. The server is on production, and mail delivering is configured now with virtual as virtual_transport and courier as MDA (if helps), and maildrops is already installed from distro repositories. We plan to use