>
> Michael Fox:
> > http://www.postfix.org/postconf.5.html#smtpd_sasl_security_options says
> "the
> > following security features are defined for the cyrus server .".
> Dovecot is
> > not mentioned. So, is it correct to interpret this to mean that this
> > postfix setting is a noop when
Michael Fox:
> http://www.postfix.org/postconf.5.html#smtpd_sasl_security_options says "the
> following security features are defined for the cyrus server .". Dovecot is
> not mentioned. So, is it correct to interpret this to mean that this
> postfix setting is a noop when dovecot is used for
Wietse:
> Dovecot tells Postfix the supported mechanism names and their
> security properties. Postfix intersects that with the main.cf
> settings, and announces the mechanisms that remain.
Michael Fox:
> O.K. Thanks.
>
> Can be more specific about which SASL mechanisms are allowed or
> In other words, how do I know which mechanisms will be
> > disallowed with "noactive" or "nodictionary" or allowed by
> "forward_secrecy"
> > or "mutual_auth"? I'm unable to connect the dots.
>
> You can find out about SASL active etc. attacks in RFC 4422
> https://tools.ietf.org/html/rfc4422
On 2016-07-09 18:34, Robert Schetterer wrote:
additional fail2ban, but log parse was to slow at my side
and for sure use postscreen
Its possible to trigger fail2ban from a policyd:
https://www.mtpolicyd.org/documentation.html#Mail::MtPolicyd::Plugin::Fail2Ban
Markus
--
Please define "is not working".
Wietse
I found this in "man iptables-extensions"
Examples:
# allow 2 telnet connections per client host
iptables -A INPUT -p tcp --syn --dport 23 -m connlimit
--connlimit-above 2 -j REJECT
It could be adapted to offer basic DoS protection for postfix.
Unfortunately my
Dear Colleagues,
I`m trying to configure authenticated relay server (SASL) using RHEL
Postfix 2.6.6.
System will transport E-mails only from authenticated clients.
1) Most of that clients are in the same subnet, does it make sense to
authtenicate that clients with passwords ? Do we need to use
On Sat, Jul 9, 2016 at 9:57 AM, Viktor Dukhovni
wrote:
>
>> On Jul 8, 2016, at 10:09 PM, Rick Zeman wrote:
>>
>> How might 'filtering out that mechanism" be done, Viktor? Doesn't
>> sound (or look like, based on SASL_README) that it's something done
> On Jul 11, 2016, at 9:27 AM, Rick Zeman wrote:
>
> Explicitly filtering in:
>
> smtp_sasl_mechanism_filter = plain, login
>
> did the trick. I didn't need to filter out XOAUTH2.
Whether through an explicit deny, or by omission, either way
the effect is to disable
http://www.postfix.org/postconf.5.html#smtpd_sasl_security_options says "the
following security features are defined for the cyrus server .". Dovecot is
not mentioned. So, is it correct to interpret this to mean that this
postfix setting is a noop when dovecot is used for sasl authentication?
On 11 Jul 2016, at 4:30, Zalezny Niezalezny wrote:
Dear Colleagues,
I`m trying to configure authenticated relay server (SASL) using RHEL
Postfix 2.6.6.
System will transport E-mails only from authenticated clients.
1) Most of that clients are in the same subnet, does it make sense to
12 matches
Mail list logo