Re: selective disable of smtpd opportunistic TLS

2016-01-14 Thread Viktor Dukhovni
On Thu, Jan 14, 2016 at 12:06:43PM -0500, Curtis Villamizar wrote: > /usr/local/sbin/postconf -c /etc/postfix -n | grep tls > > smtp_tls_cert_file = /etc/postfix/cert.pem > smtp_tls_key_file = /etc/postfix/key.pem Usually best to not configure client certificates. > smtp_tls_ciphers = high

Re: selective disable of smtpd opportunistic TLS

2016-01-14 Thread Curtis Villamizar
In message <88031027-d5b8-4f48-947d-294302fac...@dukhovni.org> Viktor Dukhovni writes: > > > On Jan 13, 2016, at 8:52 PM, Curtis Villamizar > > wrote: > > > > The logs revealed something about the nature of the problem. A few of > > these sort of messages were found.

Re: HowTo AntiSpam for "Beginners"

2016-01-14 Thread Tim
On 15/01/16 09:17, Dennis Steinkamp wrote: what anti spam tools can you recommend for my own (private) mailserver. Is greylisting still something worth considering for general setups? Its probably a huge debate but the information i gathered on this matter is pretty controversial. Isn`t the

Re: HowTo AntiSpam for "Beginners"

2016-01-14 Thread James Brown
I use ASSP, which is incredibly comprehensive as an anti-malware solution for mail servers. It integrates with clamav - make sure you get the third party signatures like SaneSecurity, as that will stop heaps more. It’s under active development. It has heaps of configuration options, so might

how to disable spam checks for authenticated users?

2016-01-14 Thread Filippo Zeus
Hi all, I'm new to postfix 2.11.3 under debian 8 and I have recently configured postfix+amavis+spamassassin+clamav+dovecot with virtual users (mysql). all seems to work ok but I'd like to disable amavis (and spamassassin/clam) checks for authenticated users mainly, and eventually for locally

Re: HowTo AntiSpam for "Beginners"

2016-01-14 Thread Steve Jenkins
On Thu, Jan 14, 2016 at 2:17 PM, Dennis Steinkamp wrote: > my approach therefor would be to use postscreen in conjunction with > policyd-weight and amavisd-new for after queue content filtering. > Does this sound reasonable to you? > Extremely reasonable. Postscreen

TLSv1.0 (was Re: selective disable of smtpd opportunistic TLS)

2016-01-14 Thread Curtis Villamizar
In message Curtis Villamizar writes: > btw - I just added "!TLSv1.0" to get only TLSv1.2. I wasn't sure I > could specify !TLSv1.0 so I just tried it. > > Curtis oops that didn't work. Curtis

How to set

2016-01-14 Thread Eric Kom
Good day folk, I ran Postfix with Dovecot as a mailbox for years now. I noticed that, when a sender sent mails, the mailbox received it using the date and time from the sender machine not a server one. Which make the receiver mailbox saving the mails at the wrong time. Please can someone help me

How to configure the mail receiving time from the server

2016-01-14 Thread Eric Kom
Good day folk, I ran Postfix with Dovecot as a mailbox for years now. I noticed that, when a sender sent mails, the mailbox received it using the date and time from the sender machine not a server one. Which make the receiver mailbox saving the mails at the wrong time. Please can someone help me

Re: selective disable of smtpd opportunistic TLS

2016-01-14 Thread Curtis Villamizar
Hi Viktor, I really appreciate all of the good information you have provided. We are going in circles in a few places because we have different goals. See comments inline and at the end of this message. In message <20160114212645.gk...@mournblade.imrryr.org> Viktor Dukhovni writes: > > On

Re: selective disable of smtpd opportunistic TLS

2016-01-14 Thread Viktor Dukhovni
On Thu, Jan 14, 2016 at 11:54:13PM -0500, Curtis Villamizar wrote: > > > > > smtp_tls_ciphers = high > > > > > > > > Usually best to leave this at "medium". This is opportunistic > > > > TLS, and if high fails, you'll send cleartext, which is NOT > > > > stronger than medium. > > >

HowTo AntiSpam for "Beginners"

2016-01-14 Thread Dennis Steinkamp
Hi, its been a journey the last few weeks and i certainly learned a lot about postifx and mail delivery in general. Let me take this oppourtunity to say thank you to all the people on the mailing list who sacrifice some of their time on a daily basis to help others. I am sure it can be really

Re: HowTo AntiSpam for "Beginners"

2016-01-14 Thread Phil Stracchino
On 01/14/16 17:17, Dennis Steinkamp wrote: > Some of these tools share (at least for me) some similarities or even > seem redundant and i honestly don`t know how to pick the right tool(s) > to build a solid defense for my own mailserver. > I know there is probably no definite answer to this

Re: TLSv1.0 (was Re: selective disable of smtpd opportunistic TLS)

2016-01-14 Thread Viktor Dukhovni
On Thu, Jan 14, 2016 at 02:07:07PM -0500, Curtis Villamizar wrote: > In message > Curtis Villamizar writes: > > > btw - I just added "!TLSv1.0" to get only TLSv1.2. I wasn't sure I > > could specify !TLSv1.0 so I just tried it. Who

Re: selective disable of smtpd opportunistic TLS

2016-01-14 Thread Viktor Dukhovni
On Thu, Jan 14, 2016 at 03:53:23PM -0500, Curtis Villamizar wrote: > > > smtp_tls_ciphers = high > > > > Usually best to leave this at "medium". This is opportunistic > > TLS, and if high fails, you'll send cleartext, which is NOT > > stronger than medium. > > That's actually fine

Re: selective disable of smtpd opportunistic TLS

2016-01-14 Thread Curtis Villamizar
In message <20160114175729.gg...@mournblade.imrryr.org> Viktor Dukhovni writes: > On Thu, Jan 14, 2016 at 12:06:43PM -0500, Curtis Villamizar wrote: > > > /usr/local/sbin/postconf -c /etc/postfix -n | grep tls > > > > smtp_tls_cert_file = /etc/postfix/cert.pem > > smtp_tls_key_file =

Re: TLSv1.0 (was Re: selective disable of smtpd opportunistic TLS)

2016-01-14 Thread Curtis Villamizar
In message <20160114200215.gj...@mournblade.imrryr.org> Viktor Dukhovni writes: > On Thu, Jan 14, 2016 at 02:07:07PM -0500, Curtis Villamizar wrote: > > > In message > > Curtis Villamizar writes: > > > > > btw - I just added