[pfx] Re: How to hide Exim behind Postfix (Configuring Postfix as a proxy in front of Exim MTAs) (was: Possible (indirect) libspf2 security issues)

2023-09-30 Thread Viktor Dukhovni via Postfix-users
On Sun, Oct 01, 2023 at 05:41:22AM +0200, Paul Menzel wrote: > Am 30.09.23 um 22:47 schrieb Viktor Dukhovni via Postfix-users: > > Recent news of security issues in Exim appear to in part implicate > > libspf2. > > Off-topic for Postfix users, but Tobias Fiebig published the article >

[pfx] How to hide Exim behind Postfix (Configuring Postfix as a proxy in front of Exim MTAs) (was: Possible (indirect) libspf2 security issues)

2023-09-30 Thread Paul Menzel via Postfix-users
Dear Postfix, Am 30.09.23 um 22:47 schrieb Viktor Dukhovni via Postfix-users: Recent news of security issues in Exim appear to in part implicate libspf2. […] Off-topic for Postfix users, but Tobias Fiebig published the article *Configuring Postfix as a proxy in front of Exim MTAs* [1].

[pfx] Re: Possible (indirect) libspf2 security issues

2023-09-30 Thread Viktor Dukhovni via Postfix-users
On Sat, Sep 30, 2023 at 01:58:17PM -0800, Mike via Postfix-users wrote: > This is probably obvious to most, but not being a current user of > DKIM/DMARC, why don't you verify DKIM, or enforce DMARC for inbound > mail? The "problems" that DMARC attempts to solve aren't an issue on my end. I don't

[pfx] Re: Possible (indirect) libspf2 security issues

2023-09-30 Thread Wietse Venema via Postfix-users
Mike via Postfix-users: > > Quoting Viktor Dukhovni via Postfix-users : > > > On Sun, Oct 01, 2023 at 12:00:25AM +0300, mailmary--- via > > Postfix-users wrote: > > > >> In my case, libspf2 is a dependent package of OpenDMARC > > > > Not surprising, since DMARC takes both DKIM and SPF into

[pfx] Re: Possible (indirect) libspf2 security issues

2023-09-30 Thread Mike via Postfix-users
Quoting Viktor Dukhovni via Postfix-users : On Sun, Oct 01, 2023 at 12:00:25AM +0300, mailmary--- via Postfix-users wrote: In my case, libspf2 is a dependent package of OpenDMARC Not surprising, since DMARC takes both DKIM and SPF into account. On my system, I sign outgoing mail with

[pfx] Re: Possible (indirect) libspf2 security issues

2023-09-30 Thread Viktor Dukhovni via Postfix-users
On Sun, Oct 01, 2023 at 12:00:25AM +0300, mailmary--- via Postfix-users wrote: > In my case, libspf2 is a dependent package of OpenDMARC Not surprising, since DMARC takes both DKIM and SPF into account. On my system, I sign outgoing mail with DKIM, but neither verify DKIM signatures, nor

[pfx] Re: Possible (indirect) libspf2 security issues

2023-09-30 Thread mailmary--- via Postfix-users
In my case, libspf2 is a dependent package of OpenDMARC (Alma Linux, Rocky Linux, Oracle Linux) On Sat, 30 Sep 2023 16:47:30 -0400 Viktor Dukhovni via Postfix-users wrote: > Recent news of security issues in Exim appear to in part implicate > libspf2. > > While Postfix does not directly

[pfx] Possible (indirect) libspf2 security issues

2023-09-30 Thread Viktor Dukhovni via Postfix-users
Recent news of security issues in Exim appear to in part implicate libspf2. While Postfix does not directly use libspf2, and the issues could perhaps be in part related to how libspf2 is integrated into Exim, it may be prudent for Postfix administrators to audit their MTA software stack for