On 11.10.22 10:37, Jens Hoffrichter wrote:
What are the technical differences between those two methods of connecting?
http://www.postfix.org/FORWARD_SECRECY_README.html Last section. Your
settings influence how it determines the difference between the two
security levels.
What is the recommended way to combat this behavior?
I'd personally lean towards fail2ban or comparable solutions to
aggregate Rejects with other suspicious behaviour on other ports and
react with system-wide IP bans.
Fail2ban e.g. has examples for catching REJECTs in its wiki:
On 22.09.21 04:26, Alex wrote:
Yes, thanks. I realize I can do that - it's the
"your_script_that_saves_to_sql" part that would be very helpful :-)
Not sure if there's a one-size-fits-all script that works in all setups,
it's going to be highly individualized.
> There's also great difficulty
On 23.04.21 08:36, Nicky Thomassen wrote:
But there is no need for that on a read-only site like Postfix'. In my opinion,
anyway.
It's only a read-only site as long as there's no man in the middle
attack injecting malicious code into the connection. There's too few
people who disable things
On 22.04.21 16:08, Lars Liedtke wrote:
I know this does not apply to all kinds of setup, but with
virtualization and containerization it should be easy to seperate
Postfix and provide a different nameserver in resolv.conf for it.
Yes, but postfix' builtin chroot isn't sufficient for this.
It really depends on what guarantees you need.
Usually on the MTA layer it's fine to just spin up separate instances,
and if one email gets lost in the 5 seconds between its receipt being
acknowledged and it being forwarded to an MDA, c'est la vie.
If that's not acceptable, you need some
On 25.02.21 13:47, Wietse Venema wrote:
John Dale:
"American concept that racism starts and ends at affecting blacks"
This is the Postfix mailing list. Foolist has been renamed into
Barlist. Stop the non-technical rant, or be deleted.
TBH, you kind of set up yourself for all this discussion
Not sure why you need a library for this. Strip out all dots, split at +
and use the first value for comparison. That's trivial in every language.
signature.asc
Description: OpenPGP digital signature
On 20.01.20 13:14, Wesley Peng wrote:
> Hello
>
> Thanks all answers for kind info.
> My requirement is, for example, when refrigerator found there were no
> food in itself, it will send an email to remind the people.
> But refrigerator may not connect to internet directly, only home router
>
eachable on port 25 doesn't tell you
much either.
--
Mit freundlichen Grüßen, / Best Regards,
Sven Schwedas, Systemadministrator
✉ sven.schwe...@tao.at | ☎ +43 680 301 7167
TAO Digital | Teil der TAO Beratungs- & Management GmbH
Lendplatz 45 | FN 213999f/Klagenfurt, FB-Gericht Villach
A
On 29.01.19 16:40, Wietse Venema wrote:
> A higher release frequency would help to get good code out the door
> without having to race against a once-per-year schedule. But, as
> mentioned, it also reduces the length of time that a given release
> will be supported.
IMO not much of a problem, the
On 2018-10-04 13:40, rmosnicka wrote:
> hello,
> is exists any dokument for hardware sizing for postfix server ?
That will heavily depend on your configuration, especially wrt milters,
local transports and the likes.
> For example I need something like - for 50 email per day where top is
>
you need to do that can't be done with SSH already?
--
Mit freundlichen Grüßen, / Best Regards,
Sven Schwedas, Systemadministrator
✉ sven.schwe...@tao.at | ☎ +43 680 301 7167
TAO Digital | Teil der TAO Beratungs- & Management GmbH
Lendplatz 45 | FN 213999f/Klagenfurt, FB-Gericht Villach
A8
Any help is appreciated.
> Thank you.
>
> Regards,
> Niels
--
Mit freundlichen Grüßen, / Best Regards,
Sven Schwedas, Systemadministrator
✉ sven.schwe...@tao.at | ☎ +43 680 301 7167
TAO Digital | Teil der TAO Beratungs- & Management GmbH
Lendplatz 45 | FN 213999f/Klagenfurt
The site I have this in mind for receives a moderate amount of e-mail per day.
IMO I'd stick to amavis – while Rspamd /can/ perform better at large
scale, the documentation is awful. So stick to what you know.
--
Mit freundlichen Grüßen, / Best Regards,
Sven Schwedas, Systemadministrator
✉ sven.
On 2016-11-30 09:35, mar...@skjoldebrand.eu wrote:
> 2016-11-29 18:25 skrev Viktor Dukhovni:
>>> On Nov 29, 2016, at 5:55 AM, Sven Schwedas <sven.schwe...@tao.at> wrote:
>>>
>>> As long as saslauthd can bind against it like a regular Active Directory
>&g
is.
As long as saslauthd can bind against it like a regular Active Directory
(=LDAP) server, it should work without special configuration inside
postfix.
> Might be lacking googlefu again - if so appoligies.
>
> /Martin S
--
Mit freundlichen Grüßen, / Best Regards,
Sven Schwedas, Systemad
bit is good
enough and faster; 256 bit has more safety margin against *some* attacks
– but not all), some programs prefer one or the other. You'll have to
look up whether you can tell your particular client software to prefer
256 bit ciphers, if you want to.
>
> Original Message
> From:
S-CTR/AES-CBC instead of -GCM, to give tamper resistance.
GCM has that built in.)
--
Mit freundlichen Grüßen, / Best Regards,
Sven Schwedas, Systemadministrator
Mail/XMPP sven.schwe...@tao.at | Skype sven.schwedas
TAO Digital | Lendplatz 45 | A8020 Graz
https://www.tao-digital.at | Tel +43 680 301 716
s more like
> you need to recruit customers for them.
Same with the others. Of course they want to stay in business, even if
it's dead already.
>
>
> Original Message
> From: Sven Schwedas
> Sent: Wednesday, September 28, 2016 1:10 AM
> To: postfix-users@postfix.org
> Subj
> that these CAs are still quite popular overall.
>>
>> If you're using StartCom/WoSign certs, and rely on them being
>> verified by MUAs and/or peer MTAs. you may want to make
>> contingency plans if Mozilla and perhaps others go through
>> with delisting (or disab
crashes
> - Botched log rotation especially with compression vs. Signals
> (logrotate, newsyslog)
> - Systemd/journal* malfunction on modern Linux
> - File system issues (skipped fsck after a crash)
> - Memory and other hw issues
>
--
Mit freundlichen Grüßen, / Best Regards,
Sven S
s,
re-inject the mail if appropriate, and set a proper status code.
--
Mit freundlichen Grüßen, / Best Regards,
Sven Schwedas
Systemadministrator
TAO Beratungs- und Management GmbH | Lendplatz 45 | A - 8020 Graz
Mail/XMPP: sven.schwe...@tao.at | +43 (0)680 301 7167
http://software.tao.at
sign
Put permit_mynetworks at the end (or drop it entirely, if
feasible).
>
> Any suggestions on how to completely drop these types messages?
>
> Thanks,
> -DB
>
--
Mit freundlichen Grüßen, / Best Regards,
Sven Schwedas
Systemadministrator
TAO Beratungs- und Management GmbH |
protocol immune to LOGJAM.
Is usage of tls_preempt_cipherlist still recommended?
--
Mit freundlichen Grüßen, / Best Regards,
Sven Schwedas
Systemadministrator
TAO Beratungs- und Management GmbH | Lendplatz 45 | A - 8020 Graz
Mail/XMPP: sven.schwe...@tao.at | +43 (0)680 301 7167
http
25 matches
Mail list logo