oe etc. etc.. They rarely object to plussed user
addresses or single-person-owned domains that could have a catchall
configured, though ...
(I *should* have tried a user part with "ß" on an upcaseing online
service back when that umlaut officially *didn't have* an uppercase
version ...
having a plugin run amok and cause the master dovecot
process to abort due to OOM sounds like creating an even worse problem,
frankly ...
Kind regards,
--
Jochen Bern
Systemingenieur
Binect GmbH
smime.p7s
Description: S/MIME Cryptographic Signature
___
would choose to fail the POP requests?
Kind regards,
--
Jochen Bern
Systemingenieur
Binect GmbH
smime.p7s
Description: S/MIME Cryptographic Signature
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
on them? ;-)
Kind regards,
--
Jochen Bern
Systemingenieur
Binect GmbH
smime.p7s
Description: S/MIME Cryptographic Signature
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
e no info for an IP you look
up, or some that's plain wrong.
And *then* there are things like Anycast or BGP hijacking or VPN
services to obscure one's origin or ...
Kind regards,
--
Jochen Bern
Systemingenieur
Binect GmbH
smime.p7s
Description: S/MIME Cryptographic Signature
___
local IPv6 addresses assigned - at which point
IPv6 LISTENs will work, too.
Of course, if you "disabled" IPv6 by compiling a kernel without the code
relevant to it (is it still possible to do that?), various things might
break *hard* ...
Kind regards,
--
Jochen Bern
Systeminge
nd an equivalent for the
*virtual* accounts' password backend ...
(Yes, it'd be better to have it seamlessly integrated into the IMAP
protocol, but don't forget that you'd need the *MUAs* to start
supporting it as well before the general public will ever even learn
about the new feature ...
as things, especially the number of such fourth parties to
support by the same CA, start to scale up IMHO. Which promptly brings
us back to you running the CA yourself ...
Kind regards,
--
Jochen Bern
Systemingenieur
Binect GmbH
smime.p7s
Description: S/MIME Cryptographic
ot;no A or RRs found", in fact, I'm getting an NXDOMAIN for the FQDN).
Regards,
--
Jochen Bern
Systemingenieur
Binect GmbH
smime.p7s
Description: S/MIME Cryptographic Signature
en inside encryption (that a
MitM may or may not be able to crack), so it's not a clear all-out FAIL
to use those.
Whether the password is still in cleartext *when written to / read from
disk* is another question, but that would be a negligible defense
against someone who rooted your server.
Kind reg
hark) without having to crack any crypto ...
Kind regards,
--
Jochen Bern
Systemingenieur
Binect GmbH
was "how many users may there be who flag incoming
e-mails with the due date for the request contained in them, rather than
using a separate calendar or to-do-list application?" ...)
Regards
--
Jochen Bern
Systemingenieur
Binect GmbH
smime.p7s
Description: S/MIME Cryptographic Signature
On 01.07.22 20:02, Jochen Bern wrote:
*Totally* theorizing here, but as far as I'm aware, the SMTP (AUTH),
POP, and IMAP protocol definitions do not provide elbow room to make
*two* rounds of authentication. (Ever pondered why the admin can require
O365 users to "use 2FA",
o communicate with the token directly
(ideally so that the user gets the password-to-enter via the token, say,
per SMS, but for *that* to work out, you need that *every* piece of
software used is willing and able to forward the info "user X wants to
make an attempt at auth" *before* i
ISHED-ACCEPT rule's
priority (it's some additional burden to the CPU to match *all* incoming
IMAP(S) packets against the blocklist, after all), you could always
render it effectively unusable by setting a (blackhole) host route for
the IP.
Regards,
--
Jochen Bern
Systemingenieur
Bin
rts, so MitM attacks are definitely possible.
[Still vividly remembers finding that a certain camping ground's WiFi
transparently redirects geusts' SMTP/IMAP to a snooping, SSL-enabled
server ...]
Kind regards,
--
Jochen Bern
Systemingenieur
Binect GmbH
smime.p7s
Description: S/MIME Cryptographic Signature
ch have a Message-ID of their own, with the IDs of the
earlier e-mails appearing in In-Reply-To: and References: headers to
support threading in MUAs.)
Kind regards,
--
Jochen Bern
Systemingenieur
Binect GmbH
smime.p7s
Description: S/MIME Cryptographic Signature
v1, in the meantime -
at least by Red Hat - downgraded to *not* be a *Remote* Code Execution
(RCE) vuln) ...
Regards,
--
Jochen Bern
Systemingenieur
Binect GmbH
smime.p7s
Description: S/MIME Cryptographic Signature
nner like sslyze against the
server.)
Regards,
--
Jochen Bern
Systemingenieur
Binect GmbH
smime.p7s
Description: S/MIME Cryptographic Signature
From:Cc:Reply-To:Subject:In-Reply-To:References:From;
>
> [...] I do not know why Reply-to and From are both listed twice.
(That's Reply-To: (the address(es) to which to send replies) and
*In-*Reply-To: (the Message-ID of the mail that *this* e-mail replies
to), FWIW.)
Regards,
--
Jochen
you NOT have an SMTP-out server for
this account at all!" etc..)
Regards,
--
Jochen Bern
Systemingenieur
Binect GmbH
smime.p7s
Description: S/MIME Cryptographic Signature
On 18.01.21 12:18, @lbutlr wrote:
> On 18 Jan 2021, at 04:12, Jochen Bern wrote:
>> (Also, you can legally have several e-mails with the same Message-ID in
>> your mailbox; e.g., someone addressed it to two aliases that both expand
>> to you, just to name one possibilty wh
; e.g., someone addressed it to two aliases that both expand
to you, just to name one possibilty where *both* go through *sieve* as
well.)
Regards,
--
Jochen Bern
Systemingenieur
Binect GmbH
smime.p7s
Description: S/MIME Cryptographic Signature
mail loops.
If you don't know *exactly* what you're doing, maintain your myriad of
users/mailboxes *both* at the ISP and on your internal servers and put
the "mails in ISP mailbox X *all* go into internal mailbox Y, and
nowhere else!" relations "hardcoded" into your retrieval t
_pipe_exec_t:s0 gpgit gpgit 12141
> May 11 2015 gpgit.pl
Needless to say, you'll have to "su - gpgit" and "gpg --import ..." the
various(?) recipients' public keys, too. And *monitor* them there, if
there are any with a limited lifetime ...
Kind regards,
--
Jochen Be
edirect to www.mydom.ain).
Regards,
--
Jochen Bern
Systemingenieur
www.binect.de
www.facebook.de/binect
smime.p7s
Description: S/MIME Cryptographic Signature
dicially suborned into creating a working fraudulent one.
(Where "practical" means "you cannot expect the entire, possibly
worldwide, user population to manually strip their clients' list of
accepted CAs down to the one *you* chose".)
Regards,
--
Jochen Bern
Systemingenieur
use normal expiry functions to
> clean out that archive after backup.
From a data flow (and privacy protection) POV, that wouldn't be much
different anymore from having *the MTA* feed a copy of (all incoming)
e-mails directly into an archiving mechanism, would it?
http://www.postfix.org/postc
d MDA reside within
one and the same MTA and you'll have a filtering config/API where you
already can evaluate *both* parts of the input information - sending
account and that it's to be delivered to all@ - at once.)
Regards,
--
Jochen Bern
Systemingenieur
www.binect.de
www.facebook.de/binect
sm
guess?)
2. Assuming that the incoming e-mail is S/MIME signed *and encrypted*,
is it actually possible to extract the sender cert *without* having
the application's keypair to *decrypt* the e-mail in the process?
Kind regards,
--
Jochen Bern
Systemingenieur
www.binect.de
www.facebook.de
thout* DNS lookups",
whichever your (internal?) networking necessitates).
http://www.postfix.org/transport.5.html
With a bit of luck, that might already "contain" the weirdness to the
point that neither the MX nor dovecot need config hacks.
Regards,
--
Jochen Bern
Systemin
On 05/16/2018 12:01 PM, Aki Tuomi wrote:
> On 16.05.2018 12:56, Jochen Bern wrote:
>> Considering the keywords "dovecot" and "sieve", that would still not be
>> "end to end" and not even "MSA to MX"(-ish) but merely &qu
rivial problem with that is to retrieve recipients'
pubkeys in an even remotely trustworthy manner, of course.
Regards,
--
Jochen Bern
Systemingenieur
www.binect.de
www.facebook.de/binect
smime.p7s
Description: S/MIME Cryptographic Signature
ss rights management, yadda yadda), the
requirement to defeat authentication from SOGo to the IMAP server may
become moot.
But until then - Exchange takes its entire auth from AD, and SOGo's
LDAP, *not* the IMAP server's passdb, is the analogue of that.
Regards,
--
Jochen Bern
Systemingenieur
www
he map and
pubkeys updated didn't come for free, either, even though I'm the one
handing our staff their S/MIME certs in the first place.
Regards,
--
Jochen Bern
Systemingenieur
www.binect.de
smime.p7s
Description: S/MIME Cryptographic Signature
even in the mechanism generating out-of-office autoreplies (if
tweakable). Deciding which route would be the *easiest* to take requires
more details of your setup, though ...
Kind regards,
--
Jochen Bern
Systemingenieur
www.binect.de
smime.p7s
Description: S/MIME Cryptographic Signature
ccess rights userA->userB *within* dovecot, I'll have
to refer you to others' replies.)
Kind regards,
--
Jochen Bern
Systemingenieur
Fon:+49 6151 9067-231
Fax:+49 6151 9067-290
E-Mail: jochen.b...@binect.de
www.binect.de
www.facebook.de/binect
Binect ist ausgezeichnet:
Sieger INNOV
ent server - which did not offer the STARTTLS that I had
my MUA insist on, either.
Kind regards,
--
Jochen Bern
Systemingenieur
Fon:+49 6151 9067-231
Fax:+49 6151 9067-290
E-Mail: jochen.b...@binect.de
www.binect.de
www.facebook.de/binect
Binect ist ausgezeichnet:
Sieger INNOVATIONSPR
) is IMHO the way to go here.
Regards,
--
Jochen Bern
Systemingenieur
Fon:+49 6151 9067-231
Fax:+49 6151 9067-290
E-Mail: jochen.b...@binect.de
www.binect.de
www.facebook.de/binect
Binect ist ausgezeichnet:
Sieger INNOVATIONSPREIS-IT 2017 | Das Büro: Top 100 Büroprodukte 2017
Binect GmbH
R
On 11/17/2016 04:58 PM, Steve Litt wrote:
> On Thu, 17 Nov 2016 14:11:45 +0100 Jochen Bern <jochen.b...@binect.de> wrote:
>> Plaintext or HTML mails?
>
> I like the ability to see some sort of representation of the links in
> incoming HTML email. I would never send HTM
k the occasional "my answers below in red"
reply, QuickFolders to have a bar of main archive folders I can
drag read e-mails into. Address Close Button occupies the "not
*quite that* essential" rung.
Kind regards,
--
Jochen Bern
Systemingenieur
Fon:+49 6151 9067-231
Fa
Found 0 files for UID 144
> Found 0 files for UID 145
> Found 0 files for UID 150
> Found 0 files for UID 151
Is that normal behaviour? If not, how would I try to find out what
happens there?
Kind regards,
--
Jochen Bern
Systemingenieur
Fon:+49 6151 9067-231
Fax:+49 6151
keep all clients that
support those ciphers configured so as to *require* STARTTLS.
Regards,
Jochen Bern
Systemingenieur
--
LINworks GmbH
Fon:+49 6151 9067-231
Fax:+49 6151 9067-299
E-Mail: jochen.b...@linworks.de
Web:http://www.LINworks.de/
NEC IT Infrastrukturprodukte vom Deutschlan
,
J. Bern
--
*NEU* - NEC IT-Infrastruktur-Produkte im http://www.linworks-shop.de/:
Server--Storage--Virtualisierung--Management SW--Passion for Performance
Jochen Bern, Systemingenieur --- LINworks GmbH http://www.LINworks.de/
Postfach 100121, 64201
IMAPS connections to a decision-maker running in userspace.
Regards,
J. Bern
--
*NEU* - NEC IT-Infrastruktur-Produkte im http://www.linworks-shop.de/:
Server--Storage--Virtualisierung--Management SW--Passion for Performance
Jochen Bern
--
*NEU* - NEC IT-Infrastruktur-Produkte im http://www.linworks-shop.de/:
Server--Storage--Virtualisierung--Management SW--Passion for Performance
Jochen Bern, Systemingenieur --- LINworks GmbH http://www.LINworks.de/
Postfach 100121, 64201 Darmstadt | Robert-Koch-Str. 9, 64331 Weiterstadt
PGP
,
J. Bern
--
*NEU* - NEC IT-Infrastruktur-Produkte im http://www.linworks-shop.de/:
Server--Storage--Virtualisierung--Management SW--Passion for Performance
Jochen Bern, Systemingenieur --- LINworks GmbH http://www.LINworks.de/
Postfach 100121
-Produkte im http://www.linworks-shop.de/:
Server--Storage--Virtualisierung--Management SW--Passion for Performance
Jochen Bern, Systemingenieur --- LINworks GmbH http://www.LINworks.de/
Postfach 100121, 64201 Darmstadt | Robert-Koch-Str. 9, 64331 Weiterstadt
PGP (1024D/4096g) FP = D18B 41B1 16C0
-shop.de/:
Server--Storage--Virtualisierung--Management SW--Passion for Performance
Jochen Bern, Systemingenieur --- LINworks GmbH http://www.LINworks.de/
Postfach 100121, 64201 Darmstadt | Robert-Koch-Str. 9, 64331 Weiterstadt
PGP (1024D/4096g) FP = D18B 41B1 16C0 11BA 7F8C DCF7 E1D5 FAF4 444E 1C27
Tel
,
J. Bern
--
*NEU* - NEC IT-Infrastruktur-Produkte im http://www.linworks-shop.de/:
Server--Storage--Virtualisierung--Management SW--Passion for Performance
Jochen Bern, Systemingenieur --- LINworks GmbH http://www.LINworks.de/
Postfach 100121, 64201 Darmstadt | Robert-Koch-Str. 9, 64331
On -10.01.-28163 20:59, Gedalya wrote:
On 08/25/2014 08:26 AM, Jochen Bern wrote:
Assuming Red Hat or similar with no conflicting iptables rules (yet),
# iptables -t nat -A PREROUTING -p tcp --dport 30xxx -j DNAT --to :143
Since you're redirecting to a port on the same host, the following
,
J. Bern
--
*NEU* - NEC IT-Infrastruktur-Produkte im http://www.linworks-shop.de/:
Server--Storage--Virtualisierung--Management SW--Passion for Performance
Jochen Bern, Systemingenieur --- LINworks GmbH http://www.LINworks.de/
Postfach 100121, 64201 Darmstadt | Robert-Koch-Str. 9, 64331
--Management SW--Passion for Performance
Jochen Bern, Systemingenieur --- LINworks GmbH http://www.LINworks.de/
Postfach 100121, 64201 Darmstadt | Robert-Koch-Str. 9, 64331 Weiterstadt
PGP (1024D/4096g) FP = D18B 41B1 16C0 11BA 7F8C DCF7 E1D5 FAF4 444E 1C27
Tel. +49 6151 9067-231, Zentr. -0, Fax -299 - Amtsg
-Produkte im http://www.linworks-shop.de/:
Server--Storage--Virtualisierung--Management SW--Passion for Performance
Jochen Bern, Systemingenieur --- LINworks GmbH http://www.LINworks.de/
Postfach 100121, 64201 Darmstadt | Robert-Koch-Str. 9, 64331 Weiterstadt
PGP (1024D/4096g) FP = D18B 41B1 16C0 11BA 7F8C
and allows for a race condition between clients.
Regards,
J. Bern
--
*NEU* - NEC IT-Infrastruktur-Produkte im http://www.linworks-shop.de/:
Server--Storage--Virtualisierung--Management SW--Passion for Performance
Jochen Bern, Systemingenieur
specific* mailbox.
Regards,
J. Bern
--
*NEU* - NEC IT-Infrastruktur-Produkte im http://www.linworks-shop.de/:
Server--Storage--Virtualisierung--Management SW--Passion for Performance
Jochen Bern, Systemingenieur --- LINworks GmbH http
that you *do* want to try and nail a root cause
there.
Regards,
J. Bern
--
*NEU* - NEC IT-Infrastruktur-Produkte im http://www.linworks-shop.de/:
Server--Storage--Virtualisierung--Management SW--Passion for Performance
Jochen Bern
* - NEC IT-Infrastruktur-Produkte im http://www.linworks-shop.de/:
Server--Storage--Virtualisierung--Management SW--Passion for Performance
Jochen Bern, Systemingenieur --- LINworks GmbH http://www.LINworks.de/
Postfach 100121, 64201 Darmstadt | Robert-Koch-Str. 9, 64331 Weiterstadt
PGP (1024D/4096g) FP
On -10.01.-28163 20:59, Reindl Harald wrote:
Am 25.05.2014 01:18, schrieb Jochen Bern:
Legal requirements like, for example, these German ones:
http://www.recht-im-internet.de/themen/archivierung.htm
Note that the legalese addresses users acting in the name of a company
On -10.01.-28163 20:59, Reindl Harald wrote:
Am 23.05.2014 17:51, schrieb Jochen Bern:
So the specific *LEGAL REQUIREMENTS* I gave as an example don't apply to
your servers/organization/country/whatever? Good for you. Now how about
we wait for Dmitry to tell us whether or not *he* needs
--Virtualisierung--Management SW--Passion for Performance
Jochen Bern, Systemingenieur --- LINworks GmbH http://www.LINworks.de/
Postfach 100121, 64201 Darmstadt | Robert-Koch-Str. 9, 64331 Weiterstadt
PGP (1024D/4096g) FP = D18B 41B1 16C0 11BA 7F8C DCF7 E1D5 FAF4 444E 1C27
Tel. +49 6151 9067-231, Zentr. -0
://www.linworks-shop.de/:
Server--Storage--Virtualisierung--Management SW--Passion for Performance
Jochen Bern, Systemingenieur --- LINworks GmbH http://www.LINworks.de/
Postfach 100121, 64201 Darmstadt | Robert-Koch-Str. 9, 64331 Weiterstadt
PGP (1024D/4096g) FP = D18B 41B1 16C0 11BA 7F8C DCF7 E1D5
On 23.05.2014 15:18, Reindl Harald wrote:
Am 23.05.2014 14:29, schrieb Jochen Bern:
On -10.01.-28163 20:59, Reindl Harald wrote:
the user *always must* use the one and only SMTP server
responsible for his domain, especially in times of SPF,
DKIM and DMARC and spoofing protections for incoming
/http://rfc-ignorant.org/policy-dsn.php
Regards,
J. Bern
--
*NEU* - NEC IT-Infrastruktur-Produkte im http://www.linworks-shop.de/:
Server--Storage--Virtualisierung--Management SW--Passion for Performance
Jochen Bern, Systemingenieur
,
J. Bern
--
*NEU* - NEC IT-Infrastruktur-Produkte im http://www.linworks-shop.de/:
Server--Storage--Virtualisierung--Management SW--Passion for Performance
Jochen Bern, Systemingenieur --- LINworks GmbH http://www.LINworks.de/
Postfach 100121, 64201
65 matches
Mail list logo