On Tue, Jun 3, 2014 at 8:49 PM, Andy Bradford
wrote:
> While that might sound secure, shouldn't one ask just what this is
> protecting against and what are the risks? Are their any SMTP MTAs
> (client side) that require you to verify the fingerprint of the SMTP
> server to which it
On 06/03/2014 08:49 PM, Andy Bradford wrote:
> The best way to ensure end-to-end security in email is still PGP.
> Anything else is just security theatre.
True. Also e-mail envelope will always be vulnerable to metadata
snooping with SMTP, whether it's MITM, or on a compromised endpoint.
P
Thus said Lonnie Olson on Tue, 03 Jun 2014 10:13:07 -0600:
> Additionally, I recommend enabling opportunistic SSL on both inbound
> and outbound SMTP connections over port 25. This will encrypt even
> more SMTP traffic when possible, and is the good neighbor thing to do.
While that might
Got it, thanks.
On Tue, Jun 3, 2014 at 12:57 PM, Lonnie Olson wrote:
>
> On Jun 3, 2014, at 11:27 AM, Brian J. Rogers
> wrote:
>
> >> Additionally, I recommend enabling opportunistic SSL on both inbound
> >> and outbound SMTP connections over port 25. This will encrypt even
> >> more SMTP tra
On Jun 3, 2014, at 11:27 AM, Brian J. Rogers wrote:
>> Additionally, I recommend enabling opportunistic SSL on both inbound
>> and outbound SMTP connections over port 25. This will encrypt even
>> more SMTP traffic when possible, and is the good neighbor thing to do.
>
> Is this (for Postfix)
> Signing outbound mail with DKIM is interesting, but not usually worth
> the effort at this point.
> Verifying inbound mail signed by DKIM is only useful as a away to
> prevent false positives in an anti-spam system.
> I'd suggest ignoring both of these for your "simp
help, and
> I don't even know if they are necessary. However, I do want to take as many
> reasonable precautions as I can when it comes to securing it. I have an
> irrational paranoid fear of having my mail server being in a server (e.g.
> Google Apps). I have nothing against Google, I&
them
> setup, you don't need to worry about them at all. In the past, I've had an
> Exim+Courier setup that I didn't even think about for months.
>
>
>
> Obviously it's your choice. But I really like Exim. That's what I'll use
> whenever I setup a ma
's your choice. But I really like Exim. That's what I'll use
whenever I setup a mail server, unless I'm forced to use something else.
While you can't phone me, if you wanted to drop any questions to my emal
box I'll reply as soon as I am able. :)
--- Dan
On Mon,
On 06/01/2014 08:09 PM, Brian J. Rogers wrote:
> Michael, I believe I was the one who started that thread as well. I don't
> recall that being discussed but I'll look over it again. Thanks.
Well I didn't say anything that Google won't find for you. I just
posted some links to documents on configu
Michael, I believe I was the one who started that thread as well. I don't
recall that being discussed but I'll look over it again. Thanks.
On Sun, Jun 1, 2014 at 8:08 PM, Michael Torrie wrote:
> On 06/01/2014 06:32 PM, Brian J. Rogers wrote:
> > I don't know what would support it. I'm not sure
On 06/01/2014 06:32 PM, Brian J. Rogers wrote:
> I don't know what would support it. I'm not sure if I should try
> Postfix/Dovecot again, or if I should use another stack.
I recommend Postfix and dovecot. Both can be configured to require TLS.
Check the archives on this list as I said.
/*
PLU
On 06/01/2014 05:48 PM, Brian J. Rogers wrote:
> Is
> there a way to require a SSL/TLS connection from other mail servers before
> accepting mail? If there is, does that present problems with any server
> that doesn't support that feature?
You can indeed configure postfix to require TLS for things
On Sun, Jun 1, 2014 at 6:32 PM, Brian J. Rogers
wrote:
> On Sun, Jun 1, 2014 at 6:24 PM, Corey Edwards wrote:
> >
> > > How many users will you have? Are they technical? If it's just for
> > > yourself, a self-signed cert may be OK. The first time you set up a
> > client,
> > > you'll have to ac
On Sun, Jun 1, 2014 at 6:24 PM, Corey Edwards wrote:
>
> > How many users will you have? Are they technical? If it's just for
> > yourself, a self-signed cert may be OK. The first time you set up a
> client,
> > you'll have to accept the cert. Other than that, not usually a problem.
> If
> > you h
On Sun, Jun 1, 2014 at 5:48 PM, Brian J. Rogers
wrote:
> Are there benefits to getting an SSL certificate for it rather than just
> using a self-signed one?
How many users will you have? Are they technical? If it's just for
yourself, a self-signed cert may be OK. The first time you set up a cli
I got dinking around and I seem to have edited my way into an non-working
setup. Since I'll be starting over on building a simple mail server, I
wanted advice before I began.
The server will not need to process more than 50 emails a day. I'd like
something lightweight, but I am will
On Sun, May 11, 2014 at 5:02 PM, Corey Edwards wrote:
> On Sat, May 10, 2014 at 9:13 PM, Michael Torrie wrote:
>
> > SMTP cannot help us there.
> >
>
> Server to server is still worth encrypting. Unless the NSA is poisoning DNS
> or doing man-in-the-middle, then it does buy you some additional s
On Sat, May 10, 2014 at 9:13 PM, Michael Torrie wrote:
> On 05/10/2014 08:51 PM, plug.mailing-list wrote:
> > I would argue that when 'expected' a self-signed cert is *more*
> > secure than one from a CA.
> >
> > The cert should only affect your connections to the mailserver, and
> > not influenc
On 5/10/2014 9:50 PM, Corey Edwards wrote:
You can get one from startssl.com for free. They seem to work pretty
well, although they have a somewhat strange setup for their CA
certificate but it works with a little effort.
I've got a couple of certs from StartSSL, and the whole process went
ve
On 05/10/2014 08:51 PM, plug.mailing-list wrote:
> I would argue that when 'expected' a self-signed cert is *more*
> secure than one from a CA.
>
> The cert should only affect your connections to the mailserver, and
> not influence your ability to send/recieve email to/from other
> servers.
Absol
On Sat, May 10, 2014 at 8:00 PM, Brian J. Rogers wrote:
> Awesome tips guys, thank you. I do have mail up and working already, but
> I'd like to make it secure before I do anything with it. I'm hoping that
> since it will only be me using for a while a self-signed certificate should
> do the trick
I would argue that when 'expected' a self-signed cert is *more* secure than one
from a CA.
The cert should only affect your connections to the mailserver, and not
influence your ability to send/recieve email to/from other servers.
/*
PLUG: http://plug.org, #utah on irc.freenode.net
Unsubscribe:
te:
> On 05/10/2014 04:27 PM, Brian J. Rogers wrote:
> > I need to setup a mail server but I'd like for it to relatively secure.
>
> One way to secure it is to only allow access to the SSL ports (SMTPS on
> 465, POP3S on 995, IMAPS on 993). But TLS works over the ordinary port
On 05/10/2014 04:27 PM, Brian J. Rogers wrote:
> I need to setup a mail server but I'd like for it to relatively secure.
One way to secure it is to only allow access to the SSL ports (SMTPS on
465, POP3S on 995, IMAPS on 993). But TLS works over the ordinary ports
and the conversatio
On May 10, 2014 4:27 PM, "Brian J. Rogers" wrote:
> Does anyone know if a good tutorial that I can follow to setup a mail
> server with postfix and dovecot that will cover SSL/TLS with encrypted
> passwords?
Arstechnica did a tutorial on exactly that pretty recently:
htt
t password sent over the
> wire. Is that really what it is?
>
> Does anyone know if a good tutorial that I can follow to setup a mail
> server with postfix and dovecot that will cover SSL/TLS with encrypted
> passwords?
>
> I need to setup a mail server but I'd like for it t
password? I assume
> from the name it means that it is just a plaintext password sent over the
> wire. Is that really what it is?
>
> Does anyone know if a good tutorial that I can follow to setup a mail
> server with postfix and dovecot that will cover SSL/TLS with encrypted
>
w if a good tutorial that I can follow to setup a mail
server with postfix and dovecot that will cover SSL/TLS with encrypted
passwords?
I need to setup a mail server but I'd like for it to relatively secure.
Thanks.
/*
PLUG: http://plug.org, #utah on irc.freenode.net
Unsubscribe: http://plug
> Ok, a reboot fixed the problem. Seems weird that flushing the DNS
> would fix it, especially since I changed the IP address in /etc/hosts
> but live and learn...
on windows,
ipconfig /flushdns
will do it without a reboot. On linux, restart nscd if it's installed.
/*
PLUG: http://plug.org, #u
On Fri, May 09, 2008 at 05:05:32PM -0600, Dallin Jones wrote:
> I am looking at migrating my Postfix Mail server from one machine to
> another. I have it all set up and working and I am ready to flip the
> switch. One thing that I have noticed in my testing is that once I
> change th
>
> This sounds like DNS cache on the client. flush DNS on the client and try
> again.
>
Ok, a reboot fixed the problem. Seems weird that flushing the DNS
would fix it, especially since I changed the IP address in /etc/hosts
but live and learn...
> What OS are the client machines and what softwa
On Fri, May 9, 2008 at 5:05 PM, Dallin Jones <[EMAIL PROTECTED]> wrote:
> I am looking at migrating my Postfix Mail server from one machine to
> another. I have it all set up and working and I am ready to flip the
> switch. One thing that I have noticed in my testing is that once I
On Fri, 2008-05-09 at 17:05 -0600, Dallin Jones wrote:
> I am looking at migrating my Postfix Mail server from one machine to
> another. I have it all set up and working and I am ready to flip the
> switch. One thing that I have noticed in my testing is that once I
> change the IP ad
I am looking at migrating my Postfix Mail server from one machine to
another. I have it all set up and working and I am ready to flip the
switch. One thing that I have noticed in my testing is that once I
change the IP address to the new address, the mail client doesn't
fetch any mail from th
On 4/20/07, Dallin Jones <[EMAIL PROTECTED]> wrote:
> >From the look and name of his config file "authmysqlrc", I'd say its Courier.
That is correct, I am currently using Courier. Sounds like I should be
using Dovecot though. So your guys guess is that it is not
authenticating properly? That hel
>From the look and name of his config file "authmysqlrc", I'd say its Courier.
That is correct, I am currently using Courier. Sounds like I should be
using Dovecot though. So your guys guess is that it is not
authenticating properly? That helps some, I will also look into
Dovecot. Thanks.
Dalli
On 4/20/07, Grant Robinson <[EMAIL PROTECTED]> wrote:
Postfix is just your SMTP server. What are you using as your IMAP/
POP server. Cyrus? uw-imap? Courier? Dovecot? I have a very
From the look and name of his config file "authmysqlrc", I'd say its Courier.
/*
PLUG: http://plug.org,
On Fri, 2007-04-20 at 10:22 -0600, Grant Robinson wrote:
>
> Postfix is just your SMTP server. What are you using as your IMAP/
> POP server. Cyrus? uw-imap? Courier? Dovecot? I have a very
> similar setup, and have found that dovecot is a good choice for
> maildir setups and will work
On Apr 20, 2007, at 10:15 AM, Dallin Jones wrote:
I am trying to set up a Postfix virtual mail server storing the
usernames, passwords, and other info in a MySQL database. The sending
and recieving of email seems to be working like a champ. The directory
storing the Maildir data seems to be
I am trying to set up a Postfix virtual mail server storing the
usernames, passwords, and other info in a MySQL database. The sending
and recieving of email seems to be working like a champ. The directory
storing the Maildir data seems to be getting the mail. I can also send
email no problem
--- "John Paul Tomas [Yahoo!]" <[EMAIL PROTECTED]> wrote:
> im using fedore core 5. postfix / smtp.
>
> Problems:
>
> 1. Cant seem to receive any mails, but i can send.
Things to check:
- Can you send mail from the server to itself?
- Is port 25 open on your firewall?
- What's the mydestination
On Fri, 2006-09-08 at 02:54 -0700, John Paul Tomas [Yahoo!] wrote:
> Please advice.
If you really would like helpful feedback, you may want to post more
info then that.
Try the following:
grep -v "#" /etc/postfix/main.cf | cat -s
Sanitize it as needed and we'll have a better idea of what's goin
im using fedore core 5. postfix / smtp.
Problems:
1. Cant seem to receive any mails, but i can send.
2. nslookup / dig mx seems ok.
3. when sending emails the account need an entire
domain name like [EMAIL PROTECTED] not the usual
[EMAIL PROTECTED]
4. workstations cannot connect to the server us
Troy Bowman wrote:
> How often a queued message gets tried can probably be estimated using
> the queue_run_delay, some number between minimal_backoff_time and
> maximal_backoff_time. I'd imagine your number of attempts would be how
> many times that estimate can happen in the maximal_queue_lifetim
On Thu, 2006-08-17 at 16:24 -0600, Kenneth Burgener wrote:
> The question I have is that there doesn't appear to be any way to
> indicate how many attempts the backup mail server should make at sending
> email to the primary mail server before giving up, and also the delay
> betw
I am looking to setup a backup mail server, just in case my primary mail
server fails. I am using Postfix. There is some good information here,
on how to setup a backup mail server:
http://www.postfix.org/STANDARD_CONFIGURATION_README.html#backup
The question I have is that there doesn&#
Thanks for all the input. Looks like we've got several great candidates.
Steve
/*
PLUG: http://plug.org, #utah on irc.freenode.net
Unsubscribe: http://plug.org/mailman/options/plug
Don't fear the penguin.
*/
On Tue, 1 Aug 2006 at 16:16 -0600, Corey Edwards wrote:
> On Mon, 2006-07-31 at 10:17 -0600, Stephen Smith wrote:
> > We are planning to replace our current mail server which is sendmail
> > configured for SMTP only. We would like to move to an IMAP server with
> > m
On Tue, 2006-08-01 at 17:17 -0600, Michael L Torrie wrote:
> On Tue, 2006-08-01 at 16:45 -0600, Stuart Jansen wrote:
> > On Mon, 2006-07-31 at 10:17 -0600, Stephen Smith wrote:
> > > What would be your recommendations for quickly moving our existing
> > > server and accounts to a new platform.
>
On Tue, 2006-08-01 at 16:45 -0600, Stuart Jansen wrote:
> On Mon, 2006-07-31 at 10:17 -0600, Stephen Smith wrote:
> > What would be your recommendations for quickly moving our existing
> > server and accounts to a new platform.
>
> You didn't ask about SMTP servers, but I'd recommend Postfix. It
On Mon, 2006-07-31 at 10:17 -0600, Stephen Smith wrote:
> What would be your recommendations for quickly moving our existing
> server and accounts to a new platform.
You didn't ask about SMTP servers, but I'd recommend Postfix. It's easy,
it has a good security track record. Michael Torrie point
On Mon, 2006-07-31 at 10:17 -0600, Stephen Smith wrote:
> We are planning to replace our current mail server which is sendmail
> configured for SMTP only. We would like to move to an IMAP server with
> more security. The RH distribution has dovecot as a secure IMAP server,
> but
--- Stephen Smith <[EMAIL PROTECTED]> wrote:
> We are planning to replace our current mail server which is
> sendmail configured for SMTP only. We would like to move to
> an IMAP server with more security. The RH distribution has
> dovecot as a secure IMAP server, but I have
On Mon, 2006-07-31 at 10:17 -0600, Stephen Smith wrote:
> We are planning to replace our current mail server which is sendmail
> configured for SMTP only. We would like to move to an IMAP server with
> more security. The RH distribution has dovecot as a secure IMAP server,
> but
On Tue, 2006-08-01 at 15:58 -0600, Chris Carey wrote:
>
> I recently switched to a "virutal mailbox" setup using
>
> Postfix + Amavis+ ClamAV + Courier
>
> There are tons of howtos available for this configuration. Finally, no
> more unix accounts required for each mailbox.
While we are at it..
On 7/31/06, Stephen Smith <[EMAIL PROTECTED]> wrote:
What would be your recommendations for quickly moving our existing
server and accounts to a new platform.
I recently switched to a "virutal mailbox" setup using
Postfix + Amavis+ ClamAV + Courier
There are tons of howtos available for this
On Jul 31, 2006, at 10:17 AM, Stephen Smith wrote:
We are planning to replace our current mail server which is
sendmail configured for SMTP only. We would like to move to an
IMAP server with more security. The RH distribution has dovecot as
a secure IMAP server, but I have heard little
I've been using Dovecot for a couple years, and I love it. Never had a
problem, SSL was a breeze. Debian did most of the work for me.
--Dave
Stephen Smith wrote:
We are planning to replace our current mail server which is sendmail
configured for SMTP only. We would like to move to an
Hands down, Axigen has been by far and away the easiest to use and
configure mail server, it also does IMAP, POP3 and Webmail.
On 7/31/06, Stephen Smith <[EMAIL PROTECTED]> wrote:
We are planning to replace our current mail server which is sendmail
configured for SMTP only. We would l
We are planning to replace our current mail server which is sendmail
configured for SMTP only. We would like to move to an IMAP server with
more security. The RH distribution has dovecot as a secure IMAP server,
but I have heard little about it.
What would be your recommendations for
Matthew Walker wrote:
You might want to check out http://www.dbmail.org/. We used them at my
last job, it was pretty slick. Works with both MySQL and PostgreSQL.
Jordan
/*
PLUG: http://plug.org, #utah on irc.freenode.net
Unsubscribe: http://plug.org/mailman/options/plug
Don't fear the pengui
> You may want to take a look at zimbra at http://www.zimbra.com/. It
runs
> on top of postfix and comes with spam filter and virus scanning
> capabilities. It also has some pretty user friendly administration
> cababilites to add virtual domains, manage users etc.
>
When I was working at backcou
On Wednesday 11 January 2006 19:44, Nathan D. Price wrote:
> You may want to take a look at zimbra at http://www.zimbra.com/. It runs on
> top of postfix and comes with spam filter and virus scanning capabilities.
> It also has some pretty user friendly administration cababilites to add
> virtual d
: Matthew Walker <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED], plug@plug.org
Sent: Wednesday, January 11, 2006 11:08:23 AM
Subject: Mail Server Migration
For several years, I've been using a qmail/courier-imap toaster, but I'm
getting tired of some of the weaknesses of the system
For several years, I've been using a qmail/courier-imap toaster, but I'm
getting tired of some of the weaknesses of the system, and am looking at
migrating to another setup. I've heard nothing but good about Postfix, so I'm
looking at that route right now.
I have a few questions.
1. I use vpop
66 matches
Mail list logo
