Re: Postfix Mailman integration

2016-02-29 Thread Patrick Ben Koetter
* @lbutlr : > On Sun Feb 28 2016 19:56:48 Ruben Safir said: > > > > Maybe I'm just in a bad mood, but my view of mailmans software > > archetecture, at this point, is very low. He tries very hard to help > > people and to work on it, but I think it

Re: Postfix Mailman integration

2016-02-29 Thread /dev/rob0
On Mon, Feb 29, 2016 at 05:19:35PM +, Viktor Dukhovni wrote: > > > To have mailman reinject on an extra port on localhost is > > > how it should be done. Mine uses the same submission smtpd as do regular human users. It is not impacted by any spam control restrictions. > For submission of

Re: Postfix Mailman integration

2016-02-29 Thread Bill Cole
On 29 Feb 2016, at 2:43, Ruben Safir wrote: Can I have input about this recommendation? Is there unreasonable security risk? I think not, but I want to double check It's fine, assuming that you can trust everything else running on the host that you're running Mailman and Postfix on not

Re: Postfix Mailman integration

2016-02-29 Thread @lbutlr
On Sun Feb 28 2016 19:56:48 Ruben Safir said: > > Maybe I'm just in a bad mood, but my view of mailmans software archetecture, > at this point, is very low. He tries very hard to help people and to work on > it, but I think it is broken at the core. I am not currently

Re: Postfix Mailman integration

2016-02-29 Thread Viktor Dukhovni
On Mon, Feb 29, 2016 at 02:23:53PM -0500, Curtis Villamizar wrote: > I can't tell from headers whether they use sendmail.org sendmail > or postfix or something else, but amavisd-new is mentioned in the > headers. amsl.com runs most of the mailing lists. The ietf.org MTAs operated by AMSL run

Re: Postfix Mailman integration

2016-02-29 Thread Curtis Villamizar
In message <20160229171935.gh12...@mournblade.imrryr.org> Viktor Dukhovni writes: > On Mon, Feb 29, 2016 at 11:38:26AM -0500, Ruben Safir wrote: > > > > To have mailman reinject on an extra port on localhost is how it > > > should be done. > > > > Thanks! > > Note that much of the delay was

Re: Host name in the 250 answers to an ehlo

2016-02-29 Thread Marco
Hello. Tnx for the prompt answer. I already have a bastion MTA and an internal mailhub, hosted on separate VMs. I'm also preparing an additional VM that will handle only the outgoing traffic, in order to apply specific headers filtering as we discussed some time ago. The issue I have is with

Re: Host name in the 250 answers to an ehlo

2016-02-29 Thread Wietse Venema
Marco: > Hello. > > I have a small security concern with my external SMTP server: > > >220 mail.marcobaldo.ch ESMTP > >250-iprovider.dmz.marcobaldo.ch > >250-PIPELINING > >250-SIZE > >250-ETRN > >250-STARTTLS > >250-ENHANCEDSTATUSCODES > >250-8BITMIME > >250 DSN > > As you see smtpd_banner has

Re: Host name in the 250 answers to an ehlo

2016-02-29 Thread Viktor Dukhovni
On Mon, Feb 29, 2016 at 05:58:19PM +0100, Marco wrote: > I have a small security concern with my external SMTP server: > > >220 mail.marcobaldo.ch ESMTP > >250-iprovider.dmz.marcobaldo.ch > >250-PIPELINING > >250-SIZE > >250-ETRN > >250-STARTTLS > >250-ENHANCEDSTATUSCODES > >250-8BITMIME > >250

Re: Postfix Mailman integration

2016-02-29 Thread Viktor Dukhovni
On Mon, Feb 29, 2016 at 11:38:26AM -0500, Ruben Safir wrote: > > To have mailman reinject on an extra port on localhost is how it > > should be done. > > Thanks! Note that much of the delay was likely due to mailman hitting tarpit controls after 10 invalid recipients in a single submission.

Host name in the 250 answers to an ehlo

2016-02-29 Thread Marco
Hello. I have a small security concern with my external SMTP server: >220 mail.marcobaldo.ch ESMTP 250-iprovider.dmz.marcobaldo.ch >250-PIPELINING >250-SIZE >250-ETRN >250-STARTTLS >250-ENHANCEDSTATUSCODES >250-8BITMIME >250 DSN As you see smtpd_banner has been changed to reflect the MX

Re: Postfix Mailman integration

2016-02-29 Thread Ruben Safir
On Mon, Feb 29, 2016 at 09:41:39AM +0100, Christian Kivalo wrote: > On 2016-02-29 08:43, Ruben Safir wrote: > >Can I have input about this recommendation? Is there unreasonable > >security > >risk? I think not, but I want to double check > > That looks sensible. That comes near to the

Re: Postfix Mailman integration

2016-02-29 Thread Christian Kivalo
On 2016-02-29 08:43, Ruben Safir wrote: Can I have input about this recommendation? Is there unreasonable security risk? I think not, but I want to double check That looks sensible. That comes near to the configuration i use for my mailman installation. You should not do rbl checks on