On Fri, Oct 23, 2020 at 02:14:58AM -0400, Viktor Dukhovni wrote:
> On Thu, Oct 22, 2020 at 10:44:06PM -0700, Rich Wales wrote:
> > Oct 21 20:22:39 memoryalpha dovecot: imap-login: Aborted login (no auth
> > attempts in 0 secs): user=<>, rip=127.0.0.1, lip=127.0.0.1, secured,
> > session=
>
> But
On Thu, Oct 22, 2020 at 10:44:06PM -0700, Rich Wales wrote:
> I have removed permit_mynetworks from my smtpd_relay_restrictions. (I
> still have permit_mynetworks in the smtpd client, HELO, sender, and
> recipient restrictions.) In case this change might have broken
> something (which it doesn't
I've made one change to my configuration which may help handle the
locally generated spam problem, at least in the case of the "fake open
relay" mail.
I have removed permit_mynetworks from my smtpd_relay_restrictions. (I
still have permit_mynetworks in the smtpd client, HELO, sender, and
recipien
On 18/10/20 7:10 am, IL Ka wrote:
Thank you all. This is how I fixed it (after Bill Cole's email): I
needed to substitute envelope (MAIL FROM:) to match my address, but
the message (along with it's headers) shouldn't be touched.
sender_canonical_classes = envelope_sender # Only change envelop
On 22/10/20 7:24 am, Rich Wales wrote:
I would still like to figure out a way, btw, to catch locally generated
spam of this sort in Postfix. I've already asked here about rejecting
HELO/EHLO when the client is localhost but the HELO/EHLO host is not
localhost -- I still think this would make sen
On 18/10/20 11:54 am, Demi M. Obenour wrote:
To elaborate, my understanding is that site.net should use
MAIL FROM:, but leave the body unchanged. domain.com
will then accept the message, as it is from an IP in site.net's SPF
record, and DKIM ignores the envelope.
Demi
Don't forget that in do
Wietse Venema wrote:
> Enough already. Here's a From: header
>
> From: Firstname Lastname
> display name email address
>
> Many mail user agents, especially the GUI based ones, display the
> "Firstname Lastname" part, not the sender address. To see the address
> one has t
On 22 Oct 2020, at 17:17, Wietse Venema wrote:=
>
> Demi M. Obenour:
>> That's because MUAs display the From: header, not the envelope address.
>> DMARC is aimed at preventing spoofing. If someone sends a message
>> that claims to be from me, but is not, that could damage my reputation
>> or wor
Demi M. Obenour:
> That's because MUAs display the From: header, not the envelope address.
> DMARC is aimed at preventing spoofing. If someone sends a message
> that claims to be from me, but is not, that could damage my reputation
> or worse. If GMail had p=reject, such a message would be droppe
On 10/22/20 3:35 PM, Bob Proulx wrote:
> Demi M. Obenour wrote:
>> Viktor Dukhovni wrote:
Demi M. Obenour wrote:
This is really a security hole in gmail. Given the popularity of
gmail, however, I seriously suggest somehow treating gmail as if it
had p=reject, as it should.
>>>
Aki Tuomi:
> Hi!
>
> I stumbled upon a possible bug with postfix. I am using postfix
> 3.4.14, and when I use XCLIENT command over smtps (not starttls),
> the session gets stuck until further input, which causes it to
> abort the connection due to unexpected SSL packet.
The server is waiting for
Demi M. Obenour wrote:
> Viktor Dukhovni wrote:
> >> Demi M. Obenour wrote:
> >> This is really a security hole in gmail. Given the popularity of
> >> gmail, however, I seriously suggest somehow treating gmail as if it
> >> had p=reject, as it should.
> > No it should not have "p=reject" that's o
On 10/22/20 12:25 PM, Viktor Dukhovni wrote:
>> On Oct 22, 2020, at 2:11 PM, Demi M. Obenour wrote:
>>
>> I know :(
>>
>> This is really a security hole in gmail. Given the popularity of
>> gmail, however, I seriously suggest somehow treating gmail as if it
>> had p=reject, as it should.
> No it
Hi!
I stumbled upon a possible bug with postfix. I am using postfix 3.4.14, and
when I use XCLIENT command over smtps (not starttls), the session gets stuck
until further input, which causes it to abort the connection due to unexpected
SSL packet.
--
Aki Tuomi
## postconf -nf
alias_database =
> On Oct 22, 2020, at 2:11 PM, Demi M. Obenour wrote:
>
> I know :(
>
> This is really a security hole in gmail. Given the popularity of
> gmail, however, I seriously suggest somehow treating gmail as if it
> had p=reject, as it should.
No it should not have "p=reject" that's only for sites th
On 10/22/20 3:23 AM, Bastian Blank wrote:
> Hi name less
>
> On Wed, Oct 21, 2020 at 10:13:54AM -0700, PGNet Dev wrote:
>> I've online-checked SPF/DMARC records for 'intuit.com'; all _seems_ to be ok.
>> I've cranked up opendmarc logging level to
>> MilterDebug 5
>> with that, on failed attem
Hi name less
On Wed, Oct 21, 2020 at 10:13:54AM -0700, PGNet Dev wrote:
> I've online-checked SPF/DMARC records for 'intuit.com'; all _seems_ to be ok.
> I've cranked up opendmarc logging level to
> MilterDebug 5
> with that, on failed attempt, I see only an unhelpful
> Oct 21 09:43:39
17 matches
Mail list logo
