On 04/12/16 14:26, Noel Jones wrote:
On 4/12/2016 11:38 AM, Curtis Villamizar wrote:
On 04/12/16 06:25, Wietse Venema wrote:
Curtis Villamizar:
I recently had a problem with mail where an ESP was in three
blacklists
plus SPF failed and spamassassin tossed some mail. That ESP is
down to
one
On 4/12/2016 11:38 AM, Curtis Villamizar wrote:
>
> On 04/12/16 06:25, Wietse Venema wrote:
>> Curtis Villamizar:
>>> I recently had a problem with mail where an ESP was in three
>>> blacklists
>>> plus SPF failed and spamassassin tossed some mail. That ESP is
>>> down to
>>> one blacklist now.
No. The report says everything is kosher.
Original Message
From: Curtis Villamizar
Sent: Tuesday, April 12, 2016 10:57 AM
To: li...@lazygranch.com; postfix-users@postfix.org
Subject: Re: reality-check on 2016 practical advice re: requiring inbound TLS?
Not an expert on DMARC
Not an expert on DMARC, but ...
On 04/12/16 01:56, li...@lazygranch.com wrote:
Just a quickie here on DMARC. I set one domain to "quarantine" and set up the
rua to email me a report. Thus far, only MS Hotmail sends me anything, even though I have
emailed yahoo accounts.
The MS Hotmail report
On 04/12/16 06:25, Wietse Venema wrote:
Curtis Villamizar:
I recently had a problem with mail where an ESP was in three blacklists
plus SPF failed and spamassassin tossed some mail. That ESP is down to
one blacklist now. A sender got to me out-of-band and I dug up the
maillog from a few days
On 04/12/16 12:06, Robert Schetterer wrote:
Am 12.04.2016 um 07:56 schrieb li...@lazygranch.com:
Just a quickie here on DMARC. I set one domain to "quarantine" and set up the
rua to email me a report. Thus far, only MS Hotmail sends me anything, even though I have
emailed yahoo accounts.
Am 12.04.2016 um 07:56 schrieb li...@lazygranch.com:
> Just a quickie here on DMARC. I set one domain to "quarantine" and set up the
> rua to email me a report. Thus far, only MS Hotmail sends me anything, even
> though I have emailed yahoo accounts.
>
> The MS Hotmail report is in XML, which
Curtis Villamizar:
> I recently had a problem with mail where an ESP was in three blacklists
> plus SPF failed and spamassassin tossed some mail. That ESP is down to
> one blacklist now. A sender got to me out-of-band and I dug up the
> maillog from a few days earlier and informed them about
Just a quickie here on DMARC. I set one domain to "quarantine" and set up the
rua to email me a report. Thus far, only MS Hotmail sends me anything, even
though I have emailed yahoo accounts.
The MS Hotmail report is in XML, which I can read in vim or whatever. I'm not
sure what they
On 04/11/16 04:09, lst_ho...@kwsoft.de wrote:
Zitat von jaso...@mail-central.com:
On Sun, Apr 10, 2016, at 07:46 PM, Bill Cole wrote:
On a system where you know enough about all your users to know that
they
don't want to get critical email from clueless sources, you can make
restrictive
Zitat von jaso...@mail-central.com:
On Sun, Apr 10, 2016, at 07:46 PM, Bill Cole wrote:
On a system where you know enough about all your users to know that they
don't want to get critical email from clueless sources, you can make
restrictive choices with no trouble. If you don't actually know
On Sun, Apr 10, 2016, at 07:46 PM, Bill Cole wrote:
> On a system where you know enough about all your users to know that they
> don't want to get critical email from clueless sources, you can make
> restrictive choices with no trouble. If you don't actually know that,
> choosing to require
On 10 Apr 2016, at 20:00, Curtis Villamizar wrote:
Great anecdote of a really bad email setup but ...
For a lot of us missing out on Ditech, a specialist in preditory
lending, is not a compelling reason not to enable SPF, DKIM and DMARC.
The power of a brand shows itself...
Whether or not
> On Apr 10, 2016, at 8:49 PM, li...@lazygranch.com wrote:
>
> I've yet to find email from an actual person that doesn't have DKIM or SPF.
I've never emailed you directly. This will be the first time.
--
Viktor.
ht be true.
Original Message
From: jaso...@mail-central.com
Sent: Sunday, April 10, 2016 4:08 PM
To: postfix-users@postfix.org
Subject: Re: reality-check on 2016 practical advice re: requiring inbound TLS?
On Sun, Apr 10, 2016, at 03:13 PM, Bill Cole wrote:
> On 9 Apr 2016, at 12:45,
In message <500a9284-b549-460d-8207-f52534e09...@billmail.scconsult.com>
"Bill Cole" writes:
>
> On 9 Apr 2016, at 12:45, jaso...@mail-central.com wrote:
>
> > I block on strict FAILs of any if SPF, DKIM or DMARC. *missing*
> > support for those is logged, but not - yet - acted on.
>
> This
On Sun, Apr 10, 2016, at 03:13 PM, Bill Cole wrote:
> On 9 Apr 2016, at 12:45, jaso...@mail-central.com wrote:
>
> > I block on strict FAILs of any if SPF, DKIM or DMARC. *missing*
> > support for those is logged, but not - yet - acted on.
>
> as is raising the bar too high on ciphersuites.
On 9 Apr 2016, at 12:45, jaso...@mail-central.com wrote:
I block on strict FAILs of any if SPF, DKIM or DMARC. *missing*
support for those is logged, but not - yet - acted on.
This is dangerous, as is raising the bar too high on ciphersuites.
Case in point: Ditech is one of the largest
On Sat, Apr 09, 2016 at 08:32:10PM -0700, li...@lazygranch.com wrote:
> One interesting take away is that the corporate email servers were less
> likely to have SPF and DKIM in use. On the weekends, more email was sent
> from home users who tended to use Google, Hotmail, etc., which did use
> SPF
In message <20160410024851.gu26...@mournblade.imrryr.org>
Viktor Dukhovni writes:
> On Sat, Apr 09, 2016 at 09:31:48PM -0400, Curtis Villamizar wrote:
>
> > > 1) It looks to me that starttls really only protects the path to the
> > >first server. Classic case being sending email over the
@postfix.org
Reply To: postfix-users@postfix.org
Subject: Re: reality-check on 2016 practical advice re: requiring inbound TLS?
On Sat, Apr 09, 2016 at 09:36:09PM -0400, Curtis Villamizar wrote:
> > https://www.google.com/transparencyreport/saferemail/
> > https://www.ietf.org/proceedings/95/s
On Sat, Apr 09, 2016 at 09:31:48PM -0400, Curtis Villamizar wrote:
> > 1) It looks to me that starttls really only protects the path to the
> >first server. Classic case being sending email over the non-secure
> >coffee shop wifi.
>
> If you are using TLS to port 587 then that is
On Sat, Apr 09, 2016 at 09:36:09PM -0400, Curtis Villamizar wrote:
> > https://www.google.com/transparencyreport/saferemail/
> > https://www.ietf.org/proceedings/95/slides/slides-95-irtfopen-1.pdf
> >
> >
with hover and DO.
Original Message
From: Curtis Villamizar
Sent: Saturday, April 9, 2016 6:32 PM
To: li...@lazygranch.com
Reply To: Curtis Villamizar
Cc: Viktor Dukhovni
Subject: Re: reality-check on 2016 practical advice re: requiring inbound TLS?
In message <20160409230701.5468245.39
In message <20160409210245.gs26...@mournblade.imrryr.org>
Viktor Dukhovni writes:
>
> On Sat, Apr 09, 2016 at 08:46:54AM -0700, jaso...@mail-central.com wrote:
>
> > I'm setting up mandatory TLS policy for a couple of private client
> > servers, using
> >
> > - smtpd_tls_security_level =
hovni
> > Sent: Saturday, April 9, 2016 2:03 PM
> > To: postfix-users@postfix.org
> > Reply To: postfix-users@postfix.org
> > Subject: Re: reality-check on 2016 practical advice re: requiring inbound
> > TLS?
> >
> > On Sat, Apr 09, 2016 at 08:46:54AM -0700
day, April 9, 2016 2:03 PM
To: postfix-users@postfix.org
Reply To: postfix-users@postfix.org
Subject: Re: reality-check on 2016 practical advice re: requiring inbound TLS?
On Sat, Apr 09, 2016 at 08:46:54AM -0700, jaso...@mail-central.com wrote:
> I'm setting up mandatory TLS policy for a coup
On Sat, Apr 9, 2016, at 02:02 PM, Viktor Dukhovni wrote:
> Your server, your rules, but be prepared to refuse a lot of legitimate
> email.
True, but that's neither my point, nor my goal.
And, THESE (sadly, neither of which I've seen)
> https://www.google.com/transparencyreport/saferemail/
On Sat, Apr 09, 2016 at 08:46:54AM -0700, jaso...@mail-central.com wrote:
> I'm setting up mandatory TLS policy for a couple of private client servers,
> using
>
> - smtpd_tls_security_level = may
> + smtpd_tls_security_level = encrypt
>
> I started wondering whether it wouldn't be a
On Sat, Apr 9, 2016, at 09:33 AM, li...@lazygranch.com wrote:
> Per the DROWN mitigation, I stopped allowing sslv2 and sslv3
Did that as well. Actually before even that point.
> so I made it a point to read the headers and look for encryption issues.
I admit I never even bothered to look
al.com
Sent: Saturday, April 9, 2016 8:47 AM
To: postfix-users@postfix.org
Subject: reality-check on 2016 practical advice re: requiring inbound TLS?
I'm setting up mandatory TLS policy for a couple of private client servers,
using
- smtpd_tls_security_level = may
+ smtpd_tls_secur
I'm setting up mandatory TLS policy for a couple of private client servers,
using
- smtpd_tls_security_level = may
+ smtpd_tls_security_level = encrypt
I started wondering whether it wouldn't be a bad thing to require ALL email
delivered to my server, from anywhere, to use TLS.
32 matches
Mail list logo