Postfix docs Search Results:

Looking for microsoft internet in entire archive - Found 87 matches in 11 files
Showing results 1 - 11
Postfix Configuration Parameters, Feb 8 2008
Enable inter-operability with SMTP clients that implement an obsolete version of the AUTH command (RFC 4954). Examples of such clients are MicroSoft Outlook Express version 4 and MicroSoft Exchange version 5.0.
The Internet protocols Postfix will attempt to use when making or accepting connections. Specify one or more of "ipv4" or "ipv6", separated by whitespace or commas. The form "all" is equivalent to "ipv4, ipv6" or "ipv4", depending on whether the operating system implements IPv6.
The internet domain name of this mail system. The default is to use $myhostname minus the first component. $mydomain is used as a default value for many other configuration parameters.
The internet hostname of this mail system. The default is to use the fully-qualified domain name from gethostname(). $myhostname is used as a default value for many other configuration parameters.
Specify a list of client patterns. A list pattern specifies a host name, a domain name, an internet address, or a network/mask pattern, where the mask specifies the number of bits in the network part.
Optional lookup tables that perform address rewriting in the SMTP client, typically to transform a locally valid address into a globally valid address when sending mail across the Internet.
This is needed when the local machine does not have its own Internet domain name, but uses something like localdomain.local
Obsolete Postfix < 2.3 control for the Postfix SMTP client TLS cipher list. As this feature applies to all TLS security levels, it is easy to create inter-operability problems by choosing a non-default cipher list. Do not use a non-default TLS cipher list on hosts that deliver email to the public Internet: you will be unable to send email to servers that only support the ciphers you exclude. Using a restricted cipher list may be more appropriate for an internal MTA, where one can exert some control over the TLS software and settings of the peer servers.
encrypt Mandatory TLS encryption. Since a minimum level of security is intended, it reasonable to be specific about sufficiently secure protocol versions and ciphers. At this security level and higher, the main.cf parameters smtp_tls_mandatory_protocols and smtp_tls_mandatory_ciphers specify the TLS protocols and minimum cipher grade which the administrator considers secure enough for mandatory encrypted sessions. This security level is not an appropriate default for systems delivering mail to the Internet.
parameter controls how the server name is verified. In practice explicit control over matching is more common at the "secure" level, described below. This security level is not an appropriate default for systems delivering mail to the Internet.
secure Secure-channel TLS. At this security level, DNS MX lookups, though potentially used to determine the candidate next-hop gateway IP addresses, are not trusted to be secure enough for TLS peername verification. Instead, the default name verified in the server certificate is obtained from the next-hop domain as specified in the smtp_tls_secure_cert_match configuration parameter. The default matching rule is that a server certificate matches when its name is equal to or is a sub-domain of the nexthop domain. This security level is not an appropriate default for systems delivering mail to the Internet.
Public Internet MX hosts without certificates signed by a "reputable" CA must generate, and be prepared to present to most clients, a self-signed or private-CA signed certificate. The client will not be able to authenticate the server, but unless it is running Postfix 2.3 or similar software, it will still insist on a server certificate.
For servers that are not public Internet MX hosts, Postfix 2.3 supports configurations with no certificates. This entails the use of just the anonymous TLS ciphers, which are not supported by typical SMTP clients. Since such clients will not, as a rule, fall back to plain text after a TLS handshake failure, the server will be unable to receive email from TLS enabled clients. To avoid accidental configurations with no certificates, Postfix 2.3 enables certificate-less operation only when the administrator explicitly sets "smtpd_tls_cert_file = none". This ensures that new Postfix configurations will not accidentally run with no certificates.
Obsolete Postfix < 2.3 control for the Postfix SMTP server TLS cipher list. It is easy to create inter-operability problems by choosing a non-default cipher list. Do not use a non-default TLS cipherlist for MX hosts on the public Internet. Clients that begin the TLS handshake, but are unable to agree on a common cipher, may not be able to send any email to the SMTP server. Using a restricted cipher list may be more appropriate for a dedicated MSA or an internal mailhub, where one can exert some control over the TLS software and settings of the connecting clients.

Postfix Configuration Parameters, Feb 8 2008
Enable inter-operability with SMTP clients that implement an obsolete version of the AUTH command (RFC 4954). Examples of such clients are MicroSoft Outlook Express version 4 and MicroSoft Exchange version 5.0.
The Internet protocols Postfix will attempt to use when making or accepting connections. Specify one or more of "ipv4" or "ipv6", separated by whitespace or commas. The form "all" is equivalent to "ipv4, ipv6" or "ipv4", depending on whether the operating system implements IPv6.
The internet domain name of this mail system. The default is to use $myhostname minus the first component. $mydomain is used as a default value for many other configuration parameters.
The internet hostname of this mail system. The default is to use the fully-qualified domain name from gethostname(). $myhostname is used as a default value for many other configuration parameters.
Specify a list of client patterns. A list pattern specifies a host name, a domain name, an internet address, or a network/mask pattern, where the mask specifies the number of bits in the network part.
Optional lookup tables that perform address rewriting in the SMTP client, typically to transform a locally valid address into a globally valid address when sending mail across the Internet.
This is needed when the local machine does not have its own Internet domain name, but uses something like localdomain.local
Obsolete Postfix < 2.3 control for the Postfix SMTP client TLS cipher list. As this feature applies to all TLS security levels, it is easy to create inter-operability problems by choosing a non-default cipher list. Do not use a non-default TLS cipher list on hosts that deliver email to the public Internet: you will be unable to send email to servers that only support the ciphers you exclude. Using a restricted cipher list may be more appropriate for an internal MTA, where one can exert some control over the TLS software and settings of the peer servers.
encrypt Mandatory TLS encryption. Since a minimum level of security is intended, it reasonable to be specific about sufficiently secure protocol versions and ciphers. At this security level and higher, the main.cf parameters smtp_tls_mandatory_protocols and smtp_tls_mandatory_ciphers specify the TLS protocols and minimum cipher grade which the administrator considers secure enough for mandatory encrypted sessions. This security level is not an appropriate default for systems delivering mail to the Internet.
parameter controls how the server name is verified. In practice explicit control over matching is more common at the "secure" level, described below. This security level is not an appropriate default for systems delivering mail to the Internet.
secure Secure-channel TLS. At this security level, DNS MX lookups, though potentially used to determine the candidate next-hop gateway IP addresses, are not trusted to be secure enough for TLS peername verification. Instead, the default name verified in the server certificate is obtained from the next-hop domain as specified in the smtp_tls_secure_cert_match configuration parameter. The default matching rule is that a server certificate matches when its name is equal to or is a sub-domain of the nexthop domain. This security level is not an appropriate default for systems delivering mail to the Internet.
Public Internet MX hosts without certificates signed by a "reputable" CA must generate, and be prepared to present to most clients, a self-signed or private-CA signed certificate. The client will not be able to authenticate the server, but unless it is running Postfix 2.3 or similar software, it will still insist on a server certificate.
For servers that are not public Internet MX hosts, Postfix 2.3 supports configurations with no certificates. This entails the use of just the anonymous TLS ciphers, which are not supported by typical SMTP clients. Since such clients will not, as a rule, fall back to plain text after a TLS handshake failure, the server will be unable to receive email from TLS enabled clients. To avoid accidental configurations with no certificates, Postfix 2.3 enables certificate-less operation only when the administrator explicitly sets "smtpd_tls_cert_file = none". This ensures that new Postfix configurations will not accidentally run with no certificates.
Obsolete Postfix < 2.3 control for the Postfix SMTP server TLS cipher list. It is easy to create inter-operability problems by choosing a non-default cipher list. Do not use a non-default TLS cipherlist for MX hosts on the public Internet. Clients that begin the TLS handshake, but are unable to agree on a common cipher, may not be able to send any email to the SMTP server. Using a restricted cipher list may be more appropriate for a dedicated MSA or an internal mailhub, where one can exert some control over the TLS software and settings of the connecting clients.

Postfix Configuration Parameters, Feb 8 2008
Enable inter-operability with SMTP clients that implement an obsolete version of the AUTH command (RFC 4954). Examples of such clients are MicroSoft Outlook Express version 4 and MicroSoft Exchange version 5.0.
The Internet protocols Postfix will attempt to use when making or accepting connections. Specify one or more of "ipv4" or "ipv6", separated by whitespace or commas. The form "all" is equivalent to "ipv4, ipv6" or "ipv4", depending on whether the operating system implements IPv6.
The internet domain name of this mail system. The default is to use $myhostname minus the first component. $mydomain is used as a default value for many other configuration parameters.
The internet hostname of this mail system. The default is to use the fully-qualified domain name from gethostname(). $myhostname is used as a default value for many other configuration parameters.
Specify a list of client patterns. A list pattern specifies a host name, a domain name, an internet address, or a network/mask pattern, where the mask specifies the number of bits in the network part.
Optional lookup tables that perform address rewriting in the SMTP client, typically to transform a locally valid address into a globally valid address when sending mail across the Internet.
This is needed when the local machine does not have its own Internet domain name, but uses something like localdomain.local
Obsolete Postfix < 2.3 control for the Postfix SMTP client TLS cipher list. As this feature applies to all TLS security levels, it is easy to create inter-operability problems by choosing a non-default cipher list. Do not use a non-default TLS cipher list on hosts that deliver email to the public Internet: you will be unable to send email to servers that only support the ciphers you exclude. Using a restricted cipher list may be more appropriate for an internal MTA, where one can exert some control over the TLS software and settings of the peer servers.
encrypt Mandatory TLS encryption. Since a minimum level of security is intended, it reasonable to be specific about sufficiently secure protocol versions and ciphers. At this security level and higher, the main.cf parameters smtp_tls_mandatory_protocols and smtp_tls_mandatory_ciphers specify the TLS protocols and minimum cipher grade which the administrator considers secure enough for mandatory encrypted sessions. This security level is not an appropriate default for systems delivering mail to the Internet.
parameter controls how the server name is verified. In practice explicit control over matching is more common at the "secure" level, described below. This security level is not an appropriate default for systems delivering mail to the Internet.
secure Secure-channel TLS. At this security level, DNS MX lookups, though potentially used to determine the candidate next-hop gateway IP addresses, are not trusted to be secure enough for TLS peername verification. Instead, the default name verified in the server certificate is obtained from the next-hop domain as specified in the smtp_tls_secure_cert_match configuration parameter. The default matching rule is that a server certificate matches when its name is equal to or is a sub-domain of the nexthop domain. This security level is not an appropriate default for systems delivering mail to the Internet.
Public Internet MX hosts without certificates signed by a "reputable" CA must generate, and be prepared to present to most clients, a self-signed or private-CA signed certificate. The client will not be able to authenticate the server, but unless it is running Postfix 2.3 or similar software, it will still insist on a server certificate.
For servers that are not public Internet MX hosts, Postfix 2.3 supports configurations with no certificates. This entails the use of just the anonymous TLS ciphers, which are not supported by typical SMTP clients. Since such clients will not, as a rule, fall back to plain text after a TLS handshake failure, the server will be unable to receive email from TLS enabled clients. To avoid accidental configurations with no certificates, Postfix 2.3 enables certificate-less operation only when the administrator explicitly sets "smtpd_tls_cert_file = none". This ensures that new Postfix configurations will not accidentally run with no certificates.
Obsolete Postfix < 2.3 control for the Postfix SMTP server TLS cipher list. It is easy to create inter-operability problems by choosing a non-default cipher list. Do not use a non-default TLS cipherlist for MX hosts on the public Internet. Clients that begin the TLS handshake, but are unable to agree on a common cipher, may not be able to send any email to the SMTP server. Using a restricted cipher list may be more appropriate for a dedicated MSA or an internal mailhub, where one can exert some control over the TLS software and settings of the connecting clients.

The Standard: Behind the Big Blue Wall, Feb 8 2008
Since that phone call, the open-source movement at IBM, which had been a ripple within the organization, has become a tidal wave. IBM has made Linux, the popular open-source operating system, its choice for the Internet. Linux will run on every computer model sold by Big Blue, from its wristwatch-computer prototype to its mainframes. In December, Gerstner announced plans to spend $1 billion in 2001 researching, developing and marketing Linux-based products and services worldwide.
By changing their game to embrace Linux, IBM execs hope to avoid missing another paradigm shift - as they missed the PC revolution and, to a lesser degree, the Internet. In the early '80s, IBM developed one of the first personal computers but was too focused on maintaining its mainframe business to see the PC tsunami building. Years of financial losses, totaling $8 billion by 1993, resulted. The company also did pioneering work on the Arpanet, the Internet's predecessor, but has watched its networking business all but dry up. Gerstner isn't about to let another big wave pass him by.
"Only the greatest of sinners know how to repent," says John Patrick, IBM's VP of Internet technology. "We've seen this kind of radical shift before. With Linux, we're trying very hard to anticipate the full impact."
Created by Finnish college student Linus Torvalds in 1991, Linux is an open-source operating system; unlike Microsoft (MSFT)'s Windows, its source code is available for anyone to use and alter, as long as they in turn freely broadcast their changes. Advocates say open-source software is more secure, reliable and flexible than closed, proprietary programs. Long popular among hard-core technologists, Linux is now the fastest-growing server operating system in the world, IDC reports.
* Microsoft Corporation (MSFT)
* Sun, Microsoft Servers Vulnerable to New Worm
* Napster Reportedly Wants Microsoft's Anti-Piracy Technology
* Microsoft Ups Ante in Game Wars
Microsoft Office XP
Provided by Microsoft
Check out Microsoft Office XP at a Launch Event near you

http://www.postfix.org/linuxmag.200006/postfix.html, Feb 8 2008
ahezu unüberschaubar ist die Flut von Diensten, die das Internet mittlerweile bietet. Einer der wichtigsten Dienste bleibt jedoch das Versenden und Empfangen von Mails. Ohne Open-Source-Tools wäre das undenkbar - gerade Sendmail gehört zu den am weitesten verbreiteten Mail Transfer Agents (MTA).
Leider ist der monolithische Sendmail alles andere als leicht zu pflegen. In solch ein "Multifunktions-Tool" schleichen sich zwangsläufig Fehler ein - eine neue Sicherheitslücke in Sendmail gehörte in der Vergangenheit zu den Treppenwitzen der Internet-Geschichte schlechthin.
Postfix kann auch mit "virtual domains" umgehen. Das ist vor allem für Internet Service Provider interessant. Anstatt für jede Domäne einen eigenen Mailserver aufzubauen, kann Postfix das genauso wie Sendmail oder Qmail übernehmen. Wer das schon einmal unter Sendmail konfiguriert hat, wird erstaunt sein, wie einfach es ist. Am besten verwendet man dazu die leere Datei /etc/postfix/virtual aus den Beispielen. Die Einträge sollen in etwa folgendermaßen aussehen:
Lediglich der Rechner, der den Connect zum Mailhost aufgebaut hat, ist im Header ersichtlich. Meistens ist das ein Dialin-Account, der einmalig für solche Aktionen verwendet und danach nie wieder benutzt wird. Außerdem kann ein "normaler" Benutzer nichts mit den Informationen eines Mailheaders anfangen. Somit bleiben die Absender weitgehend anonym. Deshalb soll kein Rechner, der über das Internet erreichbar ist, Mails relayen!
Untersuchung Mailer im Internet
5.7 650 Windows Microsoft Exchange
134 MacOS Eudora Internet Mail Server, früher AIMS

SecurityPortal - Postfix - The Sendmail replacement part II, Feb 8 2008
Microsoft
Microsoft
Microsoft
This is probably the best way of restricting incoming email to valid email accounts only. Let's assume you have a decent-sized corporate LAN based on Windows and are using Exchange server for email. Exchange can only validate incoming email based on the domain, not the user, and since it will attempt to deliver the email for 48 hours, your system can get quickly clogged up - with no easy way to clean it out. Place your Exchange server behind a firewall so no one on the Internet can connect to it directly, and then place a Postfix server on the public side. Add this to your main.cf:
/^Subject: Make money fast/ REJECT /^X-Mailer: Microsoft Outlook Express/ REJECT
IWON: NetWolves Says GE To Use Its Internet Security System
Boston Internet: RSA Security Opens Ireland Plant

SecurityPortal - Kurt's Closet: Postfix - the Sendmail replacement, Feb 8 2008
Microsoft
Microsoft
Microsoft
September 15, 1999 – Most, if not all the readers of this column run a mail server, and more then likely it is running Sendmail. In all fairness Sendmail is a damn good MTA (Mail Transfer Agent), Eric Allman originally wrote it with one main goal in mind: the mail must get through. Unfortunately, when Sendmail was originally written security wasn't a major concern on the Internet and it shows. Sendmail runs almost exclusively as the root user on most systems, meaning any flaws are potentially very serious. In addition to this Sendmail isn't very good at handling high loads. New mailers, such as Postfix, Zmailer, and Qmail are several times faster then Sendmail on the same hardware. Until recently most of the alternative mailers to Sendmail were not drop-in replacements, to replace Sendmail was a painful task, and the new software typically behaved differently then Sendmail. Postfix was designed from the start to address all these problems.
IWON: NetWolves Says GE To Use Its Internet Security System
Boston Internet: RSA Security Opens Ireland Plant

Sharing Software, IBM to Release Mail Program Blueprint, Feb 8 2008
The program, Secure Mailer, serves as an electronic post office for server computers connected to the Internet. It was developed by Wietse Venema, an IBM researcher and computer security specialist.
Executives said they were using the free, open-source model of software distribution to insure that the program would be widely available on the dozens of kinds of computers that are used to route Internet mail traffic.
"This is IBM's Christmas present to the Internet," said Abner Germanow, a computer security analyst at the International Data Corp., a market research firm. "For these are core pieces of software, and we're going beyond trying to make money off of them, to the idea that by freely sharing them it will make the world a better place."
Secure Mailer offers an alternative to several other freely available programs that route Internet mail, including Sendmail and Q Mail, as well as to commercial programs like Microsoft's Exchange.

Postfix and Mailman deliver enhanced e-mail security and performance, Feb 8 2008
hile e-mail is the most mature and most widely diffused Internet application, it hasn't stopped growing. The last year alone has seen several exciting developments and announcements, even in the oldest and least "sexy" domains: mail transfer agents and mailing list managers.
Postfix isn't Sendmail's only challenger. Zmailer, Smail, qmail, Post.Office, exim, the Sun Internet Mail Server (SIMS), MMDF, CommuniGate, PMDF, Netscape Messaging Server, and a variety of other products offer specific benefits for Unix-hosted e-mail service. Postfix is the newest of these, however, and worth a look.
News & Views: - Silicon Carny: A lazy afternoon - Man evolves to machine - SCO grasping at the Linux straw? - Anything to everything - The physical data architecture - New Product Briefs (March 1, 1999) - - Sun extends Community Source Licensing to chip architectures - The latest tidbits on Sun deals and product news - The network is the story: News on the latest Internet standards and struggles - - Up-to-the-minute news on Sun's rivals - Regular Expressions: Dylan's appeal - LinuxWorld: IBM fills out Linux offerings - New Product Briefs (March 1, 1999) - Microsoft touts E-commerce strategy - News from LinuxWorld Expo - Highlights from LinuxWorld Expo - Open source software braces for another big year - Sun licenses Java Media APIs to Linux developers - Sun licenses Java Media APIs to Linux developers - Sun unveils new application server strategy - Gates predicts NT's high-end success next year - New Product Briefs (March 1, 1999) - Sun, NTT DoCoMo team on Java, Jini - Sun keeps its foot in Java's door - Intel unveils Pentium III Xeon - SCO dresses up UnixWare for the data center - CEBIT: Linux Alley Is crowded, but lacks apps - IDC: Worldwide server revenues down in Q4/98, volume up - Sun, AOL form e-commerce "virtual company" - AOL reorganizes to fold in Netscape

Sys Admin Magazine Online, Feb 8 2008
Wietse Venema, probably best known as the developer of SATAN and the TCP Wrapper security tools, has now created Secure Mailer. In December of 1998, IBM released Secure Mailer as open source software providing a new, freely available alternative to the nearly universal Sendmail program. The program, more commonly known in open-source circles as Postfix, attempts to be fast, easy to administer, and secure. One of the primary goals of Postfix is to be widely implemented in order to make the most significant impact on the performance and security of Internet email overall.
Sendmail by some estimates handles nearly three-quarters of all email on the Internet, but it has had a bit of a checkered past with a history of security problems. A scan through the CERT Advisories quickly turned up more than a dozen Sendmail incidents.
Kyle Dent is the founder and owner of SeaGlass Technologies, Inc. a company specializing in secure Web hosting/development and Internet/security consulting. He can be reached at: kdent@seaglass.com.
SDMG Websites: C/C++ Users Journal, Dr. Dobb's Journal, MSDN Magazine, Sys Admin, SD Expo,SD Magazine, Unixreview.com, Windows Developer's Journal

Postfix SASL Howto, Feb 8 2008
Reportedly, Microsoft Outlook (Express) requires the non-standard LOGIN authentication method. To enable this authentication method, specify ``./configure --enable-login''.
Older Microsoft SMTP client software implements a non-standard version of the AUTH protocol syntax, and expects that the SMTP server replies to EHLO with "250 AUTH=mechanism-list" instead of "250 AUTH mechanism-list". To accommodate such clients (in addition to conformant clients) use the following:
The "submission" destination port tells Postfix to send mail via TCP network port 587, which is normally reserved for email clients. The default is to send mail to the "smtp" destination port (TCP port 25), which is used for receiving mail across the internet.

New Query: Rank by:
Search results by Webglimpse Advanced Site Search Engine