Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
I have applied the following filters (milters) in my Postfix incoming mail server:
DKIM milter
SenderID milter
SPF policy.
All three append headers in the received e-mail regarding their checks.
I want to know how much protection do these provide me against spoofing and do i need something more?
Thanks in advance.
Ashish
Answer to my post is as follows:
DKIM is not effective against spoofing as it's a means to check for non-repudiation of the email message and to verify the integrity and origin of data.
SenderID and SPF are 100% effective against spoofing only when the mail server whose mail account being spoofed has implemented SenderID or SPF.
i.e if a mail server is receiving mail on behalf of such mail server that has SPF or SenderID implemented then the receiving mail server can assure itself against spoofing by checking for later mail server's SPF or SenderID record.
Now since SPF and SenderID are not in e-mail must haves
and SMTP also doesn't care for sender authentication in the protocol itself ,
so a lot of mail server don't implement any of these
and with these three filters alone one can't be 100% sure that a particular mail being received on behalf of a given e-mail domain actually belongs to that e-mail domain or not, for all of the available mail servers on the internet.
Related
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 3 years ago.
Improve this question
Some URLs have both https and www.
What is the reason behind this?
For example, https://www.facebook.com starts with https://www. Is this redundant?
https is the protocol. It stands for hyper text transfer protocol (over TLS).
It means that you surf on websites and it is encrypted. By default, the protocol is http(no encryption) but this is often redirected to https.
www is the server.
It can be anything but in most cases, the web server is www. Also, the domains redirect you to the webserver (if it is configured that way) if you don't type it in explicitely.
Lastly, facebook.com is the domain.
Facebook registered to own the domain facebook.com. (.com are normally commercial websites) With that, they can deploy servers on addresses that end with .facebook.com in a way that they are found.
e.g. https://www.facebook.com means that you want to talk using the protocol https(secure web transfer) with the www server of facebook.com.
I have an exchange 2010 multi-tenant email server that has email addresses of many domains. I want to setup a spam filter for my mail server I have been looking on the internet but cant figure out the best solution to implement. Spamassasin with Postfix. Spamassasin i understand does not delete any emails but just marks the email. Postfix can be used as a MTA to forward email to the mail server. but postfix does not store any emails. how can i implement a solution whereby i have a server that stores all ham and spam emails but only forwards the ham emails to my mail server so i can check the spam server if there is any false positives. If you could please just give pointers in the right direction
thanks
Rehan Miah
Just set up spamassassin to mark all of the likely spam emails (set the score pretty high on day 1) and then set a Transport Rule on Exchange that intercepts the spams based on the string added to the subject field, and then does something with them (delete them, drop them in a spam trap mailbox, whatever).
Have the spamassassin box be the MX for the domains and then forward to the Exchange server (have the Exchange consider it a trusted sender) but make sure to lock spamassassin down to only allow mails sent to domains you care about.
If you have multiple domains, set up a test domain to try the spamassassin setup on before getting serious with clients' domains.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 6 years ago.
Improve this question
i tried to block countries nginx.conf with below codes:
geoip_country /usr/share/GeoIP/GeoIP.dat;
map $geoip_country_code $allow_visit {
default yes;
RU no;
}
But im using CLoudFLare /cdn service.so when i block some countries.sometimes i cannot login to my system.Coz cloudflare servers maybe in my block countries.So i should remove cloudflare ips from block country list.But how can i do that?
any advice?
im using ubuntu 14.04 / nginx on my server..
*
and now im under the attack.You guys know, theres cyber war so i
should solve this problem fastly.
*
Thanks in advance.
CloudFlare allows you to block certain countries from accessing your website at the CloudFlare level. To do so:
Select your domain in your CloudFlare Control Panel
Select the "Firewall" tab
On the "IP Firewall" tab, you can enter a IP, IP range, or Country and click block.
This will block the country from all your websites on the CloudFlare level, before any attack even hits your server.
If you require to block it with your Nginx solution rather than CloudFlare's firewall for whatever reason, you can look at enabling "IP Geolocation" under the "Network" tab of the Control Panel. This adds the header "HTTP_CF_IPCOUNTRY" to all requests, and will contain the Country Code (I.e US, UK, RU) in the header.
If you need to block any requests based off certain IPs, or perform the IP lookup yourself. Then you should use the default CloudFlare header that is included with every request that holds the client's IP named "CF-Connecting-IP".
For future information, CloudFlare has a good article written here on how they handle their headers.
If you are using the free plan (cloudflare), you won't get the visitor IP address, so using geoip_country which matching IP <-> Country is not working.
You should turn on IP Geolocation in CloudFlare, and config nginx to read that country code.
Meanwhile, make sure your origin server only accept connection from CloudFlare IP range.
Details on how to config nginx: http://nginxlibrary.com/using-cloudflare-for-country-blocking/
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
I have server, bought from Linode. I decided to setup a mail server on it. I have about 20 domains will be pointing it.
I have a couple of questions;
This is the combination i will use; postfix + dovecot + squirrelmail. Are there better alternatives? I am completely open for recommadations because this is the first time i will setup a mail server.
Is it possible to use multiple domains with one mail server?
If it is possible to work with multiple domains, is it require a complicated and painful configuration?
Note: I can't use Google Apps because 40 EUR for per mail address is very expensive when you have a hundred mail address.
You have to have at least a basic understanding of how DNS works. It can be kind of a pain, but if you use one of the postfix plugins for management, should be fine. But yes, multi-domains on the same server is fine, it just has to know that it is representing those host hame records, and your DNS for your domains needs to be configured to have the MX records point at your server's IP.
I am about to setup SmarterMail v9.0 on our Windows 2008 server (IIS7) and would first like to know what some security considerations are when opening up port 25 and/or 587 - ie how to prevent relaying, etc.
Thank you.
You must not accept email from untrusted users/sources which is not bound for domains you control.
An open relay is a mail server which allows anyone on the Internet to email anyone else, without verifying that either the source or the destination is known - thus, a relay.
You can check that the source is known by looking for a trusted IP subnet, or by requiring authentication before mail can be sent (via LOGIN over TLS, GSSAPI [called "Integrated Windows Authentication" or whatever], X.509 client certs, or the like).
You can check that the destination is known by comparing it to the list of domains for which your mail server will be the "last stop" (or a relay to another domain you control).
Either a known source or a known destination should be sufficient, but you may also want to make sure that mail inbound for your domains is at least borderline valid (originates from a domain with an MX server, for instance).
Separately, you must be conscious of DoS issues (rate limit inbound mail), and the ability to use your server to send backscatter spam. Backscatter is when I connect to your mail server and say, "why yes, I am unsuspecting_target#not_my_domain.com, please queue up this message for not_an_address#yourdomain.com". Then your mail server delivers a "bounce" message to the unsuspecting target. To mitigate this, you can verify that the recipient is known before accepting mail, or limit the rate at which mail can be accepted from one host, or try to check that the host delivering a message is authorized to use that envelope sender.
These are all well-solved problems.