[Ach] Postfix

christian mock cm at coretec.at
Sun Jan 12 01:42:28 CET 2014

On Mon, Dec 30, 2013 at 06:37:43PM +0100, Kurt Roeckx wrote:

> But postfix also supports DANE, which can be used for mandatory
> authentication, at which point postfix will also require stronger
> encryption.  I think we should encourage people to set up DNSSEC
> and DANE.

Yup. That why it is in the "further research" section, but we didn't
include it because nobody had the time to write those sections.

Writing about DANE, however, only makes sense if we also have a DNSSEC
section -- would you be willing to write any of them?

> There are also known compatibility issues with exchange on windows
> 2003 where the 3DES CBC padding is broken.  It also only looks at the

Oh look, there's our XP problem again, in disguise! :-)

I haven't noticed any problems, however, neither at home nor at work,
and the latter postfix probably communicates with a few of those

Also, I'm not sure whether we should include this type of workarounds
-- what is the general opinion?


Christian Mock                          Wiedner Hauptstr. 15
Senior Security Engineer                1040 Wien
CoreTEC IT Security Solutions GmbH      +43-1-5037273
FN 214709 z

CoreTEC: Web Application Audit - Damit so etwas nicht passiert!



More information about the Ach mailing list