Noticed repeating SMTP queries from zx2.quadmetrics.com – after EHLO they QUIT. What information do they gather? What is the purpose? Is it better to block them?
i’m tring to install a smtp server which uses randomly other smtp-servers to send emails. Here is an example setup:
if a email is send using smtp1.domain.de the smtp server will look in a list or something and select one of the smtps provided there with domain email and password. For example:
It would be nice if the select process is scriptable with python or something or may be completly random.
Thanks for your help.
Looking for general mail server security best practices here.
I did some research and it’s really hard to find the information out there.
How do you safe guard a smtp server log? Are there any encryption tools out there? Our reason is if the server is compromised, at least the logs are not in plaint text format for attackers to see without obtain our tool/keys.
It seems like most SMTP servers out there stores recipient information in the log files, how can we ensure these information are not stored or at a minimum are scrambled. Is that possible?
Thank you and I’m still researching on the subject.
Assume Mallory knows the server, username and password that Alice uses to send email via smtp. Can Mallory read Alice’s email? Does it depend on the specific system or configuration?
GTS CA 1O1 as the common name instead of
Google Internet Authority G2. What is the difference between the two.
GTS CA 1O1 refers to the one listed here https://pki.goog/?
GTS CA 1O1 valid until Dec 15, 2021. So by Dec 15, 2021, I should regenerate the local crt file by
openssl x509 -inform DER -in GTS1O1.crt -outform PEM -out gmail-smtp.crt
$ msmtp --serverinfo --tls=on --tls-starttls=off --host=smtp.gmail.com SMTP server at smtp.gmail.com ([18.104.22.168]), port 465: smtp.gmail.com ESMTP a10sm3703146oic.46 - gsmtp TLS session parameters: (TLS1.3)-(ECDHE-X25519)-(RSA-PSS-RSAE-SHA256)-(AES-256-GCM) TLS certificate information: Owner: Common Name: smtp.gmail.com Organization: Google LLC Locality: Mountain View State or Province: California Country: US Issuer: Common Name: GTS CA 1O1 Organization: Google Trust Services Country: US Validity: Activation time: Tue Nov 5 15:45:23 2019 Expiration time: Tue Jan 28 15:45:23 2020 Fingerprints: SHA256: 50:E7:13:03:7B:A8:D8:28:3C:D2:66:AC:58:E3:76:6D:BB:DB:E2:9D:B6:8F:54:38:10:BC:A5:93:67:25:7D:4D SHA1 (deprecated): F4:D9:49:8F:FA:F0:06:D1:B8:D7:AE:A8:56:A3:36:B4:FB:76:3E:32 Capabilities: SIZE 35882577: Maximum message size is 35882577 bytes = 34.22 MiB PIPELINING: Support for command grouping for faster transmission AUTH: Supported authentication methods: PLAIN LOGIN OAUTHBEARER
Need help with enable TLS in Postfix for SMTP Relay connector to Office365
I am new to TLS.
I`ve successfully configured my Postfix SMTP Relay to relay emails to my internal Application by using office365 connector on 25 port.
Due to Security concerns need to relay SMTP to port 587 TLS.
PLS any one help me to how to configure TLS in Postfix SMTP Relay from scratch?
I want to set up email server to transactional emails and about 200K newsletter twice in a month. I have used SendGrid for approx 2 years now but due to budget issues am planning to set up my own server.
I was just wondering if we could use SMTP details after installing control pane like WebMin or Webuzo or I have to setup postfix on VPS?
When setting up the WPForms WP Mail SMTP plugin, I got this choice:
Encryption: ( ) None ( ) SSL ( ) TLS
For most servers TLS is the recommended option. If your SMTP provider offers both SSL and TLS options, we recommend using TLS.
What do those options mean? Do they mean (like in normal conversation):
- SSL = SSLv3
- TLS = at least TLS 1.0
or do they mean (like in Outlook and some other mail clients):
- SSL = TLS
- TLS = STARTTLS
I was assuming the latter, because that is really common with mail stuff.
But if that is the case, why would the plugin recommend to prefer “TLS” (STARTTLS, which is insecure) to “SSL” (TLS, which is safe)?
I am looking for something similar to sendgrid.com but that are able to send cold emails, not subscriber based email delivery.
I have a list of 50k emails, mostly yahoo and gmail and i need a decent delivery rate.
I am a bit confused when it comes to spammers sending spam from botnets. I know that protection mechanisms like SPF and DKIM are there to validate the mail through ip whitelisting and cryptographic signing. But how would a spammer send a huge amount of emails if he was spoofing a domain without SPF and DKIM? Because even if he had many bots, he would have to use a third party provider like gmail or yahoo, because they do have FQDN’s. And an attacker would not use gmail or something similar since it would easily be detected and it would probably not allow host spoofing.
So, is a FQDN needed to deliver spam emails or do botnets set up their own local smtp server on each bot and send from there? Won’t this traffic be blocked somewhere? It is just not clear to me, how a spammer would typically set up the smtp server structure. How are these spam floods possible?