Recent content by ChFin

Hi all, we have a Proxmox HCI Cluster (proxmox-ve 6.4-1, kernel 5.4.114-1-pve) and Ceph 15.2.11. We would like to upgrade to version 7.4. Can we go in one step from 6.4 to 7.4 with Ceph 15.2.11 and then upgrade Ceph from octopus to pacific ? Are there any issues to be expected since Ceph...

@danielb Why did u implement a DKIM verifier? Isn't verification already done by the spamassassin DKIM plugin?

Meines Wissens ist das "Greylisting" über postscreen "deep protocol tests" realisiert. Es wird die Einhaltung des SMTP Protokolls geprüft und ist nicht zeitbasiert wie postgrey. (http://www.postfix.org/POSTSCREEN_README.html#after_220) Oder liege ich da falsch @ Proxmox-Team ?!

=> https://bugzilla.proxmox.com/show_bug.cgi?id=1648

Unsupervised learning from SpamAssassin rules ( = autolearning ) is enabled. It's efficient & fast. For a site-wide bayesian filter I doubt that any additional (manual) training by users provides better results especially when they provide ham as spam or vice versa. I personally don't see the...

See https://spfbl.net/delist/ for blocking reasons

Falls man die Spamassassin Regeln öfters als 1x täglich updaten möchte kann man das per cron erledigen. Zum Beispiel: # vi /etc/cron.hourly/sa-housekeeping # chmod 744 /etc/cron.hourly/sa-housekeeping #!/bin/sh SYSLOG_TAG=sa-update logger -d -p mail.info -t $SYSLOG_TAG "*** Start Spamassassin...

See Documentation Chapter 4.5.8 All SMTP checks are disabled for those entries (e. g. Greylisting, SPF, RBL, …)

You asked already about whitelists: https://forum.proxmox.com/threads/whitelist-dnsbl.41655/#post-200421 dnswl.org is already integrated into spamassassin. PS: https://wiki.apache.org/spamassassin/DnsBlocklists

Post the output of the following commands: # grep -i KEY /etc/pmg/pmg-api.pem # ls -la /etc/pmg/*.pem # openssl x509 -in /etc/pmg/pmg-api.pem -noout -text | grep -i Issuer To force/replace the certificate to a self signed one you can use the following command: # pmgconfig apicert --force 1

You can use the pam module: See here https://developers.yubico.com/yubico-pam/ Get a API Client ID: https://upgrade.yubico.com/getapikey/ In debian stretch it's just: # apt-get install libpam-yubico Create a yubikey mapping file /etc/yubikey_mappings <first user name>:<Yubikey token...

Use 2FA with OTP (e.g. https://www.yubico.com/). Use fail2ban.

Configuration->Spam Detector -> Use RBL checks "Yes"

What is the output of the test commands above? (if "dig" is not available install the dnsutils package with "apt-get install dnsutils") Do you have any URIBL_BLOCKED in your mail.log since you changed your dns?

RTFM: You can find the default templates in /var/lib/pmg/templates/. Copy the templates you need to /etc/pmg/templates/, then apply your changes there. After that run: # pmgconfig sync --restart 1 => see 4.3. Service Configuration Templates