[Postfix RPMs] postfix-2.0.16-2 RPMs available (verisign-patch rpms)
Simon J Mudd
sjmudd at pobox.com
Wed Sep 17 23:08:21 CEST 2003
Some of you may have noticed that there has been a thread on postfix-users
regarding a change by versign which makes the checks against invalid .com
and .net domains return an ip address owned by verisign.
People trying to access something like www.dldfñsl-rubbish-dfkdl.com will
be directed to a verisign web page rather than being told the domain does
not exist by the DNS failure. You can not now determine invalid sender.
As far as mail is concerned the following restrictions no longer work in
the .com and .net domains:
reject_unknown_sender_domain
reject_unknown_recipient_domain
Postfix will be told to try and talk to a Verisign mail server which will
reject the mail. People are concerned that Verisign can harvest invalid
domain names and gain valuble information from this change and that it
breaks the DNS.
Wietse has provided a patch which I have applied to postfix-2.0.16-2 RPM.
I haven't yet released a postfix-2.0.16 RPM as the TLS patches are still
not available.
However for those of you who are interested you can obtain the new rpm
(source rpm and rh9 binary) at their usual locations.
http://postfix.wl0.org/ftp/SRPMS
http://postfix.wl0.org/ftp/RPMS-rh9-i386/
I'll release a postfix-2.0.16-3 once the TLS patches are available for
2.0.16.
Regards,
Simon
+-------------------------------------------------------------------------+
| Previous messages sent to this list can be found at: |
| |
| http://www.WL0.org/cgi-bin/wilma/postfix-rpm-announce |
| |
| To unsubscribe: send the line "unsubscribe postfix-rpm-announce" in the |
| BODY of a message to majordomo at WL0.org |
+-------------------------------------------------------------------------+
More information about the Postfix-rpm-announce
mailing list