Monday, December 9, 2013

SYNTAX Application Security Report

I am very proud to annouce the publication of SYNTAX IT Group Application Security Report (ASR)!
The Application Security Report is an annual SYNTAX publication summarizing the vulnerabilities discovered on application security engagements and provides an insight on current web and mobile application vulnerabilities.
As the primary author of this publication, I would like to thank my team and my colleagues for their help and support.
You can download the report by following this link:

Sunday, December 8, 2013

Fine-tunning Spamassassin and Citadel

This is actually a follow-up article of the previous publication: RPi Home Mail Server Project.

Unfortunately there are not enough articles regarding the configuration needed in order to integrate the open source spam filter Spamassassin and Citadel mail server.

First of all you should install Spamassassin by issuing the following commands:
> apt-get update
> apt-get install spamassassin spampd

Spam daemon (spampd) works as an incoming MTA which scans the emails and then forwards them to the mail server. By default, spampd listens to port 10025 and connects to port 10026, after the relevant processing.

Following this architecture, your firewall should forward SMTP and SMTPS incoming connections to spampd at port 10025 (one simple scenario is by creating a port forwarding rule) and then forward them to Citadel mail server at port 25. 

In order to achieve this, you have to edit /etc/default/spampd and change value DESTPORT from 10026 to 25. 

And you are done! Enjoy!