I have a server at Eskimo North running CentOS 7, primary DNS (Bind 9), Postfix
2.10, Dovecot, Apache-2.4.34, php-7.2.8, and I have an SSL certificate
from RapidSSL. I am also running rainloop.
In the ongoing effort to tighten up security, I note that I have not
successfully deployed Domain Keys or DKIM. I still don't know how to do
this.
I have Postfix set up with submission, but how to get Rainloop to use that I'm
not certain. I'm concerned that there is no obvious config file
line for Rainloop to store the smtp username and smtp password and that
Rainloop is using plain old port 25.
Does port 25 have to be open or can I get away with just the submission port? I
use fetchmail to retrieve incoming email from Eskimo North.
The output and errors from postconf -n follow:
[root@goose postfix]# cat postfix_config.txt
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd
$daemon_directory/$process_name $process_id & sleep 5
html_directory = no
inet_interfaces = all
inet_protocols = ipv4
mail_owner = postfix
mailbox_command = /usr/bin/procmail -a "$EXTENSION"
mailbox_size_limit = 0
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
masquerade_domains = $mydomain
mydestination = localhost.$mydomain, localhost, $mydomain
mydomain = robinson-west.com
myhostname = goose.robinson-west.com
mynetworks = 127.0.0.0/8, 204.122.17.0/24
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
postscreen_access_list = permit_mynetworks,
cidr:/etc/postfix/postscreen_access.cidr
postscreen_dnsbl_action = enforce
postscreen_dnsbl_reply_map = texthash:/etc/postfix/dnsbl_reply
postscreen_greet_action = enforce
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
sample_directory = /usr/share/doc/postfix-2.10.1/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options =
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname at Eskimo North
smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination
check_helo_access hash:/etc/postfix/helo_access reject_unknown_helo_hostname
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = reject_unknown_sender_domain
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /opt/etc/certs/cert/server.crt
smtpd_tls_key_file =
/opt/etc/certs/private/goose_robinson-west_com_RSA_private_nopass.key
smtpd_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
soft_bounce = no
unknown_local_recipient_reject_code = 550
smtpd_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
soft_bounce = no
unknown_local_recipient_reject_code = 550
[root@goose postfix]# cat error-postfix-config.txt
postconf: warning: /etc/postfix/main.cf: unused parameter:
postfix_dnsbl_threshold=2
postconf: warning: /etc/postfix/main.cf: unused parameter:
postfix_dnsbl_sites=zen.spamhaus.org*2?bl.spamcop.net*1 b.barracudacentral.org*1
postconf: warning: /etc/postfix/master.cf: unused parameter:
smptd_sasl_local_domain=$myhostname
_______________________________________________
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug
