I am noticing that the stock dovecot is old and the stock postfix is old, but postfix isn't so old that there's no postscreen.
I understand that the submission port is supposed to be encrypted and that changes have to be made to postfix/dovecot/and even MUAs to do SMTP Authority. My target MUA's are evolution and rainloop, an html based mail client. Running an smtp server that doesn't require you to login is probably a bad idea, but this logging in is extremely difficult to get working. I think the trouble I'm having is the age of the stock postfix and dovecot. Not wanting to recompile them and lose CentOS's maintenance work, I could use some good tips on how to find documentation specific to the versions I have. A related question, can I dynamically block Internet IP's that try three times unsuccessfully to send me email because they identify invalidly helo, they fail smtp auth three times, or they try to relay somewhere else through me? If I don't dynamically block, the same offenders it seems will flood my maillog all day long and all night. I'm thinking FAIL2BAN is what I need, but I'm not certain about the SMTP auth related failures. -- Michael C. Robinson
alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5 html_directory = no inet_interfaces = all inet_protocols = ipv4 mail_owner = postfix mailbox_command = /usr/bin/procmail -a "$EXTENSION" mailbox_size_limit = 0 mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man masquerade_domains = $mydomain message_size_limit = 204800000 milter_default_action = accept milter_protocol = 2 mydestination = localhost.$mydomain, localhost, $mydomain mydomain = robinson-west.com myhostname = goose.robinson-west.com mynetworks = 127.0.0.0/8, 204.122.17.0/24 myorigin = $mydomain newaliases_path = /usr/bin/newaliases.postfix non_smtpd_milters = $smtpd_milters postscreen_access_list = permit_mynetworks, cidr:/etc/postfix/postscreen_access.cidr postscreen_dnsbl_action = enforce postscreen_dnsbl_reply_map = texthash:/etc/postfix/dnsbl_reply postscreen_greet_action = enforce queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES recipient_bcc_maps = hash:/etc/postfix/recipient_bcc relay_domains = relay_recipient_maps = hash:/etc/postfix/relay_recipients relayhost = sample_directory = /usr/share/doc/postfix-2.10.1/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_security_options = noanonymous smtp_tls_note_starttls_offer = yes smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_banner = $myhostname at Eskimo North smtpd_milters = inet:127.0.0.1:8891 smtpd_recipient_restrictions = permit_sasl_authenticated, check_helo_access hash:/etc/postfix/helo_access, reject_unknown_helo_hostname, reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_path = private/auth smtpd_sasl_type = dovecot smtpd_sender_restrictions = reject_unknown_sender_domain smtpd_tls_auth_only = no smtpd_tls_cert_file = /opt/etc/certs/cert/server.crt smtpd_tls_key_file = /opt/etc/certs/private/goose_robinson-west_com_RSA_private_nopass.key smtpd_tls_loglevel = 1 smtpd_tls_protocols = !SSLv2, !SSLv3 smtpd_tls_received_header = yes smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_tls_session_cache_timeout = 3600s smtpd_use_tls = yes soft_bounce = no unknown_local_recipient_reject_code = 550
_______________________________________________ PLUG mailing list PLUG@pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug