Hello, mail_version = 2.5.5, Dovecot for pop and imap, myqsl as the
auth backend.
I am a little confused about main.cf and master.cf. Is there overlap
in some of the settings? Do some settings exist in both files, or at
least are interchangable? If this is the case, under what conditions
do you decide to do so?
I successfully sent emails through this system as unauthenticated,
authenticated, with tls, and with ssl. This is a migration, and I
would like to have minimal email client settings needing change. My
old server did not have SSL or TLS.
Old Server:
No SSL, No TLS
port 25 = normal inbound, plus smtp auth'd users
port 587 = forced auth'd users
I am willing to disallow user connection to port 25. How do I do
this? In main.cf or master.cf? Right now, I believe I only have this:
[snip... master.cf ]
smtp inet n - n - - smtpd
I believe I need to add a restriction in there to stop clients from
connecting?
For port 587 submission, I want to offer SSL, TLS, and non encrypted
to cover the users who will not want to change their settings. I can
not seem to get this to work, it is either no encryption, or forced
encryption.
[snip... master.cf ]
submission inet n - n - - smtpd
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated
-o milter_macro_daemon_name=ORIGINATING
* Do I even need the milter line?
Port 465, I believe will be reserved exclusively for SSL? Port 587
does the TLS, is that correct? Or is the SSL just wrapping around the
TLS?
[snip... master.cf ]
465 inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
* Do I need this milter line?
In Apple Mail, there are auth options of ntlm, md5 Challenge-Reponse,
Kerberos, and Password. In Thunderbird I notices there are no such
options. Which are used in Thunderbird? What is the best to use, or
is it only applicable if you are choosing to not use SSL/TLS?
I have been pretty up and down the docs, this is somehow not making a
lot of sense. I think once I understand what crosses over in config
from main.cf and master.cf, it will make more sense.
postconf -n
alias_maps = hash:/opt/local/etc/postfix/aliases
biff = no
broken_sasl_auth_clients = yes
command_directory = /opt/local/sbin
config_directory = /opt/local/etc/postfix
daemon_directory = /opt/local/libexec/postfix
data_directory = /opt/local/var/lib/postfix
debug_peer_level = 2
debug_peer_list = 127.0.0.1
default_privs = nobody
disable_vrfy_command = yes
html_directory = no
inet_interfaces = all
invalid_hostname_reject_code = 450
mail_owner = _postfix
mailq_path = /opt/local/bin/mailq
manpage_directory = /opt/local/share/man
maps_rbl_reject_code = 450
message_size_limit = 0
mydestination = localhost
myhostname = catalyst.hostwizard.com
mynetworks = 64.84.37.0/26
newaliases_path = /opt/local/bin/newaliases
non_fqdn_reject_code = 450
queue_directory = /opt/local/var/spool/postfix
readme_directory = /opt/local/share/postfix/readme
sample_directory = /opt/local/share/postfix/sample
sendmail_path = /opt/local/sbin/sendmail
setgid_group = _postdrop
smtp_tls_cert_file = /opt/local/etc/ssl/certs/dovecot.pem
smtp_tls_key_file = /opt/local/etc/ssl/private/dovecot.pem
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:$data_directory/
smtp_tls_session_cache
smtpd_data_restrictions = reject_unauth_pipelining,
reject_multi_recipient_bounce, permit
smtpd_helo_required = yes
smtpd_recipient_restrictions = permit_mynetworks
permit_sasl_authenticated reject_unauth_destination permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_exceptions_networks = $mynetworks
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_tls_ask_ccert = yes
smtpd_tls_cert_file = /opt/local/etc/ssl/certs/postfix.pem
smtpd_tls_key_file = /opt/local/etc/ssl/private/postfix.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:$data_directory/
smtpd_tls_session_cache
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
virtual_alias_maps = mysql:/opt/local/etc/postfix/mysql-virtual-alias-
maps.cf,mysql:/opt/local/etc/postfix/mysql-email2email.cf
virtual_gid_maps = static:5000
virtual_mailbox_base = /opt/local/var/vmail
virtual_mailbox_domains = mysql:/opt/local/etc/postfix/mysql-virtual-
mailbox-domains.cf
virtual_mailbox_maps = mysql:/opt/local/etc/postfix/mysql-virtual-
mailbox-maps.cf
virtual_minimum_uid = static:5000
virtual_transport = dovecot
virtual_uid_maps = static:5000
--
Scott * If you contact me off list replace talklists@ with scott@ *
