Re: only accept EHLO and I see that I refuse a lot of legitimate mail

Sun, 24 Apr 2011 13:47:43 -0700 

Le dimanche 24 avril 2011 22:37, fakessh a écrit :
> I just changed this option
>
> smtp_tls_note_starttls_offer = may
>
> that it's OK or not OK
>
> thanks



i just reread the doc and 
I think he must use
smtpd_tls_security_level = may

it's OK wieste ?

thanks ...

s ///

>
> Le dimanche 24 avril 2011 22:10, fakessh a écrit :
> > hello postfix guru
> > hello Wieste and other develloper
> >
> >
> > I already post a question asking for more.
> >
> > how to allow both HELO and EHLO. I currently only accept EHLO and I see
> > that I refuse a lot of legitimate mail
> >
> >
> > my postconf -n
> >
> > r13151 ~]# postconf -n
> > alias_database = hash:/etc/aliases , hash:/etc/postfix/aliases
> > alias_maps = hash:/etc/aliases , hash:/etc/postfix/aliases
> > body_checks = regexp:/etc/postfix/body_checks.cf
> > broken_sasl_auth_clients = yes
> > command_directory = /usr/sbin
> > config_directory = /etc/postfix
> > content_filter = dkimproxy:[127.0.0.1]:10029
> > daemon_directory = /usr/libexec/postfix
> > data_directory = /var/lib/postfix
> > debug_peer_level = 2
> > default_privs = nobody
> > default_rbl_reply = $rbl_code Service unavailable; $rbl_class [$rbl_what]
> > blocked using $rbl_domain${rbl_reason?; $rbl_reason}
> > double_bounce_sender = no
> > header_checks = regexp:/etc/postfix/header_checks.cf
> > home_mailbox = Maildir/
> > html_directory = /usr/share/doc/postfix-2.7.3-documentation/html
> > in_flow_delay = 10
> > inet_interfaces = all
> > inet_protocols = all
> > local_recipient_maps = unix:passwd.byname $alias_maps
> > mail_owner = postfix
> > mail_spool_directory = /var/spool/mail
> > mailbox_command = /usr/libexec/dovecot/dovecot-lda
> > mailq_path = /usr/bin/mailq.postfix
> > manpage_directory = /usr/share/man
> > message_size_limit = 20480000
> > milter_command_timeout = 30s
> > milter_connect_macros = j {daemon_name} v
> > milter_connect_timeout = 30s
> > milter_content_timeout = 300s
> > milter_data_macros = i
> > milter_end_of_data_macros = i
> > milter_end_of_header_macros = i
> > milter_helo_macros = {tls_version} {cipher} {cipher_bits} {cert_subject}
> > {cert_issuer}
> > milter_macro_daemon_name = $myhostname
> > milter_macro_v = $mail_name $mail_version
> > milter_mail_macros = i {auth_type} {auth_authen} {auth_author}
> > {mail_addr} milter_protocol = 2
> > milter_rcpt_macros = i {rcpt_addr}
> > milter_unknown_command_macros =
> > mime_header_checks = regexp:/etc/postfix/mime_header_checks.cf
> > mydestination = $myhostname , localhost.$mydomain, r13151.ovh.net
> > mydomain = r13151.ovh.net
> > mynetworks = 127.0.0.0/8 ,87.98.186.232 , [::1]/128 ,
> > [2001:41D0:2:3Dd6::]/64 myorigin = $mydomain
> > newaliases_path = /usr/bin/newaliases.postfix
> > parent_domain_matches_subdomains =
> > queue_directory = /var/spool/postfix
> > queue_run_delay = 200s
> > readme_directory = /usr/share/doc/postfix-2.7.3-documentation/readme
> > recipient_delimiter = +
> > relay_domains =
> > sample_directory = /usr/share/doc/postfix-2.5.4/samples
> > sendmail_path = /usr/sbin/sendmail.postfix
> > setgid_group = postdrop
> > smtp_sasl_security_options = noanonymous
> > smtp_sasl_tls_security_options = noanonymous
> > smtp_sender_dependent_authentication = yes
> > smtp_tls_loglevel = 3
> > smtp_tls_note_starttls_offer = yes
> > smtp_tls_session_cache_database =
> > btree:/var/lib/postfix/smtp_tls_session_cache
> > smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
> > smtpd_client_restrictions = permit_mynetworks
> > reject_unknown_reverse_client_hostname reject_unauth_pipelining
> > reject_non_fqdn_recipient check_client_access
> > cidr:/etc/postfix/koreacidr.cidr check_client_access
> > cidr:/etc/postfix/chinacidr.cidr check_helo_access
> > hash:/etc/postfix/access_client check_helo_access
> > hash:/etc/postfix/access_host  check_sender_access
> > hash:/etc/postfix/access_client check_sender_access
> > hash:/etc/postfix/access_host check_recipient_access
> > hash:/etc/postfix/access_client check_recipient_access
> > hash:/etc/postfix/access_host check_client_access
> > cidr:/etc/postfix/perso_cidr.cidr check_recipient_access
> > cidr:/etc/postfix/perso_cidr.cidr check_helo_access
> > cidr:/etc/postfix/perso_cidr.cidr check_client_access
> > pcre:/etc/postfix/ptr-tld.pcre check_client_access
> > cidr:/etc/postfix/sinokorea.cidr check_client_access
> > cidr:/etc/postfix/taiwancidr.cidr  check_client_access
> > regexp:/etc/postfix/blacklist_clients  check_client_access
> > cidr:/etc/postfix/asian-ip.cidr  reject_rbl_client relays.orbs.org
> > check_client_access cidr:/etc/postfix/taiwanipblocksreject.cidr
> > check_client_access cidr:/etc/postfix/IN_cidr.cidr check_client_access
> > cidr:/etc/postfix/BR_cidr.cidr check_client_access
> > cidr:/etc/postfix/CN_cidr.cidr check_client_access
> > cidr:/etc/postfix/UA_cidr.cidr check_client_access
> > cidr:/etc/postfix/TR_cidr.cidr  check_client_access
> > cidr:/etc/postfix/VE_cidr.cidr check_client_access
> > cidr:/etc/postfix/VN_cidr.cidr   permit
> > smtpd_data_restrictions = reject_unauth_pipelining
> > smtpd_helo_restrictions = permit_mynetworks check_helo_access
> > cidr:/etc/postfix/koreacidr.cidr check_helo_access
> > cidr:/etc/postfix/chinacidr.cidr check_helo_access
> > hash:/etc/postfix/access_client check_helo_access
> > hash:/etc/postfix/access_host  check_helo_access
> > hash:/etc/postfix/access_client check_helo_access
> > hash:/etc/postfix/access_host check_helo_access
> > hash:/etc/postfix/access_client check_helo_access
> > hash:/etc/postfix/access_host check_helo_access
> > cidr:/etc/postfix/perso_cidr.cidr check_helo_access
> > pcre:/etc/postfix/ptr-tld.pcre check_helo_access
> > cidr:/etc/postfix/sinokorea.cidr check_helo_access
> > cidr:/etc/postfix/taiwancidr.cidr  check_helo_access
> > regexp:/etc/postfix/blacklist_clients  check_helo_access
> > cidr:/etc/postfix/asian-ip.cidr  check_helo_access
> > cidr:/etc/postfix/taiwanipblocksreject.cidr  check_helo_access
> > cidr:/etc/postfix/IN_cidr.cidr check_helo_access
> > cidr:/etc/postfix/BR_cidr.cidr check_helo_access
> > cidr:/etc/postfix/CN_cidr.cidr check_helo_access
> > cidr:/etc/postfix/UA_cidr.cidr check_helo_access
> > cidr:/etc/postfix/TR_cidr.cidr  check_helo_access
> > cidr:/etc/postfix/VE_cidr.cidr check_helo_access
> > cidr:/etc/postfix/VN_cidr.cidr  reject_unauth_pipelining
> > reject_invalid_hostname  permit
> > smtpd_milters = unix:/var/spool/MIMEDefang/mimedefang.sock
> > smtpd_recipient_restrictions = permit_mynetworks  permit_inet_interfaces
> > permit_sasl_authenticated  reject_unverified_recipient
> > reject_non_fqdn_sender reject_non_fqdn_recipient
> > reject_unknown_sender_domain
> > reject_unknown_recipient_domain reject_unknown_reverse_client_hostname
> > reject_unauth_destination reject_unauth_pipelining reject_rbl_client
> > zen.spamhaus.org reject_sender_login_mismatch check_policy_service
> > unix:postgrey/socket reject_rhsbl_sender dbl.spamhaus.org
> > reject_rbl_client bl.spamcop.net  reject_rbl_client cbl.abuseat.org 
> > reject_rbl_client b.barracudacentral.org check_client_access
> > hash:/etc/postfix/whitelist reject_rhsbl_helo dbl.spamhaus.org 
> > reject_rhsbl_client dbl.spamhaus.org reject_unknown_helo_hostname
> > reject_invalid_helo_hostname
> > reject_non_fqdn_helo_hostname  check_client_access
> > pcre:/etc/postfix/ptr-tld.pcre check_client_access
> > cidr:/etc/postfix/sinokorea.cidr check_client_access
> > cidr:/etc/postfix/taiwancidr.cidr  check_client_access
> > regexp:/etc/postfix/blacklist_clients  check_client_access
> > cidr:/etc/postfix/asian-ip.cidr  reject_rbl_client relays.orbs.org
> > check_client_access cidr:/etc/postfix/IN_cidr.cidr check_client_access
> > cidr:/etc/postfix/BR_cidr.cidr check_client_access
> > cidr:/etc/postfix/CN_cidr.cidr check_client_access
> > cidr:/etc/postfix/UA_cidr.cidr check_client_access
> > cidr:/etc/postfix/TR_cidr.cidr  check_client_access
> > cidr:/etc/postfix/VE_cidr.cidr check_client_access
> > cidr:/etc/postfix/VN_cidr.cidr  check_client_access
> > cidr:/etc/postfix/perso_cidr.cidr check_sender_mx_access
> > cidr:/etc/postfix/perso_cidr.cidr check_recipient_mx_access
> > cidr:/etc/postfix/perso_cidr.cidr  check_recipient_access
> > cidr:/etc/postfix/perso_cidr.cidr check_helo_access
> > cidr:/etc/postfix/perso_cidr.cidr  check_client_access
> > hash:/etc/postfix/access_host check_recipient_mx_access
> > hash:/etc/postfix/access_host check_sender_mx_access
> > hash:/etc/postfix/access_host  check_client_access
> > hash:/etc/postfix/access_client check_recipient_access
> > hash:/etc/postfix/access_host check_recipient_access
> > hash:/etc/postfix/access_client check_sender_access
> > hash:/etc/postfix/access_host check_sender_access
> > hash:/etc/postfix/access_client check_helo_access
> > hash:/etc/postfix/access_host  check_helo_access
> > hash:/etc/postfix/access_client  check_client_access
> > cidr:/etc/postfix/chinacidr.cidr check_client_access
> > cidr:/etc/postfix/koreacidr.cidr reject_rbl_client zen.spamhaus.org
> > reject_rbl_client psbl.surriel.com reject_rhsbl_client dbl.spamhaus.org
> > reject_rhsbl_sender dbl.spamhaus.org reject_rhsbl_helo dbl.spamhaus.org
> > check_policy_service unix:private/spfpolicy
> > smtpd_reject_unlisted_sender = no
> > smtpd_sasl_auth_enable = yes
> > smtpd_sasl_authenticated_header = yes
> > smtpd_sasl_local_domain = $myhostname
> > smtpd_sasl_path = private/auth
> > smtpd_sasl_type = dovecot
> > smtpd_sender_restrictions = reject_unknown_sender_domain
> > smtpd_tls_CAfile = /etc/pki/tls/certs/class3.crt
> > smtpd_tls_ask_ccert = yes
> > smtpd_tls_auth_only = yes
> > smtpd_tls_cert_file = /etc/pki/tls/certs/r13151.ovh.net.cert
> > smtpd_tls_key_file = /etc/pki/tls/private/r13151.ovh.net.key
> > smtpd_tls_received_header = yes
> > smtpd_tls_req_ccert = no
> > smtpd_tls_security_level = may
> > smtpd_tls_session_cache_database =
> > btree:/var/lib/postfix/smtpd_tls_session_cache
> > smtpd_use_tls = yes
> > soft_bounce = no
> > tls_random_source = dev:/dev/urandom
> > unknown_local_recipient_reject_code = 550
> > virtual_alias_domains = renelacroute.fr , nicolaspichot.fr , fakessh.eu
> > virtual_alias_maps = hash:/etc/postfix/virtual
> > virtual_transport = dovecot

-- 
 http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7
 gpg --keyserver pgp.mit.edu --recv-key 092164A7

Attachment: pgpvgJAomPK5b.pgp
Description: PGP signature

Reply via email to