Le dimanche 24 avril 2011 22:37, fakessh a écrit : > I just changed this option > > smtp_tls_note_starttls_offer = may > > that it's OK or not OK > > thanks
i just reread the doc and I think he must use smtpd_tls_security_level = may it's OK wieste ? thanks ... s /// > > Le dimanche 24 avril 2011 22:10, fakessh a écrit : > > hello postfix guru > > hello Wieste and other develloper > > > > > > I already post a question asking for more. > > > > how to allow both HELO and EHLO. I currently only accept EHLO and I see > > that I refuse a lot of legitimate mail > > > > > > my postconf -n > > > > r13151 ~]# postconf -n > > alias_database = hash:/etc/aliases , hash:/etc/postfix/aliases > > alias_maps = hash:/etc/aliases , hash:/etc/postfix/aliases > > body_checks = regexp:/etc/postfix/body_checks.cf > > broken_sasl_auth_clients = yes > > command_directory = /usr/sbin > > config_directory = /etc/postfix > > content_filter = dkimproxy:[127.0.0.1]:10029 > > daemon_directory = /usr/libexec/postfix > > data_directory = /var/lib/postfix > > debug_peer_level = 2 > > default_privs = nobody > > default_rbl_reply = $rbl_code Service unavailable; $rbl_class [$rbl_what] > > blocked using $rbl_domain${rbl_reason?; $rbl_reason} > > double_bounce_sender = no > > header_checks = regexp:/etc/postfix/header_checks.cf > > home_mailbox = Maildir/ > > html_directory = /usr/share/doc/postfix-2.7.3-documentation/html > > in_flow_delay = 10 > > inet_interfaces = all > > inet_protocols = all > > local_recipient_maps = unix:passwd.byname $alias_maps > > mail_owner = postfix > > mail_spool_directory = /var/spool/mail > > mailbox_command = /usr/libexec/dovecot/dovecot-lda > > mailq_path = /usr/bin/mailq.postfix > > manpage_directory = /usr/share/man > > message_size_limit = 20480000 > > milter_command_timeout = 30s > > milter_connect_macros = j {daemon_name} v > > milter_connect_timeout = 30s > > milter_content_timeout = 300s > > milter_data_macros = i > > milter_end_of_data_macros = i > > milter_end_of_header_macros = i > > milter_helo_macros = {tls_version} {cipher} {cipher_bits} {cert_subject} > > {cert_issuer} > > milter_macro_daemon_name = $myhostname > > milter_macro_v = $mail_name $mail_version > > milter_mail_macros = i {auth_type} {auth_authen} {auth_author} > > {mail_addr} milter_protocol = 2 > > milter_rcpt_macros = i {rcpt_addr} > > milter_unknown_command_macros = > > mime_header_checks = regexp:/etc/postfix/mime_header_checks.cf > > mydestination = $myhostname , localhost.$mydomain, r13151.ovh.net > > mydomain = r13151.ovh.net > > mynetworks = 127.0.0.0/8 ,87.98.186.232 , [::1]/128 , > > [2001:41D0:2:3Dd6::]/64 myorigin = $mydomain > > newaliases_path = /usr/bin/newaliases.postfix > > parent_domain_matches_subdomains = > > queue_directory = /var/spool/postfix > > queue_run_delay = 200s > > readme_directory = /usr/share/doc/postfix-2.7.3-documentation/readme > > recipient_delimiter = + > > relay_domains = > > sample_directory = /usr/share/doc/postfix-2.5.4/samples > > sendmail_path = /usr/sbin/sendmail.postfix > > setgid_group = postdrop > > smtp_sasl_security_options = noanonymous > > smtp_sasl_tls_security_options = noanonymous > > smtp_sender_dependent_authentication = yes > > smtp_tls_loglevel = 3 > > smtp_tls_note_starttls_offer = yes > > smtp_tls_session_cache_database = > > btree:/var/lib/postfix/smtp_tls_session_cache > > smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) > > smtpd_client_restrictions = permit_mynetworks > > reject_unknown_reverse_client_hostname reject_unauth_pipelining > > reject_non_fqdn_recipient check_client_access > > cidr:/etc/postfix/koreacidr.cidr check_client_access > > cidr:/etc/postfix/chinacidr.cidr check_helo_access > > hash:/etc/postfix/access_client check_helo_access > > hash:/etc/postfix/access_host check_sender_access > > hash:/etc/postfix/access_client check_sender_access > > hash:/etc/postfix/access_host check_recipient_access > > hash:/etc/postfix/access_client check_recipient_access > > hash:/etc/postfix/access_host check_client_access > > cidr:/etc/postfix/perso_cidr.cidr check_recipient_access > > cidr:/etc/postfix/perso_cidr.cidr check_helo_access > > cidr:/etc/postfix/perso_cidr.cidr check_client_access > > pcre:/etc/postfix/ptr-tld.pcre check_client_access > > cidr:/etc/postfix/sinokorea.cidr check_client_access > > cidr:/etc/postfix/taiwancidr.cidr check_client_access > > regexp:/etc/postfix/blacklist_clients check_client_access > > cidr:/etc/postfix/asian-ip.cidr reject_rbl_client relays.orbs.org > > check_client_access cidr:/etc/postfix/taiwanipblocksreject.cidr > > check_client_access cidr:/etc/postfix/IN_cidr.cidr check_client_access > > cidr:/etc/postfix/BR_cidr.cidr check_client_access > > cidr:/etc/postfix/CN_cidr.cidr check_client_access > > cidr:/etc/postfix/UA_cidr.cidr check_client_access > > cidr:/etc/postfix/TR_cidr.cidr check_client_access > > cidr:/etc/postfix/VE_cidr.cidr check_client_access > > cidr:/etc/postfix/VN_cidr.cidr permit > > smtpd_data_restrictions = reject_unauth_pipelining > > smtpd_helo_restrictions = permit_mynetworks check_helo_access > > cidr:/etc/postfix/koreacidr.cidr check_helo_access > > cidr:/etc/postfix/chinacidr.cidr check_helo_access > > hash:/etc/postfix/access_client check_helo_access > > hash:/etc/postfix/access_host check_helo_access > > hash:/etc/postfix/access_client check_helo_access > > hash:/etc/postfix/access_host check_helo_access > > hash:/etc/postfix/access_client check_helo_access > > hash:/etc/postfix/access_host check_helo_access > > cidr:/etc/postfix/perso_cidr.cidr check_helo_access > > pcre:/etc/postfix/ptr-tld.pcre check_helo_access > > cidr:/etc/postfix/sinokorea.cidr check_helo_access > > cidr:/etc/postfix/taiwancidr.cidr check_helo_access > > regexp:/etc/postfix/blacklist_clients check_helo_access > > cidr:/etc/postfix/asian-ip.cidr check_helo_access > > cidr:/etc/postfix/taiwanipblocksreject.cidr check_helo_access > > cidr:/etc/postfix/IN_cidr.cidr check_helo_access > > cidr:/etc/postfix/BR_cidr.cidr check_helo_access > > cidr:/etc/postfix/CN_cidr.cidr check_helo_access > > cidr:/etc/postfix/UA_cidr.cidr check_helo_access > > cidr:/etc/postfix/TR_cidr.cidr check_helo_access > > cidr:/etc/postfix/VE_cidr.cidr check_helo_access > > cidr:/etc/postfix/VN_cidr.cidr reject_unauth_pipelining > > reject_invalid_hostname permit > > smtpd_milters = unix:/var/spool/MIMEDefang/mimedefang.sock > > smtpd_recipient_restrictions = permit_mynetworks permit_inet_interfaces > > permit_sasl_authenticated reject_unverified_recipient > > reject_non_fqdn_sender reject_non_fqdn_recipient > > reject_unknown_sender_domain > > reject_unknown_recipient_domain reject_unknown_reverse_client_hostname > > reject_unauth_destination reject_unauth_pipelining reject_rbl_client > > zen.spamhaus.org reject_sender_login_mismatch check_policy_service > > unix:postgrey/socket reject_rhsbl_sender dbl.spamhaus.org > > reject_rbl_client bl.spamcop.net reject_rbl_client cbl.abuseat.org > > reject_rbl_client b.barracudacentral.org check_client_access > > hash:/etc/postfix/whitelist reject_rhsbl_helo dbl.spamhaus.org > > reject_rhsbl_client dbl.spamhaus.org reject_unknown_helo_hostname > > reject_invalid_helo_hostname > > reject_non_fqdn_helo_hostname check_client_access > > pcre:/etc/postfix/ptr-tld.pcre check_client_access > > cidr:/etc/postfix/sinokorea.cidr check_client_access > > cidr:/etc/postfix/taiwancidr.cidr check_client_access > > regexp:/etc/postfix/blacklist_clients check_client_access > > cidr:/etc/postfix/asian-ip.cidr reject_rbl_client relays.orbs.org > > check_client_access cidr:/etc/postfix/IN_cidr.cidr check_client_access > > cidr:/etc/postfix/BR_cidr.cidr check_client_access > > cidr:/etc/postfix/CN_cidr.cidr check_client_access > > cidr:/etc/postfix/UA_cidr.cidr check_client_access > > cidr:/etc/postfix/TR_cidr.cidr check_client_access > > cidr:/etc/postfix/VE_cidr.cidr check_client_access > > cidr:/etc/postfix/VN_cidr.cidr check_client_access > > cidr:/etc/postfix/perso_cidr.cidr check_sender_mx_access > > cidr:/etc/postfix/perso_cidr.cidr check_recipient_mx_access > > cidr:/etc/postfix/perso_cidr.cidr check_recipient_access > > cidr:/etc/postfix/perso_cidr.cidr check_helo_access > > cidr:/etc/postfix/perso_cidr.cidr check_client_access > > hash:/etc/postfix/access_host check_recipient_mx_access > > hash:/etc/postfix/access_host check_sender_mx_access > > hash:/etc/postfix/access_host check_client_access > > hash:/etc/postfix/access_client check_recipient_access > > hash:/etc/postfix/access_host check_recipient_access > > hash:/etc/postfix/access_client check_sender_access > > hash:/etc/postfix/access_host check_sender_access > > hash:/etc/postfix/access_client check_helo_access > > hash:/etc/postfix/access_host check_helo_access > > hash:/etc/postfix/access_client check_client_access > > cidr:/etc/postfix/chinacidr.cidr check_client_access > > cidr:/etc/postfix/koreacidr.cidr reject_rbl_client zen.spamhaus.org > > reject_rbl_client psbl.surriel.com reject_rhsbl_client dbl.spamhaus.org > > reject_rhsbl_sender dbl.spamhaus.org reject_rhsbl_helo dbl.spamhaus.org > > check_policy_service unix:private/spfpolicy > > smtpd_reject_unlisted_sender = no > > smtpd_sasl_auth_enable = yes > > smtpd_sasl_authenticated_header = yes > > smtpd_sasl_local_domain = $myhostname > > smtpd_sasl_path = private/auth > > smtpd_sasl_type = dovecot > > smtpd_sender_restrictions = reject_unknown_sender_domain > > smtpd_tls_CAfile = /etc/pki/tls/certs/class3.crt > > smtpd_tls_ask_ccert = yes > > smtpd_tls_auth_only = yes > > smtpd_tls_cert_file = /etc/pki/tls/certs/r13151.ovh.net.cert > > smtpd_tls_key_file = /etc/pki/tls/private/r13151.ovh.net.key > > smtpd_tls_received_header = yes > > smtpd_tls_req_ccert = no > > smtpd_tls_security_level = may > > smtpd_tls_session_cache_database = > > btree:/var/lib/postfix/smtpd_tls_session_cache > > smtpd_use_tls = yes > > soft_bounce = no > > tls_random_source = dev:/dev/urandom > > unknown_local_recipient_reject_code = 550 > > virtual_alias_domains = renelacroute.fr , nicolaspichot.fr , fakessh.eu > > virtual_alias_maps = hash:/etc/postfix/virtual > > virtual_transport = dovecot -- http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7 gpg --keyserver pgp.mit.edu --recv-key 092164A7
pgpvgJAomPK5b.pgp
Description: PGP signature