i reread the doc i just changed this option smtpd_tls_security_level = may
Le dimanche 24 avril 2011 22:53, Reindl Harald a écrit : > what have "smtp_tls_note_starttls_offer" to do with EHLO/HELO > and what have smtp_*-commands to do with receive? > > why you are using so complex EHLO-restrictions? > the following should be enough! > > smtpd_helo_required = yes > smtpd_helo_restrictions = permit_mynetworks > reject_non_fqdn_helo_hostname > reject_invalid_helo_hostname > reject_unknown_helo_hostname > > Am 24.04.2011 22:37, schrieb fakessh: > > I just changed this option > > > > smtp_tls_note_starttls_offer = may > > > > that it's OK or not OK > > > > thanks > > > > Le dimanche 24 avril 2011 22:10, fakessh a écrit : > >> hello postfix guru > >> hello Wieste and other develloper > >> > >> > >> I already post a question asking for more. > >> > >> how to allow both HELO and EHLO. I currently only accept EHLO and I see > >> that I refuse a lot of legitimate mail > >> > >> > >> my postconf -n > >> > >> r13151 ~]# postconf -n > >> alias_database = hash:/etc/aliases , hash:/etc/postfix/aliases > >> alias_maps = hash:/etc/aliases , hash:/etc/postfix/aliases > >> body_checks = regexp:/etc/postfix/body_checks.cf > >> broken_sasl_auth_clients = yes > >> command_directory = /usr/sbin > >> config_directory = /etc/postfix > >> content_filter = dkimproxy:[127.0.0.1]:10029 > >> daemon_directory = /usr/libexec/postfix > >> data_directory = /var/lib/postfix > >> debug_peer_level = 2 > >> default_privs = nobody > >> default_rbl_reply = $rbl_code Service unavailable; $rbl_class > >> [$rbl_what] blocked using $rbl_domain${rbl_reason?; $rbl_reason} > >> double_bounce_sender = no > >> header_checks = regexp:/etc/postfix/header_checks.cf > >> home_mailbox = Maildir/ > >> html_directory = /usr/share/doc/postfix-2.7.3-documentation/html > >> in_flow_delay = 10 > >> inet_interfaces = all > >> inet_protocols = all > >> local_recipient_maps = unix:passwd.byname $alias_maps > >> mail_owner = postfix > >> mail_spool_directory = /var/spool/mail > >> mailbox_command = /usr/libexec/dovecot/dovecot-lda > >> mailq_path = /usr/bin/mailq.postfix > >> manpage_directory = /usr/share/man > >> message_size_limit = 20480000 > >> milter_command_timeout = 30s > >> milter_connect_macros = j {daemon_name} v > >> milter_connect_timeout = 30s > >> milter_content_timeout = 300s > >> milter_data_macros = i > >> milter_end_of_data_macros = i > >> milter_end_of_header_macros = i > >> milter_helo_macros = {tls_version} {cipher} {cipher_bits} {cert_subject} > >> {cert_issuer} > >> milter_macro_daemon_name = $myhostname > >> milter_macro_v = $mail_name $mail_version > >> milter_mail_macros = i {auth_type} {auth_authen} {auth_author} > >> {mail_addr} milter_protocol = 2 > >> milter_rcpt_macros = i {rcpt_addr} > >> milter_unknown_command_macros = > >> mime_header_checks = regexp:/etc/postfix/mime_header_checks.cf > >> mydestination = $myhostname , localhost.$mydomain, r13151.ovh.net > >> mydomain = r13151.ovh.net > >> mynetworks = 127.0.0.0/8 ,87.98.186.232 , [::1]/128 , > >> [2001:41D0:2:3Dd6::]/64 myorigin = $mydomain > >> newaliases_path = /usr/bin/newaliases.postfix > >> parent_domain_matches_subdomains = > >> queue_directory = /var/spool/postfix > >> queue_run_delay = 200s > >> readme_directory = /usr/share/doc/postfix-2.7.3-documentation/readme > >> recipient_delimiter = + > >> relay_domains = > >> sample_directory = /usr/share/doc/postfix-2.5.4/samples > >> sendmail_path = /usr/sbin/sendmail.postfix > >> setgid_group = postdrop > >> smtp_sasl_security_options = noanonymous > >> smtp_sasl_tls_security_options = noanonymous > >> smtp_sender_dependent_authentication = yes > >> smtp_tls_loglevel = 3 > >> smtp_tls_note_starttls_offer = yes > >> smtp_tls_session_cache_database = > >> btree:/var/lib/postfix/smtp_tls_session_cache > >> smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) > >> smtpd_client_restrictions = permit_mynetworks > >> reject_unknown_reverse_client_hostname reject_unauth_pipelining > >> reject_non_fqdn_recipient check_client_access > >> cidr:/etc/postfix/koreacidr.cidr check_client_access > >> cidr:/etc/postfix/chinacidr.cidr check_helo_access > >> hash:/etc/postfix/access_client check_helo_access > >> hash:/etc/postfix/access_host check_sender_access > >> hash:/etc/postfix/access_client check_sender_access > >> hash:/etc/postfix/access_host check_recipient_access > >> hash:/etc/postfix/access_client check_recipient_access > >> hash:/etc/postfix/access_host check_client_access > >> cidr:/etc/postfix/perso_cidr.cidr check_recipient_access > >> cidr:/etc/postfix/perso_cidr.cidr check_helo_access > >> cidr:/etc/postfix/perso_cidr.cidr check_client_access > >> pcre:/etc/postfix/ptr-tld.pcre check_client_access > >> cidr:/etc/postfix/sinokorea.cidr check_client_access > >> cidr:/etc/postfix/taiwancidr.cidr check_client_access > >> regexp:/etc/postfix/blacklist_clients check_client_access > >> cidr:/etc/postfix/asian-ip.cidr reject_rbl_client relays.orbs.org > >> check_client_access cidr:/etc/postfix/taiwanipblocksreject.cidr > >> check_client_access cidr:/etc/postfix/IN_cidr.cidr check_client_access > >> cidr:/etc/postfix/BR_cidr.cidr check_client_access > >> cidr:/etc/postfix/CN_cidr.cidr check_client_access > >> cidr:/etc/postfix/UA_cidr.cidr check_client_access > >> cidr:/etc/postfix/TR_cidr.cidr check_client_access > >> cidr:/etc/postfix/VE_cidr.cidr check_client_access > >> cidr:/etc/postfix/VN_cidr.cidr permit > >> smtpd_data_restrictions = reject_unauth_pipelining > >> smtpd_helo_restrictions = permit_mynetworks check_helo_access > >> cidr:/etc/postfix/koreacidr.cidr check_helo_access > >> cidr:/etc/postfix/chinacidr.cidr check_helo_access > >> hash:/etc/postfix/access_client check_helo_access > >> hash:/etc/postfix/access_host check_helo_access > >> hash:/etc/postfix/access_client check_helo_access > >> hash:/etc/postfix/access_host check_helo_access > >> hash:/etc/postfix/access_client check_helo_access > >> hash:/etc/postfix/access_host check_helo_access > >> cidr:/etc/postfix/perso_cidr.cidr check_helo_access > >> pcre:/etc/postfix/ptr-tld.pcre check_helo_access > >> cidr:/etc/postfix/sinokorea.cidr check_helo_access > >> cidr:/etc/postfix/taiwancidr.cidr check_helo_access > >> regexp:/etc/postfix/blacklist_clients check_helo_access > >> cidr:/etc/postfix/asian-ip.cidr check_helo_access > >> cidr:/etc/postfix/taiwanipblocksreject.cidr check_helo_access > >> cidr:/etc/postfix/IN_cidr.cidr check_helo_access > >> cidr:/etc/postfix/BR_cidr.cidr check_helo_access > >> cidr:/etc/postfix/CN_cidr.cidr check_helo_access > >> cidr:/etc/postfix/UA_cidr.cidr check_helo_access > >> cidr:/etc/postfix/TR_cidr.cidr check_helo_access > >> cidr:/etc/postfix/VE_cidr.cidr check_helo_access > >> cidr:/etc/postfix/VN_cidr.cidr reject_unauth_pipelining > >> reject_invalid_hostname permit > >> smtpd_milters = unix:/var/spool/MIMEDefang/mimedefang.sock > >> smtpd_recipient_restrictions = permit_mynetworks permit_inet_interfaces > >> permit_sasl_authenticated reject_unverified_recipient > >> reject_non_fqdn_sender reject_non_fqdn_recipient > >> reject_unknown_sender_domain > >> reject_unknown_recipient_domain reject_unknown_reverse_client_hostname > >> reject_unauth_destination reject_unauth_pipelining reject_rbl_client > >> zen.spamhaus.org reject_sender_login_mismatch check_policy_service > >> unix:postgrey/socket reject_rhsbl_sender dbl.spamhaus.org > >> reject_rbl_client bl.spamcop.net reject_rbl_client cbl.abuseat.org > >> reject_rbl_client b.barracudacentral.org check_client_access > >> hash:/etc/postfix/whitelist reject_rhsbl_helo dbl.spamhaus.org > >> reject_rhsbl_client dbl.spamhaus.org reject_unknown_helo_hostname > >> reject_invalid_helo_hostname > >> reject_non_fqdn_helo_hostname check_client_access > >> pcre:/etc/postfix/ptr-tld.pcre check_client_access > >> cidr:/etc/postfix/sinokorea.cidr check_client_access > >> cidr:/etc/postfix/taiwancidr.cidr check_client_access > >> regexp:/etc/postfix/blacklist_clients check_client_access > >> cidr:/etc/postfix/asian-ip.cidr reject_rbl_client relays.orbs.org > >> check_client_access cidr:/etc/postfix/IN_cidr.cidr check_client_access > >> cidr:/etc/postfix/BR_cidr.cidr check_client_access > >> cidr:/etc/postfix/CN_cidr.cidr check_client_access > >> cidr:/etc/postfix/UA_cidr.cidr check_client_access > >> cidr:/etc/postfix/TR_cidr.cidr check_client_access > >> cidr:/etc/postfix/VE_cidr.cidr check_client_access > >> cidr:/etc/postfix/VN_cidr.cidr check_client_access > >> cidr:/etc/postfix/perso_cidr.cidr check_sender_mx_access > >> cidr:/etc/postfix/perso_cidr.cidr check_recipient_mx_access > >> cidr:/etc/postfix/perso_cidr.cidr check_recipient_access > >> cidr:/etc/postfix/perso_cidr.cidr check_helo_access > >> cidr:/etc/postfix/perso_cidr.cidr check_client_access > >> hash:/etc/postfix/access_host check_recipient_mx_access > >> hash:/etc/postfix/access_host check_sender_mx_access > >> hash:/etc/postfix/access_host check_client_access > >> hash:/etc/postfix/access_client check_recipient_access > >> hash:/etc/postfix/access_host check_recipient_access > >> hash:/etc/postfix/access_client check_sender_access > >> hash:/etc/postfix/access_host check_sender_access > >> hash:/etc/postfix/access_client check_helo_access > >> hash:/etc/postfix/access_host check_helo_access > >> hash:/etc/postfix/access_client check_client_access > >> cidr:/etc/postfix/chinacidr.cidr check_client_access > >> cidr:/etc/postfix/koreacidr.cidr reject_rbl_client zen.spamhaus.org > >> reject_rbl_client psbl.surriel.com reject_rhsbl_client dbl.spamhaus.org > >> reject_rhsbl_sender dbl.spamhaus.org reject_rhsbl_helo dbl.spamhaus.org > >> check_policy_service unix:private/spfpolicy > >> smtpd_reject_unlisted_sender = no > >> smtpd_sasl_auth_enable = yes > >> smtpd_sasl_authenticated_header = yes > >> smtpd_sasl_local_domain = $myhostname > >> smtpd_sasl_path = private/auth > >> smtpd_sasl_type = dovecot > >> smtpd_sender_restrictions = reject_unknown_sender_domain > >> smtpd_tls_CAfile = /etc/pki/tls/certs/class3.crt > >> smtpd_tls_ask_ccert = yes > >> smtpd_tls_auth_only = yes > >> smtpd_tls_cert_file = /etc/pki/tls/certs/r13151.ovh.net.cert > >> smtpd_tls_key_file = /etc/pki/tls/private/r13151.ovh.net.key > >> smtpd_tls_received_header = yes > >> smtpd_tls_req_ccert = no > >> smtpd_tls_security_level = may > >> smtpd_tls_session_cache_database = > >> btree:/var/lib/postfix/smtpd_tls_session_cache > >> smtpd_use_tls = yes > >> soft_bounce = no > >> tls_random_source = dev:/dev/urandom > >> unknown_local_recipient_reject_code = 550 > >> virtual_alias_domains = renelacroute.fr , nicolaspichot.fr , fakessh.eu > >> virtual_alias_maps = hash:/etc/postfix/virtual > >> virtual_transport = dovecot -- http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7 gpg --keyserver pgp.mit.edu --recv-key 092164A7
pgpxfs2KdDoiH.pgp
Description: PGP signature