On 21-02-13 15:50, Wietse Venema wrote: > Erik Slagter: >> I tried another variant: >> >> 192.168.0.1:smtp inet ... postscreen >> -o options... >> >> 192.168.0.1:pass inet ... smtpd >> -o options... > > If you don't show the exact options and the exact logging > then no-one can say what mistake YOU are making.
Okay, I didn't post the complete master.cf because I thought it wouldn't be necessary, so here it comes. This is the "plain" version that works, without postscreen enabled. If somebody can explain to me how to transform this into something working with postscreen enabled AND TLS working on the outside interface (ppp0, ipv4 and ipv6), I'd be very grateful, but really I've tried various approaches without luck. Postscreen on itself is working fine, btw. # ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # ========================================================================== #smtp inet n - n - 1 smtpd #smtp inet n - n - 1 postscreen #smtpd pass - - n - - smtpd #dnsblog unix - - n - 0 dnsblog #tlsproxy unix - - n - 0 tlsproxy # # outside -> inside # postfix(25) -> amavis(10025) # mx1.ipv4.slagter.name:smtp inet n - n - 2 smtpd -o myhostname=eriks.xs4all.nl -o smtpd_banner=mx1.slagter.name-ESMTP-$mail_name-mx1-ppp0-ipv4-25 -o smtpd_tls_security_level=may -o postscreen_tls_security_level=may -o tlsproxy_tls_security_level=may -o smtpd_proxy_filter=nemesis.ipv4:10025 -o soft_bounce=no -o postscreen_cache_map=btree:$data_directory/postscreen_cache-ipv4 mx1.ipv6.slagter.name:smtp inet n - n - 2 smtpd -o myhostname=mx1.ipv6.slagter.name -o smtpd_banner=mx1.slagter.name-ESMTP-$mail_name-mx1-ppp0-ipv6-25 -o smtpd_tls_security_level=may -o postscreen_tls_security_level=may -o tlsproxy_tls_security_level=may -o smtpd_proxy_filter=nemesis.ipv4:10025 -o soft_bounce=no -o postscreen_cache_map=btree:$data_directory/postscreen_cache-ipv6 # # amavis(10025) -> postfix(10026) # nemesis.ipv4:10026 inet n - n - 2 smtpd -o smtpd_recipient_restrictions=permit_mynetworks,reject -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks -o body_checks= -o header_checks= -o myhostname=nemesis.slagter.name -o smtp_helo_name=nemesis.slagter.name -o smtpd_banner=nemesis.slagter.name-ESMTP-$mail_name-lo-ipv4-10026 -o smtpd_client_restrictions= -o smtpd_authorized_xforward_hosts=10.1.1.1 # # postfix(25) -> dkimproxy(11025) # nemesis.ipv4:smtp inet n - n - 2 smtpd -o smtpd_recipient_restrictions=permit_mynetworks,reject -o body_checks= -o header_checks= -o myhostname=nemesis.slagter.name -o smtp_helo_name=nemesis.slagter.name -o smtpd_banner=nemesis.slagter.name-ESMTP-$mail_name-eth0-ipv4-25 -o mynetworks=127.0.0.0/8 -o smtpd_proxy_filter=nemesis.ipv4:11025 nemesis.ipv6:smtp inet n - n - 2 smtpd -o smtpd_recipient_restrictions=permit_mynetworks,reject -o body_checks= -o header_checks= -o myhostname=nemesis.slagter.name -o smtp_helo_name=nemesis.slagter.name -o smtpd_banner=nemesis.slagter.name-ESMTP-$mail_name-eth0-ipv6-25 -o smtpd_proxy_filter=nemesis.ipv4:11025 # # dkimproxy(11025) -> postfix(11026) # nemesis.ipv4:11026 inet n - n - 2 smtpd -o smtpd_recipient_restrictions=permit_mynetworks,reject -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks -o body_checks= -o header_checks= -o myhostname=nemesis.slagter.name -o smtp_helo_name=nemesis.slagter.name -o smtpd_banner=nemesis.slagter.name-ESMTP-$mail_name-lo-ipv4-11026 -o smtpd_client_restrictions= -o smtpd_authorized_xforward_hosts=10.1.1.1 # # locally generated # #localhost.ipv4:smtp inet n - n - - postscreen localhost.ipv4:smtp inet n - n - - smtpd -o smtpd_recipient_restrictions=permit_mynetworks,reject -o body_checks= -o header_checks= -o myhostname=nemesis.slagter.name -o smtp_helo_name=nemesis.slagter.name -o smtpd_banner=nemesis.slagter.name-ESMTP-$mail_name-lo-ipv4-25 -o mynetworks=127.0.0.0/8 #nemesis.ipv4:smtp inet n - n - - postscreen nemesis.ipv4:smtp inet n - n - - smtpd -o smtpd_recipient_restrictions=permit_mynetworks,reject -o body_checks= -o header_checks= -o myhostname=nemesis.slagter.name -o smtp_helo_name=nemesis.slagter.name -o smtpd_banner=nemesis.slagter.name-ESMTP-$mail_name-vlan2-alt-ipv4-25 -o mynetworks=10.0.2.0/24 ::1:smtp inet n - n - - smtpd -o smtpd_recipient_restrictions=permit_mynetworks,reject -o body_checks= -o header_checks= -o myhostname=nemesis.slagter.name -o smtp_helo_name=nemesis.slagter.name -o smtpd_banner=nemesis.slagter.name-ESMTP-$mail_name-lo-ipv6-25 pickup fifo n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr fifo n - n 300 1 qmgr tlsmgr unix - - n 1000? 1 tlsmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verify unix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap smtp unix - - n - - smtp relay unix - - n - - smtp -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 showq unix n - n - - showq error unix - - n - - error local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil smtp-inside unix - - n - - smtp -o myhostname=nemesis.slagter.name -o smtp_helo_name=nemesis.slagter.name -o smtp_bind_address6=2001:980:5fef:1::1 smtp-default unix - - n - - smtp -o myhostname=eriks.xs4all.nl -o smtp_helo_name=eriks.xs4all.nl -o smtp_bind_address6=2001:980:5fef::1 -o smtp_tls_security_level=may
smime.p7s
Description: S/MIME Cryptographic Signature