Yeah when I took the server for audit, Postfix was dead and couldn't
start -the config file was (and stil is) in mess.
Nevertheless, accepting SMTP is not the issue at this moment.
The issue is that it seems to be disregarding the policy check.
I have even precompiled it from source yesterday, thinking that it might
be damaged, but no effect...
On 2015-08-02 23:14, Viktor Dukhovni wrote:
On Sun, Aug 02, 2015 at 10:53:35PM +0200, Istvan Prosinger wrote:
smtpd_end_of_data_restrictions = check_policy_service
inet:127.0.0.1:10031
smtpd_recipient_restrictions = check_policy_service
inet:127.0.0.1:10031,
permit_mynetworks, permit_sasl_authenticated,
reject_unauth_destination
With the above configuration, either you never accept any SMTP
email, master.cf contains an override of smtpd_recipient_restrictions
and smtpd_end_of_data_restrictions, or the policy service *is*
used, whether you can convince yourself of that or not.
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_protocols = SSLv3, TLSv1
smtpd_use_tls = yes
Better:
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_security_level = may
