Hi, i am learning/testing Postscreen on Postfix 2.10.1
I read the man page and need a little help understanding this :
This program should not be used on SMTP ports that receive mail from end-user
clients (MUAs). In a typical
deployment, postscreen(8) handles the MX service on TCP port 25,
while MUA clients submit mail via the
submission service on TCP port 587 which requires client authentication.
Alternatively, a site could set
up a dedicated, non-postscreen, "port 25" server that provides
submission service and client authenticaĆ¢[m
tion, but no MX service.
What does "MX service" mean ?
I am not sure how to leverage postscreen for authenticated smtp traffic to my
server over ports 587 and 465, or is that not
what postscreen was meant to handle ?
i changed main.cf and master.cf as advised on www.postfix.org/
POSTSCREEN_README.html#enable
but did not do step #7.
Then did a systemctl reload postfix
I sent test emails with T-bird directly to the server testing port 25,587, and
465 to see what shows up in logs.
Postscreen logs only show up when i send over port 25 as i think they should.
Oct 31 16:03:27 mta5 postfix/postscreen[3944]: CONNECT from
[137.99.80.129]:51476 to [137.99.25.249]:25
Oct 31 16:03:27 mta5 postfix/postscreen[3944]: WHITELISTED [137.99.80.129]:51476
Oct 31 16:03:27 mta5 postfix/smtpd[3945]: connect from
angelo.uits.uconn.edu[137.99.80.129]
Oct 31 16:03:27 mta5 postfix/smtpd[3945]: 61D353000A3A:
client=angelo.uits.uconn.edu[137.99.80.129]
Oct 31 16:03:27 mta5 postfix/cleanup[3968]: 61D353000A3A: warning: header
Subject: new testing from angelo.uits.uconn.edu[137.99.80.129];
from=<[email protected]> to=<[email protected]> proto=ESMTP
helo=<[137.99.80.129]>
Oct 31 16:03:27 mta5 postfix/cleanup[3968]: 61D353000A3A:
message-id=<[email protected]>
Oct 31 16:03:27 mta5 opendkim[1446]: 61D353000A3A: DKIM-Signature field added
(s=dkim1, d=mta5.uits.uconn.edu)
Oct 31 16:03:27 mta5 postfix/qmgr[3936]: 61D353000A3A:
from=<[email protected]>, size=676, nrcpt=1 (queue active)
Oct 31 16:03:27 mta5 postfix/smtpd[3945]: disconnect from
angelo.uits.uconn.edu[137.99.80.129]
Oct 31 16:03:29 mta5 postfix/smtp[3971]: 61D353000A3A:
to=<[email protected]>, orig_to=<[email protected]>,
relay=uconn-mail-onmicrosoft-com.mail.protection.outlook.com[216.32.180.170]:25,
delay=1.9, delays=0.11/0.02/0.05/1.8, dsn=2.6.0, status=sent (250 2.6.0
<[email protected]>
[InternalId=3019362009548, Hostname=BN7PR05MB5859.namprd05.prod.outlook.com]
9969 bytes in 0.262, 37.150 KB/sec Queued mail for delivery)
I guess what i am getting at is, if i only allow port 25 traffic from within my
network via this setting
mynetworks = /etc/postfix/files/mynetwork
/etc/postfix/files/mynetwork contains
137.99.0.0/16
then everything postscreen will ever see will be whitelisted. If i got that
right then, am i not a good use case for using it
and should just keep it off ?
More of my random thoughts:
If i wanna send an email through the server from home i have to use port 587 or
465 and it seems like postscreen is not
part of the equation from this line in master.cf
smtp inet n - n - 1 postscreen
Still trying to wrap my head around if my environment is a good candidate for
using postscreen.....
thanks for any replies.
-ANGELO FAZZINA
ITS Service Manager:
Spam and Virus Prevention
Mass Mailing
G Suite/Gmail
[email protected]
University of Connecticut, ITS, SSG, Server Systems
860-486-9075
