On 8 June 2016 at 11:24, Catalin Muresan <catalin.mure...@gmail.com> wrote:
> > > On 7 June 2016 at 23:35, Catalin Bucur <c...@geniusnet.ro> wrote: > >> Salutare, >> >> >> Se da: >> # cat /etc/centos-release >> CentOS Linux release 7.2.1511 (Core) >> # uname -a >> Linux mail 3.10.0-327.10.1.el7.x86_64 #1 SMP Tue Feb 16 17:03:50 UTC >> 2016 x86_64 x86_64 x86_64 GNU/Linux >> # rpm -qa|grep postfix >> postfix-2.10.1-6.el7.x86_64 >> >> In main.cf am diverse restrictii obisnuite: >> smtpd_client_restrictions = hash:/etc/postfix/access, >> permit_mynetworks, >> permit_sasl_authenticated, >> reject_rbl_client zen.spamhaus.org, >> reject_rbl_client bl.spamcop.net, [etc] >> >> Ideea e ca pentru trimiterea de mailuri (prin portul de submission de >> exemplu) sa nu faca verificarile de mai sus. Daca ma autentific sa fie >> de ajuns sa accepte mailul si sa-l trimita, fara sa ma streseze de >> exemplu ca ip-ul public de la care trimit este prin vreun blacklist. In >> master.cf am facut asa: >> >> submission inet n - n - - smtpd >> -o syslog_name=postfix/submission >> -o smtpd_etrn_restrictions=reject >> -o smtpd_sasl_auth_enable=yes >> -o receive_override_options=no_address_mappings >> -o >> >> smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject >> -o >> >> smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject >> > > ce nu vad e TLS enabled, la submission trebuie sa ai ceva de genul: > > -o smtpd_enforce_tls=yes > > si probabil ai ceva de genul: > > smtpd_sasl_security_options = noanonymous, noplaintext > smtpd_sasl_tls_security_options = noanonymous > sau poate ca ai (mult mai plauzibil pentru ca e cam default prin toate exemplele): smtpd_tls_auth_only = yes Oricum e simplu de verificat, daca dai telnet mail.server.com 587 nu ar trebui sa vezi AUTH decit dupa ce conexiunea e SSL. 220 mail ESMTP Postfix ehlo me 250-mail 250-PIPELINING 250-SIZE 204800000 250-VRFY 250-ETRN *250-STARTTLS* 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN [cata@lemon ~]$ openssl s_client -connect mail:587 -starttls smtp CONNECTED(00000003) ...... ...... 250 DSN ehlo me 250-mail 250-PIPELINING 250-SIZE 204800000 250-VRFY 250-ETRN *250-AUTH PLAIN LOGIN* *250-AUTH=PLAIN LOGIN* 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN > care nu permite sasl auth decit pe encrypted connections ceea ce duce la > reject. > > pune 'postconf |grep smtpd_sasl' undeva. Sau grep smtpd_. > > > >> >> Si chiar vad procesul de postfix pentru submission pornit ca atare: >> >> postfix 6717 0.0 0.1 106752 5780 ? S 01:20 0:00 \_ >> smtpd -n submission -t inet -u -o stress= -s 2 -o >> syslog_name=postfix/submission -o smtpd_etrn_restrictions=reject -o >> smtpd_sasl_auth_enable=yes -o >> receive_override_options=no_address_mappings -o >> >> smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject >> -o >> >> smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject >> >> In schimb cand incerc sa trimit mail: >> >> Jun 8 01:17:16 mail postfix/submission/smtpd[6260]: connect from >> unknown[213.233.85.145] >> Jun 8 01:17:16 mail postfix/submission/smtpd[6260]: NOQUEUE: reject: >> CONNECT from unknown[213.233.85.145]: 554 5.7.1 >> <unknown[213.233.85.145]>: Client host rejected: Access denied; proto=SMTP >> Jun 8 01:17:47 mail postfix/submission/smtpd[6276]: connect from >> unknown[213.233.85.145] >> Jun 8 01:17:47 mail postfix/submission/smtpd[6276]: NOQUEUE: reject: >> CONNECT from unknown[213.233.85.145]: 554 5.7.1 >> <unknown[213.233.85.145]>: Client host rejected: Access denied; proto=SMTP >> Jun 8 01:18:17 mail postfix/submission/smtpd[6276]: lost connection >> after UNKNOWN from unknown[213.233.85.145] >> Jun 8 01:18:17 mail postfix/submission/smtpd[6276]: disconnect from >> unknown[213.233.85.145] >> > > ce e mai jos e smtpd nu submission. > > >> Jun 8 01:18:18 mail postfix/smtpd[6315]: connect from >> unknown[213.233.85.145] >> Jun 8 01:18:38 mail postfix/smtpd[6315]: NOQUEUE: reject: CONNECT from >> unknown[213.233.85.145]: 554 5.7.1 Service unavailable; Client host >> [213.233.85.145] blocked using zen.spamhaus.org; >> https://www.spamhaus.org/query/ip/213.233.85.145; proto=SMTP >> >> Din teorie, ce scrie in master.cf face override la ce e in main.cf dar >> la mine nu :-) Imi scapa ceva, dar nu stiu ce, asa ca daca aveti vreo >> idee... >> >> >> Mersi, >> >> -- >> Catalin Bucur >> >> _______________________________________________ >> RLUG mailing list >> RLUG@lists.lug.ro >> http://lists.lug.ro/mailman/listinfo/rlug >> > > _______________________________________________ RLUG mailing list RLUG@lists.lug.ro http://lists.lug.ro/mailman/listinfo/rlug
