Re: Problem with Zen filtering legit e-mail
Roland Plüss a écrit : mouss wrote: Roland Plüss a écrit : I guess in this case I should once upon time pay Dovecot a visit. I need only auth for SMTP/IMAP. LMTP I don't use so it's not a blocker there. you apparently didn't get it: - if you only need to authenticate TO YOUR postfix, then dovecot is a good choice. This happens when your mailer connects to postfix. - if you need your postfix to authenticate TO OTHER smtp servers, then you need cyrus-sasl. In short, dovecot doesn't support client side SASL. see the SASL README for more. Nah, it's only for client to my postfix. No need for postfix to auth to other smtp servers. so dovecot sasl is a good choice. Unless this would be somehow usefull or would prevent problems. some people need this if they relay via their ISP/MSP and the latter requires authentication.
Re: Problem with Zen filtering legit e-mail
Bill Cole wrote: Roland Plüss wrote, On 1/13/09 9:47 AM: Brian Evans - Postfix List wrote: [...] Gentoo is not the issue, however the different SASL implementations can be an interesting experiment to get working. Dovecot SASL is easier, IMO, to setup and configure and you can disable the IMAP services from starting simply enough. Hm... I tried Cyrus so far. What's the difference between the two except the configuration? 1. Dovecot SASL is a free-standing authentication daemon rather than libraries that have to be linked into Postfix, which eliminates the opportunity for failure from having a mismatch between the libraries used to build Postfix and the ones in place at run time. 2. Dovecot only provides authentication for the SMTP server side of Postfix, so if you need to have the SMTP or LMTP client parts of Postfix authenticate themselves to a server, Cyrus is your only choice. And the config difference is a significant one. A SASL implementation that one cannot figure out how to configure has absolutely no functionality. It is also possible to configure Cyrus functionally but very insecurely, which is likely to be more difficult to accomplish with Dovecot. I guess in this case I should once upon time pay Dovecot a visit. I need only auth for SMTP/IMAP. LMTP I don't use so it's not a blocker there. -- Yours sincerely Plüss Roland signature.asc Description: OpenPGP digital signature
Re: Problem with Zen filtering legit e-mail
mouss wrote: Roland Plüss a écrit : I guess in this case I should once upon time pay Dovecot a visit. I need only auth for SMTP/IMAP. LMTP I don't use so it's not a blocker there. you apparently didn't get it: - if you only need to authenticate TO YOUR postfix, then dovecot is a good choice. This happens when your mailer connects to postfix. - if you need your postfix to authenticate TO OTHER smtp servers, then you need cyrus-sasl. In short, dovecot doesn't support client side SASL. see the SASL README for more. Nah, it's only for client to my postfix. No need for postfix to auth to other smtp servers. Unless this would be somehow usefull or would prevent problems. -- Yours sincerely Plüss Roland signature.asc Description: OpenPGP digital signature
Re: Problem with Zen filtering legit e-mail
Sahil Tandon wrote: On Jan 12, 2009, at 10:27 AM, Roland Plüss rol...@rptd.ch wrote: Since I got Zen and the other spam stuff working things went fine until one of our road workers tried to send his email from his laptop which is hooked up on a cheap ISP. This ISP happens to be fully in Zen and he can not send mails using our mail server. He has to log in using IMAP/TLS to send the mails. Is there a way ( inside the recipient restrictions ) to allow mails only from a domain if send by a logged in user? Currently I use a recipient access map to whitelist the domain but this works only until spammers start to send mails with faked domains ( aka claiming to be from this domain but obviously are not since they never authed ). SASL is not an option since it refuses to work ( either crashes or fails to start ). Fix the problem instead of plugging in these makeshift solutions. Why does SASL not work? If I would know this I would not say it's not-an-option, right? ;) What do the logs say? Unfortunately nothing except SASL not working ( if telnetting to 25 ). I tried tons of tutorials but the SASL stays broken. Most probably a GenToo problem I suspect. Show the output of 'postconf -n' and relevant excerpts from your log. Also see the DEBUG_README, to which you were referred upon joining this list; it contains useful troubleshooting tips and advice on how to get help from this list. I never received nor got pointed to a DEBUG_README at all. Where's this one? -- Yours sincerely Plüss Roland signature.asc Description: OpenPGP digital signature
Re: Problem with Zen filtering legit e-mail
Roland Plüss wrote: Sahil Tandon wrote: On Jan 12, 2009, at 10:27 AM, Roland Plüss rol...@rptd.ch wrote: Since I got Zen and the other spam stuff working things went fine until one of our road workers tried to send his email from his laptop which is hooked up on a cheap ISP. This ISP happens to be fully in Zen and he can not send mails using our mail server. He has to log in using IMAP/TLS to send the mails. Is there a way ( inside the recipient restrictions ) to allow mails only from a domain if send by a logged in user? Currently I use a recipient access map to whitelist the domain but this works only until spammers start to send mails with faked domains ( aka claiming to be from this domain but obviously are not since they never authed ). SASL is not an option since it refuses to work ( either crashes or fails to start ). Fix the problem instead of plugging in these makeshift solutions. Why does SASL not work? If I would know this I would not say it's not-an-option, right? ;) What do the logs say? Unfortunately nothing except SASL not working ( if telnetting to 25 ). I tried tons of tutorials but the SASL stays broken. Most probably a GenToo problem I suspect. Gentoo is not the issue, however the different SASL implementations can be an interesting experiment to get working. Dovecot SASL is easier, IMO, to setup and configure and you can disable the IMAP services from starting simply enough. Show the output of 'postconf -n' and relevant excerpts from your log. Also see the DEBUG_README, to which you were referred upon joining this list; it contains useful troubleshooting tips and advice on how to get help from this list. I never received nor got pointed to a DEBUG_README at all. Where's this one? http://www.postfix.org/DEBUG_README.htm Brian
Re: Problem with Zen filtering legit e-mail
Brian Evans - Postfix List wrote: Roland Plüss wrote: Sahil Tandon wrote: On Jan 12, 2009, at 10:27 AM, Roland Plüss rol...@rptd.ch wrote: Since I got Zen and the other spam stuff working things went fine until one of our road workers tried to send his email from his laptop which is hooked up on a cheap ISP. This ISP happens to be fully in Zen and he can not send mails using our mail server. He has to log in using IMAP/TLS to send the mails. Is there a way ( inside the recipient restrictions ) to allow mails only from a domain if send by a logged in user? Currently I use a recipient access map to whitelist the domain but this works only until spammers start to send mails with faked domains ( aka claiming to be from this domain but obviously are not since they never authed ). SASL is not an option since it refuses to work ( either crashes or fails to start ). Fix the problem instead of plugging in these makeshift solutions. Why does SASL not work? If I would know this I would not say it's not-an-option, right? ;) What do the logs say? Unfortunately nothing except SASL not working ( if telnetting to 25 ). I tried tons of tutorials but the SASL stays broken. Most probably a GenToo problem I suspect. Gentoo is not the issue, however the different SASL implementations can be an interesting experiment to get working. Dovecot SASL is easier, IMO, to setup and configure and you can disable the IMAP services from starting simply enough. Hm... I tried Cyrus so far. What's the difference between the two except the configuration? Show the output of 'postconf -n' and relevant excerpts from your log. Also see the DEBUG_README, to which you were referred upon joining this list; it contains useful troubleshooting tips and advice on how to get help from this list. I never received nor got pointed to a DEBUG_README at all. Where's this one? http://www.postfix.org/DEBUG_README.htm You missed the L... :D ( sorry, couldn't resist ) -- Yours sincerely Plüss Roland signature.asc Description: OpenPGP digital signature
Re: Problem with Zen filtering legit e-mail
On 1/13/2009, Roland Plüss (rol...@rptd.ch) wrote: Unfortunately nothing except SASL not working ( if telnetting to 25 ). I tried tons of tutorials but the SASL stays broken. Most probably a GenToo problem I suspect. Actually, I've been using SASL on gentoo for years, so it is more likely a PEBKAC problem... -- Best regards, Charles
Re: Problem with Zen filtering legit e-mail
Roland Pl??ss: I never received nor got pointed to a DEBUG_README at all. Where's this one? Below is the mailing list welcome that you ignored. Wieste TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html Thank you for using Postfix.
Re: Problem with Zen filtering legit e-mail
Roland Plüss wrote, On 1/13/09 9:47 AM: Brian Evans - Postfix List wrote: [...] Gentoo is not the issue, however the different SASL implementations can be an interesting experiment to get working. Dovecot SASL is easier, IMO, to setup and configure and you can disable the IMAP services from starting simply enough. Hm... I tried Cyrus so far. What's the difference between the two except the configuration? 1. Dovecot SASL is a free-standing authentication daemon rather than libraries that have to be linked into Postfix, which eliminates the opportunity for failure from having a mismatch between the libraries used to build Postfix and the ones in place at run time. 2. Dovecot only provides authentication for the SMTP server side of Postfix, so if you need to have the SMTP or LMTP client parts of Postfix authenticate themselves to a server, Cyrus is your only choice. And the config difference is a significant one. A SASL implementation that one cannot figure out how to configure has absolutely no functionality. It is also possible to configure Cyrus functionally but very insecurely, which is likely to be more difficult to accomplish with Dovecot.
Re: Problem with Zen filtering legit e-mail
Roland Plüss wrote: Since I got Zen and the other spam stuff working things went fine until one of our road workers tried to send his email from his laptop which is hooked up on a cheap ISP. This ISP happens to be fully in Zen and he can not send mails using our mail server. He has to log in using IMAP/TLS to send the mails. Is there a way ( inside the recipient restrictions ) to allow mails only from a domain if send by a logged in user? Currently I use a recipient access map to whitelist the domain but this works only until spammers start to send mails with faked domains ( aka claiming to be from this domain but obviously are not since they never authed ). SASL is not an option since it refuses to work ( either crashes or fails to start ). Put permit_mynetworks, permit_sasl_authenticated before the zen check. -- Noel Jones
Re: Problem with Zen filtering legit e-mail
On Jan 12, 2009, at 10:27 AM, Roland Plüss rol...@rptd.ch wrote: Since I got Zen and the other spam stuff working things went fine until one of our road workers tried to send his email from his laptop which is hooked up on a cheap ISP. This ISP happens to be fully in Zen and he can not send mails using our mail server. He has to log in using IMAP/ TLS to send the mails. Is there a way ( inside the recipient restrictions ) to allow mails only from a domain if send by a logged in user? Currently I use a recipient access map to whitelist the domain but this works only until spammers start to send mails with faked domains ( aka claiming to be from this domain but obviously are not since they never authed ). SASL is not an option since it refuses to work ( either crashes or fails to start ). Fix the problem instead of plugging in these makeshift solutions. Why does SASL not work? What do the logs say? Show the output of 'postconf -n' and relevant excerpts from your log. Also see the DEBUG_README, to which you were referred upon joining this list; it contains useful troubleshooting tips and advice on how to get help from this list. -- Sahil Tandon sa...@tandon.net