On 5/28/24 9:23 PM, Viktor Dukhovni via Postfix-users wrote:
-o { smtpd_recipient_restrictions =
reject_rbl_client zen.spamhaus.org=127.0.0.4,
reject_sender_login_mismatch,
permit_sasl_authenticated,
reject }
I had experimented and came
On Tue, May 28, 2024 at 08:18:06PM -0400, John Hill via Postfix-users wrote:
> -o
> smtpd_recipient_restrictions=permit_sasl_authenticated,reject_rbl_client=zen.spamhaus,org=127.0.0.4,reject
>
> > I added and = after reject_rbl_client=
That's wrong, in multiple ways.
0. The RBL check
On 29/05/2024 02:18, John Hill via Postfix-users wrote:
On 5/28/24 8:10 PM, John Hill via Postfix-users wrote:
On 5/28/24 8:00 PM, Bill Cole via Postfix-users wrote:
On 2024-05-28 at 19:18:10 UTC-0400 (Tue, 28 May 2024 19:18:10 -0400)
John Hill via Postfix-users
is rumored to have said:
On 29/05/2024 01:11, Bill Cole via Postfix-users wrote:
On 2024-05-28 at 18:50:11 UTC-0400 (Wed, 29 May 2024 00:50:11 +0200)
John Fawcett via Postfix-users
is rumored to have said:
[...]
Hi John
I think you are missing the following in master.cf for the submission
service
-o
On 5/28/24 8:10 PM, John Hill via Postfix-users wrote:
On 5/28/24 8:00 PM, Bill Cole via Postfix-users wrote:
On 2024-05-28 at 19:18:10 UTC-0400 (Tue, 28 May 2024 19:18:10 -0400)
John Hill via Postfix-users
is rumored to have said:
[...
On 5/28/24 7:13 PM, Bill Cole via Postfix-users wrote:
On 2024-05-28 at 19:23:19 UTC-0400 (Tue, 28 May 2024 19:23:19 -0400)
John Hill via Postfix-users
is rumored to have said:
[...]
Dovecot log
May 28 19:00:45 proteus.noach.com dovecot[504384]: lmtp(504721):
Connect from local
May 28 19:00:58 proteus.noach.com dovecot[504384]: auth: Error:
On 5/28/24 8:00 PM, Bill Cole via Postfix-users wrote:
On 2024-05-28 at 19:18:10 UTC-0400 (Tue, 28 May 2024 19:18:10 -0400)
John Hill via Postfix-users
is rumored to have said:
[...
On 5/28/24 7:13 PM, Bill Cole via Postfix-users wrote:
On 2024-05-28 at 19:04:37 UTC-0400 (Tue, 28 May 2024
Northwind via Postfix-users:
> Hello,
>
> Is it possible to set mail.log for recording sasl login usernames?
>
> May 29 06:52:45 mx postfix/smtps/smtpd[3022855]: warning:
> unknown[138.185.193.64]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
> May 29 06:52:57 mx postfix/smtpd[3023133]:
On 2024-05-28 at 19:18:10 UTC-0400 (Tue, 28 May 2024 19:18:10 -0400)
John Hill via Postfix-users
is rumored to have said:
[...
On 5/28/24 7:13 PM, Bill Cole via Postfix-users wrote:
On 2024-05-28 at 19:04:37 UTC-0400 (Tue, 28 May 2024 19:04:37 -0400)
John Hill via Postfix-users
is rumored to
On 5/28/24 7:18 PM, John Hill via Postfix-users wrote:
On 5/28/24 7:13 PM, Bill Cole via Postfix-users wrote:
On 2024-05-28 at 19:04:37 UTC-0400 (Tue, 28 May 2024 19:04:37 -0400)
John Hill via Postfix-users
is rumored to have said:
On 5/28/24 6:54 PM, Bill Cole via Postfix-users wrote:
-o
On 5/28/24 7:13 PM, Bill Cole via Postfix-users wrote:
On 2024-05-28 at 19:04:37 UTC-0400 (Tue, 28 May 2024 19:04:37 -0400)
John Hill via Postfix-users
is rumored to have said:
On 5/28/24 6:54 PM, Bill Cole via Postfix-users wrote:
-o {
On 2024-05-28 at 19:04:37 UTC-0400 (Tue, 28 May 2024 19:04:37 -0400)
John Hill via Postfix-users
is rumored to have said:
On 5/28/24 6:54 PM, Bill Cole via Postfix-users wrote:
-o { smtpd_client_restrictions=permit_mynetworks,reject_rbl_client
On 2024-05-28 at 18:50:11 UTC-0400 (Wed, 29 May 2024 00:50:11 +0200)
John Fawcett via Postfix-users
is rumored to have said:
[...]
Hi John
I think you are missing the following in master.cf for the submission
service
-o smtpd_delay_reject=no
Without that the smtpd_client_restrictions will
On 5/28/24 6:54 PM, Bill Cole via Postfix-users wrote:
-o { smtpd_client_restrictions=permit_mynetworks,reject_rbl_client
xbl.spamhaus,org=127.0.0.4,permit_sasl_authenticated,reject }
tried to rspond
Sending of the message failed.
An error occurred while sending mail. The mail server
Hello,
Is it possible to set mail.log for recording sasl login usernames?
May 29 06:52:45 mx postfix/smtps/smtpd[3022855]: warning:
unknown[138.185.193.64]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
May 29 06:52:57 mx postfix/smtpd[3023133]: warning:
unknown[49.156.148.93]: SASL LOGIN
On 2024-05-28 at 18:27:05 UTC-0400 (Tue, 28 May 2024 18:27:05 -0400)
John Hill via Postfix-users
is rumored to have said:
[...]
11 -o
{smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_rbl_client
xbl.spamhaus,org=127.0.0.4, reject}
reject_rbl_client doing
On 29/05/2024 00:27, John Hill via Postfix-users wrote:
On 5/28/24 4:50 PM, John Hill via Postfix-users wrote:
On 5/28/24 4:43 PM, Benny Pedersen via Postfix-users wrote:
John Hill via Postfix-users skrev den 2024-05-28 22:12:
On 5/28/24 3:38 PM, Benny Pedersen via Postfix-users wrote:
On 5/28/24 4:50 PM, John Hill via Postfix-users wrote:
On 5/28/24 4:43 PM, Benny Pedersen via Postfix-users wrote:
John Hill via Postfix-users skrev den 2024-05-28 22:12:
On 5/28/24 3:38 PM, Benny Pedersen via Postfix-users wrote:
John Hill via Postfix-users skrev den 2024-05-28 21:14:
I
On 5/28/24 4:43 PM, Benny Pedersen via Postfix-users wrote:
John Hill via Postfix-users skrev den 2024-05-28 22:12:
On 5/28/24 3:38 PM, Benny Pedersen via Postfix-users wrote:
John Hill via Postfix-users skrev den 2024-05-28 21:14:
I had dumped the configs but here is what I had.
John Hill via Postfix-users skrev den 2024-05-28 22:12:
On 5/28/24 3:38 PM, Benny Pedersen via Postfix-users wrote:
John Hill via Postfix-users skrev den 2024-05-28 21:14:
I had dumped the configs but here is what I had.
submission inet n - y - - smtpd
-o
On 5/28/24 3:38 PM, Benny Pedersen via Postfix-users wrote:
John Hill via Postfix-users skrev den 2024-05-28 21:14:
I had dumped the configs but here is what I had.
submission inet n - y - - smtpd
-o smtpd_tls_security_level=encrypt
-o
John Hill via Postfix-users skrev den 2024-05-28 21:14:
I had dumped the configs but here is what I had.
submission inet n - y - - smtpd
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_delay_reject=no
-o {
John Hill via Postfix-users:
>
> On 5/28/24 11:48 AM, Wietse Venema via Postfix-users wrote:
> > postconf -Mf submission/inet".
>
>
> May 28 10:51:07 proteus.noach.com postfix/submission/smtpd[57120]:
> warning: malformed map specification: '{ reject_rbl_client
> xbl.spamhaus.org }'
There is
On 5/28/24 11:48 AM, Wietse Venema via Postfix-users wrote:
postconf -Mf submission/inet".
May 28 10:51:07 proteus.noach.com postfix/submission/smtpd[57120]:
warning: malformed map specification: '{ reject_rbl_client
xbl.spamhaus.org }'
May 28 10:51:07 proteus.noach.com
Wietse Venema via Postfix-users:
> Adam Weremczuk via Postfix-users:
> > I've tried your suggestion.
> >
> > SERVER1 is still trying to deliver test email locally rather than
> > forward to SERVER2:
According to your postfinger output, you did not confihgure
virtual_alias_maps on server1 to
John Hill via Postfix-users:
> Not working had recipient instead of client. Fixed that and then is says
> its not a map.
We need:
- The complete error message, exactly as logged.
- Output from "postconf -Mf submission/inet".
Wietse
>
> On 5/28/24 10:36 AM, John Hill via Postfix-users
Not working had recipient instead of client. Fixed that and then is says
its not a map.
On 5/28/24 10:36 AM, John Hill via Postfix-users wrote:
Here is what IS NOT causing postfix to dump, not sure if it will work.
main.cf
submission_recipient_restrictions = reject_rbl_client
Adam Weremczuk via Postfix-users:
> I've tried your suggestion.
>
> SERVER1 is still trying to deliver test email locally rather than
> forward to SERVER2:
>
> : host
> mx0.myLANdomain.com[/var/run/cyrus/socket/lmtp] said: 550-Mailbox
> unknown. Either there is no mailbox associated
I've tried your suggestion.
SERVER1 is still trying to deliver test email locally rather than
forward to SERVER2:
: host
mx0.myLANdomain.com[/var/run/cyrus/socket/lmtp] said: 550-Mailbox
unknown. Either there is no mailbox associated with this 550-name
or you
do not have
Here is what IS NOT causing postfix to dump, not sure if it will work.
main.cf
submission_recipient_restrictions = reject_rbl_client xbl.spamhaus.org
master.cf
submission
-o
smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,{
$submission_recipient_restrictions },reject
I have yet to get a proper configuration to add xbl.spamhaus.org to
submission.
-o
smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
Everything I try fails.
I have researched the list but can't find the answer.
I'm still getting hammered by SASL failures.
I
Adam Weremczuk via Postfix-users:
> Sorry, I'm still struggling to get anywhere with that.
>
> Just to recap what I'm trying to achieve:
>
> SERVER1 is a fully blown Postfix+Cyrus stack operating over the internet
> and serving multiple domains.
>
> SERVER2 is a small VM on a local LAN (same
On Tue, May 28, 2024 at 6:49 AM Wietse Venema via Postfix-users <
postfix-users@postfix.org> wrote:
> In recent experience with my personal porcupine.org email address,
> they not only want SPF or DKIM, they *also* want a DMARC policy
> with p=quarantine or p=reject.
We have run p=reject for
Sorry, I'm still struggling to get anywhere with that.
Just to recap what I'm trying to achieve:
SERVER1 is a fully blown Postfix+Cyrus stack operating over the internet
and serving multiple domains.
SERVER2 is a small VM on a local LAN (same LAN as SERVER1) that runs
Bugzilla.
Both
On 5/28/24 5:39 AM, Christophe Kalt via Postfix-users wrote:
smtpd_delay_reject to no
I had it at yes.
Changed it.
--john
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to
Greg Sims via Postfix-users:
> > On Mon, May 27, 2024 at 3:40?AM Viktor Dukhovni via Postfix-users <
> postfix-users@postfix.org> wrote:
>
> > You really should have posted "collate" output, which would have shown
> > the envelope sender address in the "qmgr active" log entry. Perhaps
> > the
I do see the "qmgr active" active with the from=<>. I added
mail01.raystedman.org SPF to DNS as a result.
Thanks again, Greg
>
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
> On Mon, May 27, 2024 at 3:40 AM Viktor Dukhovni via Postfix-users <
postfix-users@postfix.org> wrote:
> You really should have posted "collate" output, which would have shown
> the envelope sender address in the "qmgr active" log entry. Perhaps
> the actual domain used did not have the
On 28/05/2024 11:39, Christophe Kalt via Postfix-users wrote:
On Sun, May 26, 2024 at 5:57 AM John Fawcett via Postfix-users
wrote:
For submission I only use xbl (return code 127.0.0.4) excluding
other other data contained in zen like pbl that lists isp dynamic
ip ranges from
On Sun, May 26, 2024 at 5:57 AM John Fawcett via Postfix-users <
postfix-users@postfix.org> wrote:
For submission I only use xbl (return code 127.0.0.4) excluding other
other data contained in zen like pbl that lists isp dynamic ip ranges from
which you would normally expect to get connections
On Sun, May 26, 2024 at 5:57 AM John Fawcett via Postfix-users <
postfix-users@postfix.org> wrote:
> For submission I only use xbl (return code 127.0.0.4) excluding other
> other data contained in zen like pbl that lists isp dynamic ip ranges from
> which you would normally expect to get
postscreen_dnsbl_sites = zen.spamhaus.org=127.0.0.[2..11]
John Hill via Postfix-users:
Is this the same thing?
On 25.05.24 15:54, Wietse Venema via Postfix-users wrote:
See https://www.spamhaus.org/faqs/dnsbl-usage/#200 for a table
with the purpose of different lookup results.
To block
On 27/05/2024 13:31, John Hill via Postfix-users wrote:
On 5/27/24 4:13 AM, Matus UHLAR - fantomas via Postfix-users wrote:
> postscreen_dnsbl_sites = zen.spamhaus.org=127.0.0.[2..11]
John Hill via Postfix-users:
Is this the same thing?
On 25.05.24 15:54, Wietse Venema via
On Mon, May 27, 2024 at 3:40 AM Viktor Dukhovni via Postfix-users <
postfix-users@postfix.org> wrote:
>
> You really should have posted "collate" output, which would have shown
> the envelope sender address in the "qmgr active" log entry. Perhaps
> the actual domain used did not have the
On 5/27/24 4:13 AM, Matus UHLAR - fantomas via Postfix-users wrote:
> postscreen_dnsbl_sites = zen.spamhaus.org=127.0.0.[2..11]
John Hill via Postfix-users:
Is this the same thing?
On 25.05.24 15:54, Wietse Venema via Postfix-users wrote:
See
On Sun, May 26, 2024 at 08:22:53PM -0500, Greg Sims via Postfix-users wrote:
> May 26 00:35:57 mail01.raystedman.org postfix/t124/smtp[39065]:
> 0A7D630F1C7C:
> to==cecytebc.edu...@devotion.raystedman.org>,
> relay=aspmx.l.google.com[142.251.2.26]:25,
> delay=0.52, delays=0/0/0.21/0.31,
> postscreen_dnsbl_sites = zen.spamhaus.org=127.0.0.[2..11]
John Hill via Postfix-users:
Is this the same thing?
On 25.05.24 15:54, Wietse Venema via Postfix-users wrote:
See https://www.spamhaus.org/faqs/dnsbl-usage/#200 for a table
with the purpose of different lookup results.
To block
Greg Sims via Postfix-users:
> We found the following in our email log:
>
> May 26 00:35:57 mail01.raystedman.org postfix/t124/smtp[39065]:
> 0A7D630F1C7C: to==
> cecytebc.edu...@devotion.raystedman.org>,
> relay=aspmx.l.google.com[142.251.2.26]:25,
> delay=0.52, delays=0/0/0.21/0.31,
We found the following in our email log:
May 26 00:35:57 mail01.raystedman.org postfix/t124/smtp[39065]:
0A7D630F1C7C: to==
cecytebc.edu...@devotion.raystedman.org>,
relay=aspmx.l.google.com[142.251.2.26]:25,
delay=0.52, delays=0/0/0.21/0.31, dsn=5.7.26, status=bounced (host
This problem was resolved off-list.
Greg Sims:
> Wietse & Viktor,
>
> All is not lost. Restarting BIND on Ray08 solved the problem of
> c=30!! I am sorry that I did not review/restart this service earlier.
> Your comments related to the 5 second intervals and DNS timeouts
> caused me to look
Dnia 24.05.2024 o godz. 20:41:57 Northwind via Postfix-users pisze:
> my guess, submission clients were using ehlo, and a mx client uses
> helo command. so postfix differ them based on this command?
They connect to different Postfix services. Submission clients connect to
port 587 or 465 (or any
On 25/05/2024 20:50, John Hill via Postfix-users wrote:
On 5/25/24 11:22 AM, John Fawcett via Postfix-users wrote:
On 24/05/2024 03:03, John Hill via Postfix-users wrote:
I learn something every time I read this group, when I can keep up
with the conversation!
I had auth on ports I did
On 25/05/2024 23:58, Mike via Postfix-users wrote:
Hello,
My setup like below:
I have Postfix setup and use dovecot as SASL. Now, all email accounts
can use the smtp server to send emails. I want to allow only one email
account to send out emails and rest of others can only use POP3 or
great knowledge. thanks Wietse.
master.cf:
submission ... ... ... ... ... ... smtpd
-o { smtpd_client_restrictions =
check_sasl_access inline:{{ user@example = OK }}
static:{ REJECT this user is not allowed to send mail }
}
Mike via Postfix-users:
> Hello,
>
> My setup like below:
>
> I have Postfix setup and use dovecot as SASL. Now, all email accounts
> can use the smtp server to send emails. I want to allow only one email
> account to send out emails and rest of others can only use POP3 or IMAP.
>
> How can I
Mike via Postfix-users skrev den 2024-05-25 23:58:
How can I make that?
check_sasl_access https://wiki.zimbra.com/wiki/How-to-restrict-ssl-login
imho same you want ?
just replace reject with permit, and reject all remaining if sasl user
is not that user
On 26/05/24 09:58, Mike via Postfix-users wrote:
Hello,
My setup like below:
I have Postfix setup and use dovecot as SASL. Now, all email accounts
can use the smtp server to send emails. I want to allow only one email
account to send out emails and rest of others can only use POP3 or IMAP.
iptables?
I have Postfix setup and use dovecot as SASL. Now, all email accounts
can use the smtp server to send emails. I want to allow only one email
account to send out emails and rest of others can only use POP3 or IMAP.
___
Postfix-users
Hello,
My setup like below:
I have Postfix setup and use dovecot as SASL. Now, all email accounts
can use the smtp server to send emails. I want to allow only one email
account to send out emails and rest of others can only use POP3 or IMAP.
How can I make that?
Thanks
On 5/25/24 3:54 PM, Wietse Venema via Postfix-users wrote:
John Hill via Postfix-users:
postscreen_dnsbl_sites = zen.spamhaus.org=127.0.0.[2..11]
Is this the same thing?
See https://www.spamhaus.org/faqs/dnsbl-usage/#200 for a table
with the purpose of different lookup results.
To block xbl
John Hill via Postfix-users:
> > postscreen_dnsbl_sites = zen.spamhaus.org=127.0.0.[2..11]
> Is this the same thing?
See https://www.spamhaus.org/faqs/dnsbl-usage/#200 for a table
with the purpose of different lookup results.
To block xbl listed clients with postscreen, one would configure
On 5/25/24 11:22 AM, John Fawcett via Postfix-users wrote:
On 24/05/2024 03:03, John Hill via Postfix-users wrote:
I learn something every time I read this group, when I can keep up
with the conversation!
I had auth on ports I did not need. I use auth on submission port
587, for users
On 24/05/2024 03:03, John Hill via Postfix-users wrote:
I learn something every time I read this group, when I can keep up
with the conversation!
I had auth on ports I did not need. I use auth on submission port 587,
for users access.
I do get a boat load of failed login attempts on 587.
yes I am using smtps as service name indeed.
and smtps has -o smtpd_sasl_auth_enable=yes enabled.
Thanks peter.
On postfix 3.4 submissions was actually called smtps so you want to
enable it in the smtps section (there won't be a submissions entry in
your master.cf unless you added it).
On 25/05/24 01:37, Matus UHLAR - fantomas via Postfix-users wrote:
He mentioned that on postfix with "smtpd_tls_auth_only=yes" (the
default) authentication is only available when TLS is active
The default is no, but it is very common to have it set to yes.
Peter
On 25/05/24 09:50, Northwind via Postfix-users wrote:
just to clarify, submissions is not required to set for enabling
sasl_auth on port 465/587. i have tested it, no need to set a separated
submissions.
Incorrect. submission is *only* port 587, submissions is port 465.
my postfix
On 25/05/24 01:12, Benny Pedersen via Postfix-users wrote:
Stephan Seitz via Postfix-users skrev den 2024-05-24 15:01:
Carefull, if you have „smtpd_tls_auth_only = yes” (I think), then
you’ll see AUTH after STARTTLS…
port 25 must not be tls only
Since authentication should never be done on
On 25/05/24 00:43, Benny Pedersen via Postfix-users wrote:
Northwind via Postfix-users skrev den 2024-05-24 14:37:
and restarted postfix.
now I think it should be working.
telnet localhost 25
ehlo localhost
if you see AUTH in ehlo results it not done yet
no AUTH results take another beer
On 25/05/24 00:29, Benny Pedersen via Postfix-users wrote:
Northwind via Postfix-users skrev den 2024-05-24 14:17:
so, in main.cf:
smtpd_sasl_auth_enable=no
comment this out in main.cf, it already default no
It's fine to have it, it's simply redundant.
Peter
On 25/05/24 00:17, Northwind via Postfix-users wrote:
so, in main.cf:
smtpd_sasl_auth_enable=no
Yes, although the setting is redundant here since it defaults to no
anyways it's fine to explicitly state it if you want.
then in master.cf:
submission inet n - y - -
On 24/05/24 21:32, Matus UHLAR - fantomas via Postfix-users wrote:
On 24.05.24 12:00, Peter via Postfix-users wrote:
And the OP is referring to SASL AUTH attacks which are for submission,
not MX connections.
But some of those log lines mention postfix/smtpd, which means they
happen on port
just to clarify, submissions is not required to set for enabling
sasl_auth on port 465/587. i have tested it, no need to set a separated
submissions.
my postfix version:
version 3.4.13
thanks
submissions inet n - y - - smtpd
On 5/24/24 9:33 AM, Matus UHLAR - fantomas via Postfix-users wrote:
On 24.05.24 07:36, John Hill via Postfix-users wrote:
What command do you use to reset the connection?
no command, just rule in OUTPUT chain:
1710 649K REJECT 6 -- * * 0.0.0.0/0
0.0.0.0/0
On 5/24/24 06:51, Benny Pedersen via Postfix-users wrote:
Authentication-Results list.sys4.de; dkim=pass header.d=junc.eu;
arc=none (Message is not ARC signed); dmarc=pass (Used From Domain
Record) header.from=junc.eu policy.dmarc=reject
where comes REJECT from ?
You might consider asking
On 2024-05-23 at 20:12:09 UTC-0400 (Fri, 24 May 2024 12:12:09 +1200)
Peter via Postfix-users
is rumored to have said:
On 24/05/24 01:42, Bill Cole via Postfix-users wrote:
[...]
It is also helpful as a matter of system design to decouple user
email addresses from their login usernames. For
Am Fr, Mai 24, 2024 at 15:12:31 +0200 schrieb Benny Pedersen via Postfix-users:
Stephan Seitz via Postfix-users skrev den 2024-05-24 15:01:
Carefull, if you have „smtpd_tls_auth_only = yes” (I think), then
you’ll see AUTH after STARTTLS…
port 25 must not be tls only
I didn’t say that, but
Stephan Seitz via Postfix-users skrev den 2024-05-24 15:01:
Carefull, if you have „smtpd_tls_auth_only = yes” (I think), then
you’ll see AUTH after STARTTLS…
On 24.05.24 15:12, Benny Pedersen via Postfix-users wrote:
port 25 must not be tls only
if its needed use another port for tls only
Thank you so much.
This is really important.
>
> Le 24/05/2024 à 14:17, Northwind via Postfix-users a écrit :
>
> >
> > so, in main.cf:
> >
> > smtpd_sasl_auth_enable=no
> >
> > then in master.cf:
> >
> > submission inet n - y - - smtpd
> >
> > -o
On 24.05.24 20:41, Northwind via Postfix-users wrote:
my guess, submission clients were using ehlo, and a mx client uses
helo command. so postfix differ them based on this command?
EHLO is the extended HELO, supports SMTP extensions. Mail clients just like
servers may use either, but nowadays
On 24.05.24 07:36, John Hill via Postfix-users wrote:
What command do you use to reset the connection?
no command, just rule in OUTPUT chain:
1710 649K REJECT 6-- * * 0.0.0.0/00.0.0.0/0
tcp spt:25 match-set block-smtp dst reject-with
Le 24/05/2024 à 14:17, Northwind via Postfix-users a écrit :
so, in main.cf:
smtpd_sasl_auth_enable=no
then in master.cf:
submission inet n - y - - smtpd
-o smtpd_sasl_auth_enable=yes
Am I right? does this disable sasl_auth for port 25, but still
authorize
Stephan Seitz via Postfix-users skrev den 2024-05-24 15:01:
Carefull, if you have „smtpd_tls_auth_only = yes” (I think), then
you’ll see AUTH after STARTTLS…
port 25 must not be tls only
if its needed use another port for tls only
___
Am Fr, Mai 24, 2024 at 20:48:16 +0800 schrieb Northwind via Postfix-users:
ehlo localhost.localdomain
250-mx.domain.xyz
250-PIPELINING
250-SIZE
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 CHUNKING
no AUTH was there. so it should be working. :)
Carefull, if
ehlo localhost.localdomain
250-mx.domain.xyz
250-PIPELINING
250-SIZE
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 CHUNKING
no AUTH was there. so it should be working. :)
if you see AUTH in ehlo results it not done yet
Northwind via Postfix-users skrev den 2024-05-24 14:37:
and restarted postfix.
now I think it should be working.
telnet localhost 25
ehlo localhost
if you see AUTH in ehlo results it not done yet
no AUTH results take another beer :)
___
my guess, submission clients were using ehlo, and a mx client uses helo
command. so postfix differ them based on this command?
regards.
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to
root@mx:/etc/postfix# vi main.cf
root@mx:/etc/postfix# vi master.cf
root@mx:/etc/postfix# service postfix restart
i have comment out this line in main.cf:
#smtpd_sasl_auth_enable = yes
And enable this in master.cf:
submission inet n - y - - smtpd
-o
Northwind via Postfix-users skrev den 2024-05-24 14:17:
so, in main.cf:
smtpd_sasl_auth_enable=no
comment this out in main.cf, it already default no
then in master.cf:
submission inet n - y - - smtpd
-o smtpd_sasl_auth_enable=yes
Am I right?
yes
does
so, in main.cf:
smtpd_sasl_auth_enable=no
then in master.cf:
submission inet n - y - - smtpd
-o smtpd_sasl_auth_enable=yes
Am I right? does this disable sasl_auth for port 25, but still authorize
users on port 587/465?
Thanks a lot.
Many moons ago I was
What command do you use to reset the connection?
On 5/24/24 6:18 AM, Matus UHLAR - fantomas via Postfix-users wrote:
On 23.05.24 21:03, John Hill via Postfix-users wrote:
I use Fail2Ban to block the failed IP. The script writes it into the
nftables table immediately.
I think this keeps
Authentication-Results list.sys4.de; dkim=pass header.d=junc.eu;
arc=none (Message is not ARC signed); dmarc=pass (Used From Domain
Record) header.from=junc.eu policy.dmarc=reject
where comes REJECT from ?
___
Postfix-users mailing list --
Allen Coates via Postfix-users skrev den 2024-05-24 11:51:
Many moons ago I was told to put "smtpd_sasl_auth_enable=no" in
main.cf, blocking the function everywhere, and then put "-o
smtpd_sasl_auth_enable=yes" in the submission stanza(s) in master.cf,
expressly enabling it *just* there.
On 24/05/2024 03:15, Peter via Postfix-users wrote:
No you definately should disable auth on port 25 regardless. It is
possible for postscreen to pass a connection to smtpd and smtpd can
*then* offer auth.
To answer your original question, you can just set -o
smtpd_sasl_auth_enable=no in
On 23.05.24 21:03, John Hill via Postfix-users wrote:
I use Fail2Ban to block the failed IP. The script writes it into the
nftables table immediately.
I think this keeps Postfix waiting and times out, not a big deal. Is
there a cli that my bash script could force disconnect the ip from
On 24/05/2024 03:15, Peter via Postfix-users wrote:
No you definately should disable auth on port 25 regardless. It is possible for postscreen to pass a connection to
smtpd and smtpd can *then* offer auth.
To answer your original question, you can just set -o smtpd_sasl_auth_enable=no in
On 23/05/2024 14:45, Bill Cole via Postfix-users wrote:
is rumored to have said:
Don't accept mail from home networks. For example, use "reject_dbl_client
zen.spamhaus.org". For this you must use your own DNS resolver,
not the DNSresolver from your ISP.
On 23.05.24 07:00, Northwind via
Zen includes the "PBL" component, which consists largely of
residential and mobile consumer IPs.
On 24/05/24 02:12, Matus UHLAR - fantomas via Postfix-users wrote:
Yes, but these are (usually) not considered valid clients, these
should use submission/submissions(smtps) ports where
On 24/05/24 13:08, Northwind via Postfix-users wrote:
do you mean since I have been using postscreen, there is no need to
manually disable authentication on port 25? since postscreen doesn't
have auth support.
No you definately should disable auth on port 25 regardless. It is
possible for
Will do it. Tonight.
Thanks
On May 23, 2024 9:11 PM, Wietse Venema via Postfix-users
wrote:
John Hill via Postfix-users:
> I learn something every time I read this group, when I can keep up with
> the conversation!
>
> I had auth on ports I did not need. I use auth on submission port
John Hill via Postfix-users:
> I learn something every time I read this group, when I can keep up with
> the conversation!
>
> I had auth on ports I did not need. I use auth on submission port 587,
> for users access.
>
> I do get a boat load of failed login attempts on 587. Funny how a China,
901 - 1000 of 97244 matches
Mail list logo
