Hello the list,
I saw some open source providers who have these dmarc settings:
_dmarc.disroot.org. 3495 IN TXT "v=DMARC1; p=reject; adkim=s; aspf=s;
rua=mailto:ab...@disroot.org; ruf=mailto:ab...@disroot.org;";
_dmarc.autistici.org. 3504 IN TXT "v=DMARC1; p=reject; adkim=s; aspf=s;
rua=mail
Wietse Venema via Postfix-users:
Fixed with Postfix 3.8.3, 3.7.8, 3.6.12, 3.5.22:
that's all right. thank you Wietse.
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
Hello,
Is it possible to set mail.log for recording sasl login usernames?
May 29 06:52:45 mx postfix/smtps/smtpd[3022855]: warning:
unknown[138.185.193.64]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
May 29 06:52:57 mx postfix/smtpd[3023133]: warning:
unknown[49.156.148.93]: SASL LOGIN aut
great knowledge. thanks Wietse.
master.cf:
submission ... ... ... ... ... ... smtpd
-o { smtpd_client_restrictions =
check_sasl_access inline:{{ user@example = OK }}
static:{ REJECT this user is not allowed to send mail }
}
...
iptables?
I have Postfix setup and use dovecot as SASL. Now, all email accounts
can use the smtp server to send emails. I want to allow only one email
account to send out emails and rest of others can only use POP3 or IMAP.
___
Postfix-users mailin
yes I am using smtps as service name indeed.
and smtps has -o smtpd_sasl_auth_enable=yes enabled.
Thanks peter.
On postfix 3.4 submissions was actually called smtps so you want to
enable it in the smtps section (there won't be a submissions entry in
your master.cf unless you added it).
_
just to clarify, submissions is not required to set for enabling
sasl_auth on port 465/587. i have tested it, no need to set a separated
submissions.
my postfix version:
version 3.4.13
thanks
submissions inet n - y - - smtpd
__
Thank you so much.
This is really important.
>
> Le 24/05/2024 à 14:17, Northwind via Postfix-users a écrit :
>
> >
> > so, in main.cf:
> >
> > smtpd_sasl_auth_enable=no
> >
> > then in master.cf:
> >
> > submission inet n
ehlo localhost.localdomain
250-mx.domain.xyz
250-PIPELINING
250-SIZE
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 CHUNKING
no AUTH was there. so it should be working. :)
if you see AUTH in ehlo results it not done yet
_
my guess, submission clients were using ehlo, and a mx client uses helo
command. so postfix differ them based on this command?
regards.
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@post
root@mx:/etc/postfix# vi main.cf
root@mx:/etc/postfix# vi master.cf
root@mx:/etc/postfix# service postfix restart
i have comment out this line in main.cf:
#smtpd_sasl_auth_enable = yes
And enable this in master.cf:
submission inet n - y - - smtpd
-o smtpd_sasl_aut
so, in main.cf:
smtpd_sasl_auth_enable=no
then in master.cf:
submission inet n - y - - smtpd
-o smtpd_sasl_auth_enable=yes
Am I right? does this disable sasl_auth for port 25, but still authorize
users on port 587/465?
Thanks a lot.
Many moons ago I was tol
do you mean since I have been using postscreen, there is no need to
manually disable authentication on port 25? since postscreen doesn't
have auth support.
Thanks Wietse.
As documnented somewhere, postscreen never announces AUTH support.
___
Postf
Hello,
since my smtp instance is postscreen as showing the follow,
smtp inet n - y - 1 postscreen
How can I disable authentication on port 25 then?
I know if the smtp instance is smtpd, this option should work:
-o smtpd_sasl_auth_enable=no
Thank you.
_
That's great info from all you people. many thanks!
>
> On 23/05/24 19:02, Jaroslaw Rafa via Postfix-users wrote:
>
> >
> > In addition I can add one idea:
> >
> > I have had quite a success with a policy server that rejects all
> > connections
> >
> > on submission ports IF it doesn't f
how to implement that a policy server? thanks.
In addition I can add one idea:
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
Good ideas. thanks a lot Peter.
Things of note from the log entries above:
1/2 of the entries are from the smtp (port 25) service. This service
should be for MX communication only and should not accept
pauthentication. You can eliminate 1/2 of the attempts just by
disabling authenticatio
will this also stop the valid client's SMTP connection? thank you Wietse.
Don't accept mail from home networks. For example, use "reject_dbl_client
zen.spamhaus.org". For this you must use your own DNS resolver,
not the DNSresolver from your ISP.
___
Hello list,
In the last two days, my mail system (small size) met attacks.
mail.log shows a lot of this stuff:
May 23 06:24:29 mx postfix/smtpd[2655149]: warning:
unknown[194.169.175.17]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
May 23 06:24:37 mx postfix/smtps/smtpd[2655958]: warning:
Can I have multi-smtpd instances by updating master.cf?
for example, one instance for handling domain a.com, another instance
for b.com. The two instances have different policies for incoming messages.
Thanks.
Configure a dedicated smtpd servicce in master.cf. Then use
This is most likely the issue of outlook, not yours.
AFAIK outlook has the policy of IP blacklist. Maybe your IP happens to
hit it.
regards.
After a few hundred mails to different addresses who's domains use a
protection.outlook.com MX, the receiving servers respond with "...451
4.7.500 Se
Hello
When postfix delivery messages to local dovecot, how does the
authentication between postfix and dovecot happen?
Thanks.
You mean, Postfix for SMTP, Dovecot for IMAP.
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscrib
22 matches
Mail list logo