>> Got it. Your explanations are positively lucid. >> >> I added this to /etc/postifx/main.cf: >> >> postscreen_greet_action = enforce >> postscreen_pipelining_enable = yes >> postscreen_pipelining_action = enforce >> postscreen_non_smtp_command_enable = yes >> postscreen_non_smtp_command_action = enforce >> postscreen_bare_newline_enable = yes >> postscreen_bare_newline_action = enforce >> >> and I commented this and restarted postfix: >> >> #check_policy_service inet:127.0.0.1:10030 >> >> Should this effectively disable postgrey and enable postscreen? >> > > That will disable postgrey, but isn't enough to enable postscreen. There > are a couple of daemons you have to enable in master.cf (steps 2 through 6): > > http://www.postfix.org/POSTSCREEN_README.html#enable > > That README refers to lines that are commented-out in master.cf; of > course, if you've upgraded from an earlier of postfix, you won't have them. > > What I did was to untar the latest postfix release under my home > directory, and find the master.cf that ships with it. Then, I > copy/pasted the lines mentioned in the README over to my real master.cf. > > After a restart, you should see lines like this in your mail log: > > Dec 6 03:13:46 mx1 postfix/postscreen[2810]: CONNECT from ... > > that let you know its' working.
Do you know how smtps comes into play? Right now I've got the following uncommented in master.cf: smtp inet n - n - - smtpd smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes Should I write an smtpsd line or does tlsproxy make that unnecessary? - Grant
