Re: only accept EHLO and I see that I refuse a lot of legitimate mail

[fakessh]

I just changed this option

smtp_tls_note_starttls_offer = may

that it's OK or not OK

thanks



Le dimanche 24 avril 2011 22:10, fakessh a écrit :
> hello postfix guru
> hello Wieste and other develloper
>
>
> I already post a question asking for more.
>
> how to allow both HELO and EHLO. I currently only accept EHLO and I see
> that I refuse a lot of legitimate mail
>
>
> my postconf -n
>
> r13151 ~]# postconf -n
> alias_database = hash:/etc/aliases , hash:/etc/postfix/aliases
> alias_maps = hash:/etc/aliases , hash:/etc/postfix/aliases
> body_checks = regexp:/etc/postfix/body_checks.cf
> broken_sasl_auth_clients = yes
> command_directory = /usr/sbin
> config_directory = /etc/postfix
> content_filter = dkimproxy:[127.0.0.1]:10029
> daemon_directory = /usr/libexec/postfix
> data_directory = /var/lib/postfix
> debug_peer_level = 2
> default_privs = nobody
> default_rbl_reply = $rbl_code Service unavailable; $rbl_class [$rbl_what]
> blocked using $rbl_domain${rbl_reason?; $rbl_reason}
> double_bounce_sender = no
> header_checks = regexp:/etc/postfix/header_checks.cf
> home_mailbox = Maildir/
> html_directory = /usr/share/doc/postfix-2.7.3-documentation/html
> in_flow_delay = 10
> inet_interfaces = all
> inet_protocols = all
> local_recipient_maps = unix:passwd.byname $alias_maps
> mail_owner = postfix
> mail_spool_directory = /var/spool/mail
> mailbox_command = /usr/libexec/dovecot/dovecot-lda
> mailq_path = /usr/bin/mailq.postfix
> manpage_directory = /usr/share/man
> message_size_limit = 20480000
> milter_command_timeout = 30s
> milter_connect_macros = j {daemon_name} v
> milter_connect_timeout = 30s
> milter_content_timeout = 300s
> milter_data_macros = i
> milter_end_of_data_macros = i
> milter_end_of_header_macros = i
> milter_helo_macros = {tls_version} {cipher} {cipher_bits} {cert_subject}
> {cert_issuer}
> milter_macro_daemon_name = $myhostname
> milter_macro_v = $mail_name $mail_version
> milter_mail_macros = i {auth_type} {auth_authen} {auth_author} {mail_addr}
> milter_protocol = 2
> milter_rcpt_macros = i {rcpt_addr}
> milter_unknown_command_macros =
> mime_header_checks = regexp:/etc/postfix/mime_header_checks.cf
> mydestination = $myhostname , localhost.$mydomain, r13151.ovh.net
> mydomain = r13151.ovh.net
> mynetworks = 127.0.0.0/8 ,87.98.186.232 , [::1]/128 ,
> [2001:41D0:2:3Dd6::]/64 myorigin = $mydomain
> newaliases_path = /usr/bin/newaliases.postfix
> parent_domain_matches_subdomains =
> queue_directory = /var/spool/postfix
> queue_run_delay = 200s
> readme_directory = /usr/share/doc/postfix-2.7.3-documentation/readme
> recipient_delimiter = +
> relay_domains =
> sample_directory = /usr/share/doc/postfix-2.5.4/samples
> sendmail_path = /usr/sbin/sendmail.postfix
> setgid_group = postdrop
> smtp_sasl_security_options = noanonymous
> smtp_sasl_tls_security_options = noanonymous
> smtp_sender_dependent_authentication = yes
> smtp_tls_loglevel = 3
> smtp_tls_note_starttls_offer = yes
> smtp_tls_session_cache_database =
> btree:/var/lib/postfix/smtp_tls_session_cache
> smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
> smtpd_client_restrictions = permit_mynetworks
> reject_unknown_reverse_client_hostname reject_unauth_pipelining
> reject_non_fqdn_recipient check_client_access
> cidr:/etc/postfix/koreacidr.cidr check_client_access
> cidr:/etc/postfix/chinacidr.cidr check_helo_access
> hash:/etc/postfix/access_client check_helo_access
> hash:/etc/postfix/access_host  check_sender_access
> hash:/etc/postfix/access_client check_sender_access
> hash:/etc/postfix/access_host check_recipient_access
> hash:/etc/postfix/access_client check_recipient_access
> hash:/etc/postfix/access_host check_client_access
> cidr:/etc/postfix/perso_cidr.cidr check_recipient_access
> cidr:/etc/postfix/perso_cidr.cidr check_helo_access
> cidr:/etc/postfix/perso_cidr.cidr check_client_access
> pcre:/etc/postfix/ptr-tld.pcre check_client_access
> cidr:/etc/postfix/sinokorea.cidr check_client_access
> cidr:/etc/postfix/taiwancidr.cidr  check_client_access
> regexp:/etc/postfix/blacklist_clients  check_client_access
> cidr:/etc/postfix/asian-ip.cidr  reject_rbl_client relays.orbs.org
> check_client_access cidr:/etc/postfix/taiwanipblocksreject.cidr
> check_client_access cidr:/etc/postfix/IN_cidr.cidr check_client_access
> cidr:/etc/postfix/BR_cidr.cidr check_client_access
> cidr:/etc/postfix/CN_cidr.cidr check_client_access
> cidr:/etc/postfix/UA_cidr.cidr check_client_access
> cidr:/etc/postfix/TR_cidr.cidr  check_client_access
> cidr:/etc/postfix/VE_cidr.cidr check_client_access
> cidr:/etc/postfix/VN_cidr.cidr   permit
> smtpd_data_restrictions = reject_unauth_pipelining
> smtpd_helo_restrictions = permit_mynetworks check_helo_access
> cidr:/etc/postfix/koreacidr.cidr check_helo_access
> cidr:/etc/postfix/chinacidr.cidr check_helo_access
> hash:/etc/postfix/access_client check_helo_access
> hash:/etc/postfix/access_host  check_helo_access
> hash:/etc/postfix/access_client check_helo_access
> hash:/etc/postfix/access_host check_helo_access
> hash:/etc/postfix/access_client check_helo_access
> hash:/etc/postfix/access_host check_helo_access
> cidr:/etc/postfix/perso_cidr.cidr check_helo_access
> pcre:/etc/postfix/ptr-tld.pcre check_helo_access
> cidr:/etc/postfix/sinokorea.cidr check_helo_access
> cidr:/etc/postfix/taiwancidr.cidr  check_helo_access
> regexp:/etc/postfix/blacklist_clients  check_helo_access
> cidr:/etc/postfix/asian-ip.cidr  check_helo_access
> cidr:/etc/postfix/taiwanipblocksreject.cidr  check_helo_access
> cidr:/etc/postfix/IN_cidr.cidr check_helo_access
> cidr:/etc/postfix/BR_cidr.cidr check_helo_access
> cidr:/etc/postfix/CN_cidr.cidr check_helo_access
> cidr:/etc/postfix/UA_cidr.cidr check_helo_access
> cidr:/etc/postfix/TR_cidr.cidr  check_helo_access
> cidr:/etc/postfix/VE_cidr.cidr check_helo_access
> cidr:/etc/postfix/VN_cidr.cidr  reject_unauth_pipelining
> reject_invalid_hostname  permit
> smtpd_milters = unix:/var/spool/MIMEDefang/mimedefang.sock
> smtpd_recipient_restrictions = permit_mynetworks  permit_inet_interfaces
> permit_sasl_authenticated  reject_unverified_recipient
> reject_non_fqdn_sender reject_non_fqdn_recipient
> reject_unknown_sender_domain
> reject_unknown_recipient_domain reject_unknown_reverse_client_hostname
> reject_unauth_destination reject_unauth_pipelining reject_rbl_client
> zen.spamhaus.org reject_sender_login_mismatch check_policy_service
> unix:postgrey/socket reject_rhsbl_sender dbl.spamhaus.org reject_rbl_client
> bl.spamcop.net  reject_rbl_client cbl.abuseat.org  reject_rbl_client
> b.barracudacentral.org check_client_access hash:/etc/postfix/whitelist
> reject_rhsbl_helo dbl.spamhaus.org  reject_rhsbl_client dbl.spamhaus.org
> reject_unknown_helo_hostname reject_invalid_helo_hostname
> reject_non_fqdn_helo_hostname  check_client_access
> pcre:/etc/postfix/ptr-tld.pcre check_client_access
> cidr:/etc/postfix/sinokorea.cidr check_client_access
> cidr:/etc/postfix/taiwancidr.cidr  check_client_access
> regexp:/etc/postfix/blacklist_clients  check_client_access
> cidr:/etc/postfix/asian-ip.cidr  reject_rbl_client relays.orbs.org
> check_client_access cidr:/etc/postfix/IN_cidr.cidr check_client_access
> cidr:/etc/postfix/BR_cidr.cidr check_client_access
> cidr:/etc/postfix/CN_cidr.cidr check_client_access
> cidr:/etc/postfix/UA_cidr.cidr check_client_access
> cidr:/etc/postfix/TR_cidr.cidr  check_client_access
> cidr:/etc/postfix/VE_cidr.cidr check_client_access
> cidr:/etc/postfix/VN_cidr.cidr  check_client_access
> cidr:/etc/postfix/perso_cidr.cidr check_sender_mx_access
> cidr:/etc/postfix/perso_cidr.cidr check_recipient_mx_access
> cidr:/etc/postfix/perso_cidr.cidr  check_recipient_access
> cidr:/etc/postfix/perso_cidr.cidr check_helo_access
> cidr:/etc/postfix/perso_cidr.cidr  check_client_access
> hash:/etc/postfix/access_host check_recipient_mx_access
> hash:/etc/postfix/access_host check_sender_mx_access
> hash:/etc/postfix/access_host  check_client_access
> hash:/etc/postfix/access_client check_recipient_access
> hash:/etc/postfix/access_host check_recipient_access
> hash:/etc/postfix/access_client check_sender_access
> hash:/etc/postfix/access_host check_sender_access
> hash:/etc/postfix/access_client check_helo_access
> hash:/etc/postfix/access_host  check_helo_access
> hash:/etc/postfix/access_client  check_client_access
> cidr:/etc/postfix/chinacidr.cidr check_client_access
> cidr:/etc/postfix/koreacidr.cidr reject_rbl_client zen.spamhaus.org
> reject_rbl_client psbl.surriel.com reject_rhsbl_client dbl.spamhaus.org
> reject_rhsbl_sender dbl.spamhaus.org reject_rhsbl_helo dbl.spamhaus.org
> check_policy_service unix:private/spfpolicy
> smtpd_reject_unlisted_sender = no
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_authenticated_header = yes
> smtpd_sasl_local_domain = $myhostname
> smtpd_sasl_path = private/auth
> smtpd_sasl_type = dovecot
> smtpd_sender_restrictions = reject_unknown_sender_domain
> smtpd_tls_CAfile = /etc/pki/tls/certs/class3.crt
> smtpd_tls_ask_ccert = yes
> smtpd_tls_auth_only = yes
> smtpd_tls_cert_file = /etc/pki/tls/certs/r13151.ovh.net.cert
> smtpd_tls_key_file = /etc/pki/tls/private/r13151.ovh.net.key
> smtpd_tls_received_header = yes
> smtpd_tls_req_ccert = no
> smtpd_tls_security_level = may
> smtpd_tls_session_cache_database =
> btree:/var/lib/postfix/smtpd_tls_session_cache
> smtpd_use_tls = yes
> soft_bounce = no
> tls_random_source = dev:/dev/urandom
> unknown_local_recipient_reject_code = 550
> virtual_alias_domains = renelacroute.fr , nicolaspichot.fr , fakessh.eu
> virtual_alias_maps = hash:/etc/postfix/virtual
> virtual_transport = dovecot

-- 
 http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7
 gpg --keyserver pgp.mit.edu --recv-key 092164A7

pgpFO1kuvKfKM.pgp
Description: PGP signature