what have "smtp_tls_note_starttls_offer" to do with EHLO/HELO and what have smtp_*-commands to do with receive?
why you are using so complex EHLO-restrictions?
the following should be enough!
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks
reject_non_fqdn_helo_hostname
reject_invalid_helo_hostname
reject_unknown_helo_hostname
Am 24.04.2011 22:37, schrieb fakessh:
> I just changed this option
>
> smtp_tls_note_starttls_offer = may
>
> that it's OK or not OK
>
> thanks
>
>
>
> Le dimanche 24 avril 2011 22:10, fakessh a écrit :
>> hello postfix guru
>> hello Wieste and other develloper
>>
>>
>> I already post a question asking for more.
>>
>> how to allow both HELO and EHLO. I currently only accept EHLO and I see
>> that I refuse a lot of legitimate mail
>>
>>
>> my postconf -n
>>
>> r13151 ~]# postconf -n
>> alias_database = hash:/etc/aliases , hash:/etc/postfix/aliases
>> alias_maps = hash:/etc/aliases , hash:/etc/postfix/aliases
>> body_checks = regexp:/etc/postfix/body_checks.cf
>> broken_sasl_auth_clients = yes
>> command_directory = /usr/sbin
>> config_directory = /etc/postfix
>> content_filter = dkimproxy:[127.0.0.1]:10029
>> daemon_directory = /usr/libexec/postfix
>> data_directory = /var/lib/postfix
>> debug_peer_level = 2
>> default_privs = nobody
>> default_rbl_reply = $rbl_code Service unavailable; $rbl_class [$rbl_what]
>> blocked using $rbl_domain${rbl_reason?; $rbl_reason}
>> double_bounce_sender = no
>> header_checks = regexp:/etc/postfix/header_checks.cf
>> home_mailbox = Maildir/
>> html_directory = /usr/share/doc/postfix-2.7.3-documentation/html
>> in_flow_delay = 10
>> inet_interfaces = all
>> inet_protocols = all
>> local_recipient_maps = unix:passwd.byname $alias_maps
>> mail_owner = postfix
>> mail_spool_directory = /var/spool/mail
>> mailbox_command = /usr/libexec/dovecot/dovecot-lda
>> mailq_path = /usr/bin/mailq.postfix
>> manpage_directory = /usr/share/man
>> message_size_limit = 20480000
>> milter_command_timeout = 30s
>> milter_connect_macros = j {daemon_name} v
>> milter_connect_timeout = 30s
>> milter_content_timeout = 300s
>> milter_data_macros = i
>> milter_end_of_data_macros = i
>> milter_end_of_header_macros = i
>> milter_helo_macros = {tls_version} {cipher} {cipher_bits} {cert_subject}
>> {cert_issuer}
>> milter_macro_daemon_name = $myhostname
>> milter_macro_v = $mail_name $mail_version
>> milter_mail_macros = i {auth_type} {auth_authen} {auth_author} {mail_addr}
>> milter_protocol = 2
>> milter_rcpt_macros = i {rcpt_addr}
>> milter_unknown_command_macros =
>> mime_header_checks = regexp:/etc/postfix/mime_header_checks.cf
>> mydestination = $myhostname , localhost.$mydomain, r13151.ovh.net
>> mydomain = r13151.ovh.net
>> mynetworks = 127.0.0.0/8 ,87.98.186.232 , [::1]/128 ,
>> [2001:41D0:2:3Dd6::]/64 myorigin = $mydomain
>> newaliases_path = /usr/bin/newaliases.postfix
>> parent_domain_matches_subdomains =
>> queue_directory = /var/spool/postfix
>> queue_run_delay = 200s
>> readme_directory = /usr/share/doc/postfix-2.7.3-documentation/readme
>> recipient_delimiter = +
>> relay_domains =
>> sample_directory = /usr/share/doc/postfix-2.5.4/samples
>> sendmail_path = /usr/sbin/sendmail.postfix
>> setgid_group = postdrop
>> smtp_sasl_security_options = noanonymous
>> smtp_sasl_tls_security_options = noanonymous
>> smtp_sender_dependent_authentication = yes
>> smtp_tls_loglevel = 3
>> smtp_tls_note_starttls_offer = yes
>> smtp_tls_session_cache_database =
>> btree:/var/lib/postfix/smtp_tls_session_cache
>> smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
>> smtpd_client_restrictions = permit_mynetworks
>> reject_unknown_reverse_client_hostname reject_unauth_pipelining
>> reject_non_fqdn_recipient check_client_access
>> cidr:/etc/postfix/koreacidr.cidr check_client_access
>> cidr:/etc/postfix/chinacidr.cidr check_helo_access
>> hash:/etc/postfix/access_client check_helo_access
>> hash:/etc/postfix/access_host check_sender_access
>> hash:/etc/postfix/access_client check_sender_access
>> hash:/etc/postfix/access_host check_recipient_access
>> hash:/etc/postfix/access_client check_recipient_access
>> hash:/etc/postfix/access_host check_client_access
>> cidr:/etc/postfix/perso_cidr.cidr check_recipient_access
>> cidr:/etc/postfix/perso_cidr.cidr check_helo_access
>> cidr:/etc/postfix/perso_cidr.cidr check_client_access
>> pcre:/etc/postfix/ptr-tld.pcre check_client_access
>> cidr:/etc/postfix/sinokorea.cidr check_client_access
>> cidr:/etc/postfix/taiwancidr.cidr check_client_access
>> regexp:/etc/postfix/blacklist_clients check_client_access
>> cidr:/etc/postfix/asian-ip.cidr reject_rbl_client relays.orbs.org
>> check_client_access cidr:/etc/postfix/taiwanipblocksreject.cidr
>> check_client_access cidr:/etc/postfix/IN_cidr.cidr check_client_access
>> cidr:/etc/postfix/BR_cidr.cidr check_client_access
>> cidr:/etc/postfix/CN_cidr.cidr check_client_access
>> cidr:/etc/postfix/UA_cidr.cidr check_client_access
>> cidr:/etc/postfix/TR_cidr.cidr check_client_access
>> cidr:/etc/postfix/VE_cidr.cidr check_client_access
>> cidr:/etc/postfix/VN_cidr.cidr permit
>> smtpd_data_restrictions = reject_unauth_pipelining
>> smtpd_helo_restrictions = permit_mynetworks check_helo_access
>> cidr:/etc/postfix/koreacidr.cidr check_helo_access
>> cidr:/etc/postfix/chinacidr.cidr check_helo_access
>> hash:/etc/postfix/access_client check_helo_access
>> hash:/etc/postfix/access_host check_helo_access
>> hash:/etc/postfix/access_client check_helo_access
>> hash:/etc/postfix/access_host check_helo_access
>> hash:/etc/postfix/access_client check_helo_access
>> hash:/etc/postfix/access_host check_helo_access
>> cidr:/etc/postfix/perso_cidr.cidr check_helo_access
>> pcre:/etc/postfix/ptr-tld.pcre check_helo_access
>> cidr:/etc/postfix/sinokorea.cidr check_helo_access
>> cidr:/etc/postfix/taiwancidr.cidr check_helo_access
>> regexp:/etc/postfix/blacklist_clients check_helo_access
>> cidr:/etc/postfix/asian-ip.cidr check_helo_access
>> cidr:/etc/postfix/taiwanipblocksreject.cidr check_helo_access
>> cidr:/etc/postfix/IN_cidr.cidr check_helo_access
>> cidr:/etc/postfix/BR_cidr.cidr check_helo_access
>> cidr:/etc/postfix/CN_cidr.cidr check_helo_access
>> cidr:/etc/postfix/UA_cidr.cidr check_helo_access
>> cidr:/etc/postfix/TR_cidr.cidr check_helo_access
>> cidr:/etc/postfix/VE_cidr.cidr check_helo_access
>> cidr:/etc/postfix/VN_cidr.cidr reject_unauth_pipelining
>> reject_invalid_hostname permit
>> smtpd_milters = unix:/var/spool/MIMEDefang/mimedefang.sock
>> smtpd_recipient_restrictions = permit_mynetworks permit_inet_interfaces
>> permit_sasl_authenticated reject_unverified_recipient
>> reject_non_fqdn_sender reject_non_fqdn_recipient
>> reject_unknown_sender_domain
>> reject_unknown_recipient_domain reject_unknown_reverse_client_hostname
>> reject_unauth_destination reject_unauth_pipelining reject_rbl_client
>> zen.spamhaus.org reject_sender_login_mismatch check_policy_service
>> unix:postgrey/socket reject_rhsbl_sender dbl.spamhaus.org reject_rbl_client
>> bl.spamcop.net reject_rbl_client cbl.abuseat.org reject_rbl_client
>> b.barracudacentral.org check_client_access hash:/etc/postfix/whitelist
>> reject_rhsbl_helo dbl.spamhaus.org reject_rhsbl_client dbl.spamhaus.org
>> reject_unknown_helo_hostname reject_invalid_helo_hostname
>> reject_non_fqdn_helo_hostname check_client_access
>> pcre:/etc/postfix/ptr-tld.pcre check_client_access
>> cidr:/etc/postfix/sinokorea.cidr check_client_access
>> cidr:/etc/postfix/taiwancidr.cidr check_client_access
>> regexp:/etc/postfix/blacklist_clients check_client_access
>> cidr:/etc/postfix/asian-ip.cidr reject_rbl_client relays.orbs.org
>> check_client_access cidr:/etc/postfix/IN_cidr.cidr check_client_access
>> cidr:/etc/postfix/BR_cidr.cidr check_client_access
>> cidr:/etc/postfix/CN_cidr.cidr check_client_access
>> cidr:/etc/postfix/UA_cidr.cidr check_client_access
>> cidr:/etc/postfix/TR_cidr.cidr check_client_access
>> cidr:/etc/postfix/VE_cidr.cidr check_client_access
>> cidr:/etc/postfix/VN_cidr.cidr check_client_access
>> cidr:/etc/postfix/perso_cidr.cidr check_sender_mx_access
>> cidr:/etc/postfix/perso_cidr.cidr check_recipient_mx_access
>> cidr:/etc/postfix/perso_cidr.cidr check_recipient_access
>> cidr:/etc/postfix/perso_cidr.cidr check_helo_access
>> cidr:/etc/postfix/perso_cidr.cidr check_client_access
>> hash:/etc/postfix/access_host check_recipient_mx_access
>> hash:/etc/postfix/access_host check_sender_mx_access
>> hash:/etc/postfix/access_host check_client_access
>> hash:/etc/postfix/access_client check_recipient_access
>> hash:/etc/postfix/access_host check_recipient_access
>> hash:/etc/postfix/access_client check_sender_access
>> hash:/etc/postfix/access_host check_sender_access
>> hash:/etc/postfix/access_client check_helo_access
>> hash:/etc/postfix/access_host check_helo_access
>> hash:/etc/postfix/access_client check_client_access
>> cidr:/etc/postfix/chinacidr.cidr check_client_access
>> cidr:/etc/postfix/koreacidr.cidr reject_rbl_client zen.spamhaus.org
>> reject_rbl_client psbl.surriel.com reject_rhsbl_client dbl.spamhaus.org
>> reject_rhsbl_sender dbl.spamhaus.org reject_rhsbl_helo dbl.spamhaus.org
>> check_policy_service unix:private/spfpolicy
>> smtpd_reject_unlisted_sender = no
>> smtpd_sasl_auth_enable = yes
>> smtpd_sasl_authenticated_header = yes
>> smtpd_sasl_local_domain = $myhostname
>> smtpd_sasl_path = private/auth
>> smtpd_sasl_type = dovecot
>> smtpd_sender_restrictions = reject_unknown_sender_domain
>> smtpd_tls_CAfile = /etc/pki/tls/certs/class3.crt
>> smtpd_tls_ask_ccert = yes
>> smtpd_tls_auth_only = yes
>> smtpd_tls_cert_file = /etc/pki/tls/certs/r13151.ovh.net.cert
>> smtpd_tls_key_file = /etc/pki/tls/private/r13151.ovh.net.key
>> smtpd_tls_received_header = yes
>> smtpd_tls_req_ccert = no
>> smtpd_tls_security_level = may
>> smtpd_tls_session_cache_database =
>> btree:/var/lib/postfix/smtpd_tls_session_cache
>> smtpd_use_tls = yes
>> soft_bounce = no
>> tls_random_source = dev:/dev/urandom
>> unknown_local_recipient_reject_code = 550
>> virtual_alias_domains = renelacroute.fr , nicolaspichot.fr , fakessh.eu
>> virtual_alias_maps = hash:/etc/postfix/virtual
>> virtual_transport = dovecot
signature.asc
Description: OpenPGP digital signature
