On Thu, Feb 07, 2013 at 06:22:40PM +0100, deconya wrote:
> smtp_sasl_password_maps = hash:/etc/postfix/relay_passwd
>
> relayhost = [smtp.puc.rediris.es]:25
Don't append :25 set:
relayhost = [smtp.puc.rediris.es]
> smtp_sasl_auth_enable = no
You've disabled SASL.
> smtp_sasl_password_maps = hash:/etc/postfix/relay_passwd
In this table the lookup key should be the verbatim setting of
relayhost:
[smtp.puc.rediris.es] user:pass
> smtp_sasl_security_options = noplaintext, noanonymous
> smtp_sasl_tls_security_options = $smtp_sasl_security_options
> smtp_sasl_tls_verified_security_options =
You only enable plaintext mechanisms (e.g. passwords) with verified
TLS. Are you able to verify the relay's TLS certificate?
> smtp_sasl_type = cyrus
> smtp_sender_dependent_authentication = yes
With this, the password table lookup key is the sender address. Is
that what you're using?
> smtp_tls_CAfile =
> smtp_tls_CApath =
How do you expect to verify the peer certificate? And without
verification, how do you expect to authenticate?
> smtp_tls_enforce_peername = yes
> smtp_use_tls = no
> smtp_tls_security_level =
The first two settings are obsolete. Set "smtp_tls_security_level = secure"
or at least "may" (and then enforce TLS for the relay via the policy table).
> smtp_tls_loglevel = 0
If you're using TLS, the recommended level is 1.
> smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
The session cache database should be in ${data_directory}.
The "smtp_sasl_password_maps" parameter was introduced in snapshot-20000316,
(prior to Postfix 1.0), while "smtp_sender_dependent_authentication"
was introducted in postfix-2.3-20051125 (which later evolved into Postfix 2.3).
--
Viktor.
