why do you reply off-list and top-posting? Am 26.04.2014 18:32, schrieb Victor Faur: > Ok, I get it now. I left the wrapper on port 587 and used starttls on 465, I > had no idea that the two don't mix
that's why you should start with reading the manuals before acting > (ps, for port 25 I just copy/pasted, wasn't going to leave encryption on, it > was just for testing) bad enough > Configuration now looks like : > > 25 inet n - n - - smtpd -o smtpd_sasl_auth_enable=yes -o > smtpd_client_restrictions=permit_sasl_authenticated,permit_mynetworks,check_ > relay_domains,reject_unauth_destination,reject > 587 inet n - n - - smtpd -o smtpd_enforce_tls=yes -o > smtpd_tls_wrappermode=yes -o smtpd_tls_security_level=encrypt -o > smtpd_sasl_auth_enable=yes -o > smtpd_client_restrictions=permit_sasl_authenticated,permit_mynetworks,check_ > relay_domains,reject_unauth_destination,reject > 465 inet n - n - - smtpd -o smtpd_enforce_tls=yes -o > smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o > smtpd_client_restrictions=permit_sasl_authenticated,permit_mynetworks,check_ > relay_domains,reject_unauth_destination,reject > > Any idea how to add rbl checks in those lines without getting the startup > errors ? maybe it would be helpful to post "the startup errors" just guessing: you can't use options with spaces in master.cf, look below why you are packing all in master.cf instead just main.cf - above you are repeating most restricitions identical for all listeners - maintainance nightmare main.cf: mynamed_smtpd_recipient_restrictions = complete-set-of-restrictions master.cf: -o smtpd_recipient_restrictions=$mynamed_smtpd_recipient_restrictions > Thanks for the help, and sorry for the dumb questions, I'm pretty new in > postfix. here you go as a good start: http://www.postfix.org/documentation.html > -----Original Message----- > From: owner-postfix-us...@postfix.org > [mailto:owner-postfix-us...@postfix.org] On Behalf Of li...@rhsoft.net > Sent: Saturday, April 26, 2014 7:14 PM > To: postfix-users@postfix.org > Subject: Re: both ssl and tls authentification in postfix > > Am 26.04.2014 18:04, schrieb Victor Faur: >> 25 inet n - n - - smtpd -o smtpd_enforce_tls=yes -o >> smtpd_sasl_auth_enable=yes -o >> smtpd_client_restrictions=permit_sasl_authenticated,permit_mynetworks, >> check_ relay_domains,reject_unauth_destination,reject >> 587 inet n - n - - smtpd -o smtpd_enforce_tls=yes -o >> smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o >> smtpd_client_restrictions=permit_sasl_authenticated,reject >> 465 inet n - n - - smtpd -o smtpd_enforce_tls=yes -o >> smtpd_sasl_auth_enable=yes -o >> smtpd_client_restrictions=permit_sasl_authenticated,reject >> >> TLS working, SSL not > > beside the wrong talking about SSL and TLS because both are TLS which is > nothing more than SSL >= 3.1 - you can google that > > port 465 needs -o smtpd_tls_wrappermode=yes and please google for the > differences between STARTTLS and wrappermode, this is something you should > really understand if you maintain servers > > BTW: > smtpd_enforce_tls=yes on port 25 is pretty dumb if it is a public MX because > you can't demand the sender that his server supports encryption for outgoing > mails
