-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
> Am 20.07.2014 01:11, schrieb nobody73:
>> I have a postfix server i'd use as mobile user wherever i may be.
>> It has a static public ip/28 network interface and i want smtp to
>> use sasl/ssl authenticated connection with its relay_host
>> provider and no authentication for smtpd but still ssl
>
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
debug_peer_level = 1
disable_dns_lookups = yes
disable_vrfy_command = yes
inet_interfaces = all
mailbox_size_limit = 0
mydestination = $myhostname, $mydomain, localhost.$mydomain, localhost
mydomain = mydomainname.org
myhostname = myhostname.org
mynetworks = xx.xxx.xx.xxx/32, 127.0.0.0/8 [::ffff:127.0.0.0]/104
[::1]/128
myorigin = $mydomain
readme_directory = no
recipient_delimiter = +
relayhost = [smtp.relay.host]
smtp_sasl_auth_enable = yes
smtp_sasl_mechanism_filter = plain login
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options =
smtp_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtp_tls_cert_file = /etc/postfix/ssl/cert.pem
smtp_tls_key_file = /etc/postfix/ssl/key.pem
smtp_tls_note_starttls_offer = yes
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP $mail_name (Hell/Awaits)
smtpd_recipient_restrictions = permit_mynetworks,
reject_unauth_destination
smtpd_sasl_auth_enable = no
smtpd_sasl_authenticated_header = no
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options =
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_cert_file = /etc/postfix/ssl/cert.pem
smtpd_tls_key_file = /etc/postfix/ssl/key.pem
smtpd_tls_loglevel = 2
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
transport_maps = hash:/etc/postfix/transport look
Saslauthd looks good:
testsaslauthd -u user -p p4ssw0rd
0: OK "Success."
The above test just to make you sure saslauthd is working
>
>> Now i show you postfix mail.log while i connect from my laptop
>> with a mail from ggmail address:
>>
>> http://pastebin.pw/9m2fxh
>
> while still nobody cares ofr pastebin that is a *debug log* don't
> enable debuglogs unless not advised to do so nobody reads that
> mess of thounsads lines with no relevant information
Ok,
these the logs while connecting from my laptop:
Jul 20 15:17:15 frozenstar postfix/smtpd[11768]: connect from
xxx.yyyyyyyy.zzz[11.22.11.22]
Jul 20 15:17:51 frozenstar postfix/smtpd[11768]: lost connection after
UNKNOWN from xxx.yyyyyyyy.zzz[11.22.11.22]
Jul 20 15:17:51 frozenstar postfix/smtpd[11768]: disconnect from
xxx.yyyyyyyy.zzz[11.22.11.22]
I think postfix have proper configuration measures against spam,
saslauthd is not the only way to handle it .
But i'm interested in both passwordless and authenticated
possibilities and than choose the best for me.
Best regards
Gab
- --
Key fingerprint = D8E8 7374 49EA 8017 EC52 AD73 0294 F341 FF66 9495
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iF4EAREKAAYFAlPLzVkACgkQApTzQf9mlJVzrwD+K2AEFjCAs9SmhMyZ4TOCIYIy
WGXzpyr6v1lZu4asEGcA/iYC0FDpJbwVa6rbDzzMUaMCNZ17Uqut9nVg9URkTAka
=+uw1
-----END PGP SIGNATURE-----
