Hello,
I'm running Postfix 3.1. A telnet connection to port 25 and another to
port 587, does not announce the sasl auth capabilities.
I'd appreciate a sanity check of my configuration done with postconf -n.
Thanks.
Dave.
autoresponder_destination_recipient_limit = 1
biff = no
bounce_template_file = /usr/local/etc/postfix/bounce.cf
broken_sasl_auth_clients = no
command_directory = /usr/local/sbin
compatibility_level = 9999
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
disable_vrfy_command = yes
dovecot_destination_recipient_limit = 1
hash_queue_depth = 2
hash_queue_names = incoming, hold defer deferred
header_checks = pcre:/usr/local/etc/postfix/header_checks,
regexp:/usr/local/etc/postfix/phish419.regexp
html_directory = no
in_flow_delay = 1s
inet_interfaces = xxx.xxx.xxx.xxx, 127.0.0.1
inet_protocols = ipv4
local_recipient_maps =
mail_owner = postfix
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
meta_directory = /usr/local/libexec/postfix
milter_default_action = accept
milter_protocol = 6
mime_header_checks = regexp:/usr/local/etc/postfix/mime_header_checks
mydestination = localhost
mydomain = example.com
myhostname = mail.example.com
mynetworks = 127.0.0.0/8, xxx.xxx.xxx.xxx/32
myorigin = $mydomain
newaliases_path = /usr/local/bin/newaliases
non_smtpd_milters = $smtpd_milters
postscreen_access_list = permit_mynetworks,
cidr:/usr/local/etc/postfix/postscreen_access.cidr,
cidr:/usr/local/etc/postfix/postscreen_spf_whitelist.cidr
postscreen_blacklist_action = drop
postscreen_cache_cleanup_interval = 0
postscreen_cache_map = proxy:btree:${data_directory}/postscreen_cache
postscreen_dnsbl_action = enforce
postscreen_dnsbl_reply_map =
pcre:/usr/local/etc/postfix/postscreen_dnsbl_reply_map.pcre
postscreen_dnsbl_sites = zen.spamhaus.org*3 b.barracudacentral.org*2
bl.spameatingmonkey.net*2 dnsbl.ahbl.org*2 bl.spamcop.net
dnsbl.sorbs.net psbl.surriel.com bl.mailspike.net swl.spamhaus.org*-4
list.dnswl.org=127.[0..255].[0..255].0*-2
list.dnswl.org=127.[0..255].[0..255].1*-3
list.dnswl.org=127.[0..255].[0..255].[2..255]*-4
postscreen_dnsbl_threshold = 3
postscreen_greet_action = enforce
queue_directory = /var/spool/postfix
readme_directory = no
recipient_delimiter = +
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
shlib_directory = /usr/local/lib/postfix
show_user_unknown_table_name = no
smtp_helo_timeout = 60s
smtpd_banner = $myhostname ESMTP
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_helo_required = yes
smtpd_milters = inet:127.0.0.1:8891
smtpd_recipient_restrictions = permit_mynetworks
permit_sasl_authenticated reject_unauth_destination
check_sender_access hash:/usr/local/etc/postfix/safe_addresses
check_sender_access hash:/usr/local/etc/postfix/auto-whtlst
check_client_access cidr:/usr/local/etc/postfix/spamfarms
check_client_access cidr:/usr/local/etc/postfix/sinokorea.cidr
permit_dnswl_client list.dnswl.org=127.0.[2..14].[1..3]
check_reverse_client_hostname_access
pcre:/usr/local/etc/postfix/fqrdns.pcre
reject_unknown_reverse_client_hostname reject_non_fqdn_sender
reject_non_fqdn_helo_hostname reject_invalid_helo_hostname
reject_unknown_helo_hostname reject_unlisted_recipient
reject_rbl_client b.barracudacentral.org reject_rbl_client
zen.spamhaus.org reject_rbl_client psbl.surriel.com reject_rbl_client
bl.spamcop.net reject_rbl_client cbl.abuseat.org reject_rhsbl_client
dbl.spamhaus.org reject_rhsbl_sender dbl.spamhaus.org
reject_rhsbl_helo dbl.spamhaus.org check_policy_service
unix:private/spf-policy check_policy_service inet:127.0.0.1:12345
smtpd_reject_unlisted_sender = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $mydomain
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_soft_error_limit = 3
smtpd_tls_CAfile = /etc/ssl/certs/cacert.crt
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/ssl/certs/server.crt
smtpd_tls_dh1024_param_file = ${config_directory}/dh2048.pem
smtpd_tls_dh512_param_file = ${config_directory}/dh512.pem
smtpd_tls_eecdh_grade = strong
smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK,
aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDB3-SHA, KRB5-DES, CBC3-SHA
smtpd_tls_key_file = /etc/ssl/private/server.key
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_ciphers = medium
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
smtputf8_enable = no
soft_bounce = no
spf-policy_time_limit = 3600s
strict_rfc821_envelopes = yes
tls_preempt_cipherlist = yes
unknown_address_reject_code = 554
unknown_client_reject_code = 554
unknown_hostname_reject_code = 554
unknown_local_recipient_reject_code = 550
virtual_alias_maps =
proxy:mysql:/usr/local/etc/postfix/mysql-virtual-alias-maps.cf,
proxy:mysql:/usr/local/etc/postfix/mysql-virtual-email2email.cf
virtual_gid_maps = static:999
virtual_mailbox_base = /home/vmail
virtual_mailbox_domains =
proxy:mysql:/usr/local/etc/postfix/mysql-virtual-mailbox-domains.cf
virtual_mailbox_limit = 262144000
virtual_mailbox_maps =
proxy:mysql:/usr/local/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_minimum_uid = 999
virtual_transport = dovecot
virtual_uid_maps = static:999
