[pfx] Re: ignored: no SASL support
Do you mean that, I should put that option in master.cf and the config should be like: smtps inet n - y - - smtpd -o syslog_name=postfix/smtps -o smtpd_sender_login_maps = hash:/etc/postfix/controlled_envelope_senders ... Am I right? thank you in advance. Viktor Dukhovni via Postfix-users: The SASL-related restrictions should only be used on the submission ports 465 and 587. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: ignored: no SASL support
But I have to disable sasl on port 25. And I did enable sasl on port 465 (smtps). So I think the option 'smtpd_sender_login_maps' should be put in master.cf in smtps section. Am i right? Patrick Ben Koetter via Postfix-users: Enable SASL in Postfix' smtpd server. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: ignored: no SASL support
Hello victor,
Thank you so much for the help. Now I have resolved the issue. The logs
show nothing that error for now.
Aug 28 06:15:49 linuxmail postfix/smtpd[39646]: connect from
mail-oo1-f65.google.com[209.85.161.65]
Aug 28 06:15:49 linuxmail policyd-spf[39652]: prepend Received-SPF: Pass
(mailfrom) identity=mailfrom; client-ip=209.85.161.65;
helo=mail-oo1-f65.google.com; envelope-from=x...@gmail.com;
receiver=
Aug 28 06:15:50 linuxmail postfix/smtpd[39646]: 2B34380410:
client=mail-oo1-f65.google.com[209.85.161.65]
Aug 28 06:15:50 linuxmail postfix/cleanup[39653]: 2B34380410:
message-id=
What I have done is remove "reject_sender_login_mismatch" from main.cf
of this location,
smtpd_recipient_restrictions =
check_policy_service { unix:ratelimit/policy, default_action=DUNNO },
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
check_policy_service { unix:private/policyd-spf, default_action=DUNNO }
And put it into master.cf in smtps section:
smtps inet n - y - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o reject_sender_login_mismatch=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_reject_unlisted_recipient=no
-o smtpd_client_restrictions=$mua_client_restrictions
-o smtpd_helo_restrictions=$mua_helo_restrictions
-o smtpd_sender_restrictions=$mua_sender_restrictions
-o smtpd_recipient_restrictions=
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
After restart postfix, everything seems to be working.
Thanks.
Viktor Dukhovni via Postfix-users:
The problem IS NOT with defining the "login_maps" table, rather it is
with attempting to use the associated restriction!
reject_sender_login_mismatch
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: ignored: no SASL support
Thanks victor. i have followed your suggestion to fix it up. regards. Viktor Dukhovni via Postfix-users: That parameter assignment serves no purpose. "reject_sender_login_mismatch" is an action (verb) for use a restriction list. It isn't a boolean configuration parameter (noun) ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] smtps options question
Hello community, Today I found a strange event. when I used these options (defaut) for smtps,reject_sender_login_mismatch won't work. smtps inet n - y - - smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_reject_unlisted_recipient=no -o smtpd_client_restrictions=$mua_client_restrictions -o smtpd_helo_restrictions=$mua_helo_restrictions -o smtpd_sender_restrictions=$mua_sender_restrictions -o smtpd_recipient_restrictions= -o smtpd_relay_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING But, if I was using these options below, reject_sender_login_mismatch did work. smtps inet n - y - - smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_relay_restrictions=permit_sasl_authenticated,reject -o smtpd_sasl_type=dovecot -o smtpd_sasl_path=private/auth The main.cf was unchanged when updating master.cf. Can you help me with it? Thank you. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Postfix SMTP with multiple MX and multiple servers each
IIRC for the group of IPs with the same weight, Postfix put them into a array with max size 8, and pick up one from the array by round robin. On 2024-09-03 05:35, Pedro David Marco via Postfix-users wrote: Hi everybody... i think Wietse has explaned this before, but i cannot find the posts, so please excuse with me if i ask this again. I would like to clearify with myslef how Postfix smtp daemon deals with remote MXs of a destination. 1.- When there are different MX with different weight but the DNS shows them in different order every time..: does postfix consider the weigth despite the order they are showed? and what happens when two MX has same weigth? 2.- When each MX point to multiple servers, i guess Postifx takes always the first server from the list, is this correct? what happens if this server does not work? does Postfix takes the next server in this list or will Postfix discard this list and go for the next MX? Thanks in advance! Pete. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org -- linuxmail.cc - email powered by linux, postfix and dovecot ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] question about unlisted
Hello, In my main.cf I have this setting, smtpd_reject_unlisted_sender = yes which I know the reason for existing. But in master.cf I see this option, submission inet n - y - - smtpd -o smtpd_reject_unlisted_recipient=no ... why set smtpd_reject_unlisted_recipient=no here? I guess it should be 'yes' too. Thank you. -- linuxmail.cc - email powered by linux, postfix and dovecot ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Rejecting by top level domain?
how about setup a whitelist domains list? for instance, only allow .com, .net, .org, .de, .ca and some coutries TLD to be passed through. Phil Stracchino via Postfix-users: There are a few ccTLDs that I block completely (looks like four), all of them problematic ccTLDs from which I have only ever seen clearly malicious mail. I *do* however block a list of about thirty or so junk "new" TLDs that were consistent spam sources, but with occasional whitelisting of legitimate domains within even those. (For instance I currently block .shop *except for* wandering.shop, which is widely used by other writers.) ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: struggling with smtpd_tls_security_level = encrypt - 5.7.0 Must issue a STARTTLS command first
Viktor Dukhovni via Postfix-users: Don't set smtpd_tls_security_level = encrypt in main.cf. Instead use a master.cf override for just the port 25 service: smtp inet n - n - - smtpd -o smtpd_tls_security_level=encrypt I am using postscreen, how do I define that? Thanks. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
