Bithead:
> Wietse,
>
> >> # check_sender_accesshash:/etc/posfix/mywhitelist <-- this
> killed
> > the pathname does not exist (you mis-typed it). In addition, you
>
> Ok, that's embarrassing. Thanks for catching it, though. But even so, why
> would pointing to a non-existent file comp
Wietse,
>> # check_sender_accesshash:/etc/posfix/mywhitelist <-- this
killed
> the pathname does not exist (you mis-typed it). In addition, you
Ok, that's embarrassing. Thanks for catching it, though. But even so, why
would pointing to a non-existent file completely halt incoming mail
Great! i got it now. you guys rocks.
by this we will have 3 separate network classes.
1, unauth/local LAN
2. Auth but only to Allowed IP (such as Verison USA 108.44.155.0/24)
3. and rest of them will be excluded from relaying or blocked.
yes i am aware of geo ip list. will try this too.
Thanks
On 2015-04-06 14:27, Muhammad Yousuf Khan wrote:
in light of your above suggestions. i enabled
smtp inet n - - - - smtpd
#smtp inet n - - - 1 postscreen
#smtpd pass - - - - - smtpd
#dnsblo
What I meant is that if your users are on a dynamic IP from a “outside” net,
you can allow that net *in combination* with authentication.
Thus, you will both need to be from the correct net, but also have a valid
username and password.
For example, lets say you have a internal company network on
@Peter
> Right, you really should not be allowing submission on port 25 at all.
>
>
> and is this segregation is a good thought of mine or practical?
>
> Yes
>
> > isn't 465 is useless and can i close this if yes then how?
>
> That depends on if you have users that have very old versions of Outloo
IMHO I find it better to only allow submission from trusted nets. Better to
disable authentication completely, and completely disable mail submission
("relaying") from the "outside".
Thus closing 587 completely.
465 can be good to allow old (or misconfigured) SMTPS servers to send
incoming mail
On 04/06/2015 08:05 PM, Muhammad Yousuf Khan wrote:
> By Peter
> -
>
> What you should be, at the very least, encouraging is STARTTLS over port
> 587. Whether you want to support some very old Outlook clients and
> offer TLS wrappermode over 465 is up to you but it is unli
Thanks Noel and Peter i learned alot from both of your posts.
by Noel
For new installations, it is strongly recommended to require your
customers to use port 587 (or 465) and to disable AUTH on port 25.
can you please refer any document on this or any link. actually this is
what i al
On 06/04/2015 03:54, Viktor Dukhovni
wrote:
On Sat, Apr 04, 2015 at 07:40:33PM +0100, Nick Howitt wrote:
The client I am using is K-9 mail ...
The line I am currently trying in master.cf is:
submission inet n - n
10 matches
Mail list logo
