[pfx] Re: Postfix 3.9's smtpd_forbid_unauth_pipelining

2024-03-07 Thread Grant Gryczan via Postfix-users
Never mind! Found my answer in the first announcement on SMTP Smuggling (in the postfix-announce mailing list): it does, in fact, make "reject_unauth_pipelining" redundant, as expected. On Thu, Mar 7, 2024 at 5:03 AM Grant Gryczan wrote: > Hello, > > Does the new smtpd_forbi

[pfx] Postfix 3.9's smtpd_forbid_unauth_pipelining

2024-03-07 Thread Grant Gryczan via Postfix-users
trictions> = reject_unauth_pipelining <https://www.postfix.org/postconf.5.html#reject_unauth_pipelining> I'm wondering if this new option, when set to its default value of "yes", would make the above setting redundant now. (Never used a mailing list before, forgive me if I&

Re: Relay via command-line MTA instead of 'relayhost' SMTP server?

2018-01-19 Thread Grant Edwards
On 2018-01-20, Viktor Dukhovni wrote: >> On Jan 19, 2018, at 6:10 PM, Grant Edwards wrote: >> >>> Note that with my suggestion to override "default_transport" not only the >>> original messages, but also any bounces or delay notifications go out via >

Re: Relay via command-line MTA instead of 'relayhost' SMTP server?

2018-01-19 Thread Grant Edwards
On 2018-01-19, Viktor Dukhovni wrote: > > >> On Jan 19, 2018, at 5:48 PM, Grant Edwards wrote: >> >> >> It does some stuff via the ssh-2 protocol. > > Note that with my suggestion to override "default_transport" not only the > original message

Re: Relay via command-line MTA instead of 'relayhost' SMTP server?

2018-01-19 Thread Grant Edwards
On 2018-01-19, Matus UHLAR - fantomas wrote: > On 19.01.18 19:15, Grant Edwards wrote: >>Becuase postfix doesn't implement the protocols used by that >>command-line utility to transfer the mail to another server via the >>network. > > which one is that? It does s

Re: Relay via command-line MTA instead of 'relayhost' SMTP server?

2018-01-19 Thread Grant Edwards
On 2018-01-19, Viktor Dukhovni wrote: > On Fri, Jan 19, 2018 at 06:45:29PM +0000, Grant Edwards wrote: > >> > That'd be magic. How exactly is the command-line MTA supposed to >> > get the mail "relayed" without connecting to a remote host? >> >

Re: Relay via command-line MTA instead of 'relayhost' SMTP server?

2018-01-19 Thread Grant Edwards
On 2018-01-19, Ralph Seichter wrote: > On 19.01.18 19:45, Grant Edwards wrote: > >> Let's not worry about how the command-line MTA works. It has the same >> usage as /usr/bin/sendmail and it works. What I am asking for is an >> SMTP relay server that will rel

Re: Relay via command-line MTA instead of 'relayhost' SMTP server?

2018-01-19 Thread Grant Edwards
On 2018-01-19, Viktor Dukhovni wrote: > > >> On Jan 19, 2018, at 1:15 PM, Grant Edwards wrote: >> >> I'm trying to figure out how to set up an SMTP server that accepts >> incoming mail and relays it by invoking a command-line MTA >> (e.g. /usr/bin/send

Relay via command-line MTA instead of 'relayhost' SMTP server?

2018-01-19 Thread Grant Edwards
I'm trying to figure out how to set up an SMTP server that accepts incoming mail and relays it by invoking a command-line MTA (e.g. /usr/bin/sendmail or equivalent) instead of connecting to a 'smarthost' SMTP server. Can Postfix do that? -- Grant Edwards grant.b.edw

Re: Deliver mail from ssmtp without authenticating?

2015-08-31 Thread Grant
es > this rather simple to implement as you already have the requisite > accounts and passwords configured. OK, SASL it is. I'm actually already using saslauthd but was hoping I could turn it off since I'm using webmail now. Is switching from saslauthd to dovecot's SASL a worthwhile endeavor if I'm already using dovecot for IMAP? - Grant

Security & Compatibility

2015-05-23 Thread Grant
one for postfix? - Grant

Re: POODLE: smtpd_tls_mandatory_protocols question

2014-10-16 Thread Grant
use cleartext with SSLv3-only SMTP peers. Wouldn't these used in combination require TLS for authentication? smtpd_tls_security_level = may smtpd_tls_auth_only = yes smtpd_tls_protocols = !SSLv2, !SSLv3 - Grant

POODLE: smtpd_tls_mandatory_protocols question

2014-10-15 Thread Grant
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 The above is said to work with: smtpd_tls_security_level = encrypt but does it work with: smtpd_tls_security_level = may smtpd_tls_auth_only = yes - Grant

Re: message_size_limit

2014-02-15 Thread Grant
it parameter, so this probably goes > back to the very first alpha release. Got it, thank you. - Grant

message_size_limit

2014-02-13 Thread Grant
Is message_size_limit still valid? All of the references I can find to it online are very old. Is there another postfix directive I should use to set the maximum upload size for roundcube? - Grant

Re: blocked by gmail

2013-12-04 Thread Grant
s been >>blocked. Please visit >>http://support.google.com/mail/bin/answer.py?hl=en&answer=188131 for >>more information. >> >>I will delve into that link, but is there an especially good method >>for avoiding this situation? >> >>- Grant > &g

blocked by gmail

2013-12-04 Thread Grant
://support.google.com/mail/bin/answer.py?hl=en&answer=188131 for more information. I will delve into that link, but is there an especially good method for avoiding this situation? - Grant

Re: blocked by Verizon & Hotmail?

2013-09-13 Thread Grant
> , but that > requires a yahoo account, you must > be signed into your account when using this form, otherwise nothing will > happen. Also check out > SPF vs Sender ID <http://www.openspf.org/SPF_vs_Sender_ID> Other than > that, > welcome to an ongoing headache! This message is solid gold. Thank you. - Grant

Re: blocked by Verizon & Hotmail?

2013-09-13 Thread Grant
ind your server being blocked. If > this continues, you may get flagged as a spam source. > > You need to find some process to automatically prune your mail list to drop > these invalid addresses. I only get about 3 bounces per day so I'm hoping I can put that off for awhile. - Grant

Re: blocked by Verizon & Hotmail?

2013-09-05 Thread Grant
gt;> >> : host mx3.hotmail.com[65.54.188.126] said: 550 >> Requested action not taken: mailbox unavailable (in reply to RCPT TO >> command) >> >> I certainly don't spam or listwash (or any other sort of shadiness). >> Can anyone help me out with advice o

blocked by Verizon & Hotmail?

2013-09-05 Thread Grant
ested action not taken: mailbox unavailable (in reply to RCPT TO command) I certainly don't spam or listwash (or any other sort of shadiness). Can anyone help me out with advice on this? - Grant

Re: email from comcast.net is bouncing

2013-09-01 Thread Grant
> Grant: >> I'm on Gentoo and I use the etc-update script to update config files >> after upgrading. Should dnsblog be uncommented in a default >> master.cf? If so I may need to file a Gentoo bug. > > As distributed by me, the 'inet' smtpd service is act

Re: email from comcast.net is bouncing

2013-09-01 Thread Grant
f? >> >> NOQUEUE: reject: RCPT from [183.8.195.26]:3302: 450 4.3.2 Service >> currently unavailable; from=, >> to=, proto=ESMTP, helo= > > The ip 183.8.195.26 is certainly a spammer. Just looked it up using whois > nad host(1). Thanks James. This is all very cool. A blacklist (zen.spamhaus.org), a whitelist (list.dnswl.org), and a "greylist". 2.11 looks to be a fantastic release for easily-configured anti-spam measures. I'm just not getting spam anymore and I don't think I'm rejecting legitimate mail either. Thanks to all, Grant

Re: email from comcast.net is bouncing

2013-09-01 Thread Grant
appears to come from China. Is this a spoof? NOQUEUE: reject: RCPT from [183.8.195.26]:3302: 450 4.3.2 Service currently unavailable; from=, to=, proto=ESMTP, helo= - Grant

Re: email from comcast.net is bouncing

2013-08-30 Thread Grant
that a good config? I also read a recommendation to set up a caching nameserver like unbound on the same machine as postfix. Is that the right thing to do? Is there a way to verify that everything is working properly? - Grant

Re: email from comcast.net is bouncing

2013-08-30 Thread Grant
[209.85.219.51]:41193 Aug 26 21:21:36 [postfix/postscreen] DISCONNECT [209.85.219.51]:41193 > for the dnsblog log > > grep 'Aug 26 21:21.*dnsblog.*209.85.219.51' # grep '.*dnsblog.*209.85.219.51' -R /var/log/mail # I grep'ed the mail logs for dnsblog and got a huge number of these: [postfix/postscreen] warning: psc_dnsbl_request: connect to private/dnsblog service: No such file or directory - Grant

Re: email from comcast.net is bouncing

2013-08-30 Thread Grant
receiving the initial >> server greeting >> Aug 23 09:04:03 [postfix/smtp] 80A8A5C801E: lost connection with >> mx1.comcast.net[68.87.26.147] while receiving the initial server >> greeting > > These warnings are from your Postfix SMTP client. Do they necessarily indicate a problem with my postfix or could they be due to a problem with the server on the other end? - Grant

Re: email from comcast.net is bouncing

2013-08-27 Thread Grant
ems. Consider monitoring your >> > packet loss rate. I run "mtr" from a cron job. >> >> Is it the sender's SMTP client that has problems? > > Please show one complete logfile record (you may anonymize the email > address). Aug 23 06:35:11 [postfix/smtp] 72A0E5C801E: conversation with mx1.comcast.net[68.87.26.147] timed out while receiving the initial server greeting Aug 23 09:04:03 [postfix/smtp] 80A8A5C801E: lost connection with mx1.comcast.net[68.87.26.147] while receiving the initial server greeting - Grant

Re: email from comcast.net is bouncing

2013-08-26 Thread Grant
ction with mx1.comcast.net[68.87.26.147] while receiving the >> initial server greeting >> conversation with mx1.comcast.net[68.87.26.147] timed out while >> receiving the initial server greeting > > Your SMTP *client* also has problems. Consider monitoring your > packet loss rate. I run "mtr" from a cron job. Is it the sender's SMTP client that has problems? - Grant

Re: email from comcast.net is bouncing

2013-08-26 Thread Grant
ction with mx1.comcast.net[68.87.26.147] while receiving the >> initial server greeting >> conversation with mx1.comcast.net[68.87.26.147] timed out while >> receiving the initial server greeting > > Your SMTP *client* also has problems. Consider monitoring your > packet loss rate. I run "mtr" from a cron job. Is it the sender's SMTP client that has problems? - Grant

Re: email from comcast.net is bouncing

2013-08-25 Thread Grant
swl.org/s. I also have several of these: lost connection with mx1.comcast.net[68.87.26.147] while receiving the initial server greeting conversation with mx1.comcast.net[68.87.26.147] timed out while receiving the initial server greeting - Grant

email from comcast.net is bouncing

2013-08-25 Thread Grant
: SUBJECT: Delivery status notification This is an automatically generated Delivery Status Notification. Delivery to the following recipients was aborted after 7 second(s): mas...@masked.com - Grant

Re: Recipient address rejected: aol.com

2013-08-23 Thread Grant
blacklisted for 24 hours after you stop > doing that. Or at least being deferred. > > You aren't lishwashing or anything, are you? Can't imagine they'd do > that for just a few of them. No way. I don't think I've seen more than a few bounces within the last day or two. Maybe it's too high of a percentage good mail to bad mail? I need to start disabling an email address when I get a bounce from it. - Grant

Re: Recipient address rejected: aol.com

2013-08-23 Thread Grant
ystem within 24 hours once the complaints are again below the threshold." Could "statistics" refer to the several messages sent from my IP address to non-existent aol.com addresses within the last 24 hours? - Grant >> > Does this mean the email address doesn't

Recipient address rejected: aol.com

2013-08-22 Thread Grant
Does this mean the email address doesn't exist? : host mailin-04.mx.aol.com[64.12.138.161] said: 550 5.1.1 : Recipient address rejected: aol.com (in reply to RCPT TO command) - Grant

Re: greylisting generates error email?

2013-08-20 Thread Grant
cking all of those is perfectly safe. > > Perfectly safe is the categorizing process is itself perfect. > ANd since nothing is perfect, you'll always have false positive. Has anyone had a confirmed false positive with zen.spamhaus.org ? - Grant

Re: greylisting generates error email?

2013-08-19 Thread Grant
re is a consensus that this is true, I will add zen.spamhaus.org to postscreen_dnsbl_sites. - Grant

Re: greylisting generates error email?

2013-08-17 Thread Grant
ilserver > in case of deleted: it was silently dropped > > chosse one. I think what happened is the postscreen deep protocol checks did such an excellent job of reducing spam on their own that I figured the increased chance of rejecting legitimate mail by using one or more IP lists wasn't worth dropping the small amount of remaining spam. - Grant

Re: greylisting generates error email?

2013-08-17 Thread Grant
> [attribution of quotes reconstructed] > On Sat, Aug 17, 2013 at 12:54:44AM -0700, Grant wrote: > Noel: >> > However, I wonder why you don't have any dns blacklists such >> > as zen.spamhaus.org defined there. The ability of postscreen >> > to reject kno

Re: greylisting generates error email?

2013-08-17 Thread Grant
botnets/zombies hammering your server needlessly. Do you mean there aren't any legitimate servers listed in zen.spamhaus.org? When I switched servers a while back, the new IP I received was listed on several blacklists and it was a hassle to get them removed. - Grant

Re: greylisting generates error email?

2013-08-16 Thread Grant
ing precious smtpd processes is one of its > key features. I would just rather have a false negative than a false positive. I get a pretty small amount of spam at this point so I don't think reducing it further is worth increasing the chances of a false positive. - Grant

Re: greylisting generates error email?

2013-08-15 Thread Grant
defer it every time. >> >>> Postfix 2.11 (currently in development snapshots) includes a >>> wonderful feature to bypass postscreen tests for clients listed in >>> dns whitelists, such as list.dnswl.org, greatly reducing unnecessary >>> tests. > > And there was much rejoicing. \O/ If I understand correctly, this will completely eliminate the problem you described above? - Grant

Re: greylisting generates error email?

2013-08-15 Thread Grant
f: postscreen_dnsbl_sites = list.dnswl.org*-1 postscreen_dnsbl_whitelist_threshold = -1 Thank you for your help! - Grant

Re: greylisting generates error email?

2013-08-15 Thread Grant
ests for clients listed in > dns whitelists, such as list.dnswl.org, greatly reducing unnecessary > tests. I'm actually using postfix-2.11_pre20130710. Can you point me in the right direction for setting up the DNS whitelist interaction? Should that (for example) prevent comcast.net users from receiving 450 error email notices? - Grant

Re: greylisting generates error email?

2013-08-14 Thread Grant
tion that postscreen(8) can provide most of the pain and > benefits of greylisting, by enabling the after-220 ("deep protocol") > tests. You were right, I'm using postscreen and deep protocol checks. - Grant

Re: greylisting generates error email?

2013-08-14 Thread Grant
action = enforce postscreen_pipelining_enable = yes postscreen_pipelining_action = enforce postscreen_non_smtp_command_enable = yes postscreen_non_smtp_command_action = enforce postscreen_bare_newline_enable = yes postscreen_bare_newline_action = enforce - Grant

greylisting generates error email?

2013-08-14 Thread Grant
senders in some instances? How is greylisting set up in postfix now? I know I used to use postgrey but then I remember some sort of change. I can see that I have postgrey installed but the service is not running. I checked main.cf and master.cfbut I can't figure out how it's implemented now. - Grant

Re: 2.10 problem

2013-07-18 Thread Grant
n = enforce postscreen_pipelining_enable = yes postscreen_pipelining_action = enforce postscreen_non_smtp_command_enable = yes postscreen_non_smtp_command_action = enforce postscreen_bare_newline_enable = yes postscreen_bare_newline_action = enforce - Grant

Re: postfix munin graphs

2013-06-19 Thread Grant
t;>> >>>> $ munindoc postfix_mailstats >>> >>> You just improved my life. >>> >>>> You might also need to set group permissions to be able to read the log >>>> file. >>> >>> I have this on /var/log/mail/: >>> >

Re: postfix munin graphs

2013-06-19 Thread Grant
gt; > You just improved my life. > >> You might also need to set group permissions to be able to read the log >> file. > > I have this on /var/log/mail/: > > drwx-- 2 rootroot > > Since Gentoo set it up this way, I wonder if changing it would open a >

Re: postfix munin graphs

2013-06-19 Thread Grant
life. > You might also need to set group permissions to be able to read the log > file. I have this on /var/log/mail/: drwx-- 2 rootroot Since Gentoo set it up this way, I wonder if changing it would open a hole. What do you think? - Grant

Re: postfix munin graphs

2013-06-18 Thread Grant
>> I think I need to tell munin where my postfix logs are >> (/var/log/mail/current) since I use metalog. How can I do that? >> >> - Grant > > Try'n read some documentation > http://munin.readthedocs.org/en/latest/ I've read a lot of it but: "0 R

postfix munin graphs

2013-06-18 Thread Grant
) since I use metalog. How can I do that? - Grant

Re: 2.10 problem

2013-06-04 Thread Grant
tried switching to the following in main.cf: smtpd_relay_restrictions = permit_mynetworks,permit_sasl_auth but I started getting messages like this in the log: warning: unknown smtpd restriction: "permit_sasl_auth" 451 4.3.5 Server configuration error - Grant

Re: 2.10 problem

2013-06-04 Thread Grant
> Grant: >> I recently upgraded from 2.9.5 to 2.10 and ever since I've been having >> an intermittent problem with email sent from within my web framework >> (Interchange - icdevgroup.org) not reaching its recipient. I usually >> get an error message in Intercha

2.10 problem

2013-06-03 Thread Grant
em but not with this latest issue. I know this is incredibly vague, but can anyone hazard a guess as to what the problem might be? The big config change I see referenced with regard to 2.10 is smtpd_relay_restrictions but I don't see how that could be related. My smtpd_relay_restrictions is blank. - Grant

Re: Sufficiently locked down?

2013-01-23 Thread Grant
andom_source = dev:/dev/urandom unknown_local_recipient_reject_code = 550 virtual_alias_maps = hash:/etc/postfix/virtual postconf: warning: /etc/postfix/main.cf: unused parameter: smtpd_relay_restrictions= - Grant

Sufficiently locked down?

2013-01-22 Thread Grant
,permit_sasl_authenticated,reject main.cf: mynetworks_style = host smtpd_recipient_restrictions = reject_unauth_destination, permit smtpd_relay_restrictions = smtpd_tls_security_level = may smtpd_tls_auth_only = yes - Grant

smtpd_relay_restrictions in main.cf

2012-12-09 Thread Grant
value to keep using smtpd_recipient_restrictions as before." Since I have the following in master.cf: -o smtpd_recipient_restrictions=permit_mynetworks,reject_plaintext_session,permit_sasl_authenticated,reject Should I have the following in main.cf? smtpd_relay_restrictions = - Grant

Re: Limit an account to 1 email address

2012-12-09 Thread Grant
this is not a secure way to store a password, I'd like to lock down the special user on my mail server so that any mail client authenticating as that user can only send email to my email address. That way the password doesn't need to be secure. - Grant

Limit an account to 1 email address

2012-12-08 Thread Grant
my email address? The user's password is stored in plain text in ssmtp.conf on each of my systems but I figure that doesn't matter if it can only be used to send mail to my address. - Grant

Re: Switching to 587 submission

2011-12-10 Thread Grant
mydestination = my-actual-domain.com smtpd_recipient_restrictions = reject_unauth_destination, permit - Grant

Re: Switching to 587 submission

2011-12-09 Thread Grant
>> I should add that I took Noel's advice and Thunderbird is connecting >> remotely to 587 and Squirrelmail is connecting locally to 587 without >> encryption or authentication.  The above config pertains to that >> arrangement. >> >> - Grant >

Re: Switching to 587 submission

2011-12-09 Thread Grant
>> Normally yes, but OP is using submission for unencrypted, >>> unauthenticated local mail. >>> >>> I also suggested he explicitly set -o smtpd_tls_auth_only=yes and >>> add reject_plaintext_session, but apparently he knows better. >> >> Alr

Re: Switching to 587 submission

2011-12-09 Thread Grant
ion port *less* > secure, *just* so you can let squirrelmail use it instead of leaving 465 > open *only* for squirrelmail. I don't see why the submission port is made less secure if it requires authentication (outside of mynetworks) and authentication requires encryption. - Grant

Re: Switching to 587 submission

2011-12-09 Thread Grant
ed to you to continue to use port 465 > (smtps) for squirrelmail, so you didn't have to make the submission port > less secure. It was also repeatedly suggested that I switch to exactly the arrangement that I've switched to. - Grant

Re: Switching to 587 submission

2011-12-09 Thread Grant
icitly set -o smtpd_tls_auth_only=yes and > add reject_plaintext_session, but apparently he knows better. Alright, I thought my config rendered those unnecessary/redundant, but apparently not? - Grant

Re: Switching to 587 submission

2011-12-09 Thread Grant
y. Because authentication requires TLS and submission requires authentication if you aren't in mynetworks, I'm effectively requiring TLS for submission if you aren't in mynetworks, correct? - Grant

Re: Switching to 587 submission

2011-12-09 Thread Grant
master.cf: > > submission inet n       -       n       -       -       smtpd > -o smtpd_sasl_auth_enable=yes > -o > smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject > > main.cf: > > smtpd_recipient_restrictions = >   reject_unauth_destination, &

Re: Switching to 587 submission

2011-12-08 Thread Grant
- n - - smtpd -o smtpd_sasl_auth_enable=yes -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject main.cf: smtpd_recipient_restrictions = reject_unauth_destination, permit smtpd_tls_security_level = may smtpd_tls_auth_only = yes - Grant

Re: Switching to 587 submission

2011-12-08 Thread Grant
command_enable = yes postscreen_non_smtp_command_action = enforce postscreen_bare_newline_enable = yes postscreen_bare_newline_action = enforce - Grant

Re: Switching to 587 submission

2011-12-08 Thread Grant
w minutes ago.  These changes > still allow thunderbird to securely submit from remote locations. > > Repeating myself: Got it. I misunderstood you before. May I ask why using 465 for Thunderbird and Squirrelmail would be better than 587 for Thunderbird and 25 for Squirrelmail t

Re: Switching to 587 submission

2011-12-08 Thread Grant
Squirrelmail encrypt or >> authenticate. > > No, I'd do exactly what I said we do here: run 587 on the loopback interface > only, and not require authentication. I think I can't do that because I also need to connect to 587 from Thunderbird in remote locations. >>

Re: Switching to 587 submission

2011-12-08 Thread Grant
ls_security_level = may smtpd_tls_auth_only = yes smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, permit - Grant

Re: Switching to 587 submission

2011-12-08 Thread Grant
nd on port 25 from Squirrelmail when it's on the same machine as postfix? That way I can make 587 require TLS and authentication but not require that local Squirrelmail encrypt or authenticate. Also, should I have some sort of config that prevents the port 25 open-relay exploit you mentioned? - Grant

Re: Switching to 587 submission

2011-12-08 Thread Grant
ail and postfix are on the same machine. I've changed Squirrelmail to send to port 25 with no authentication and no TLS and it works! It must have been failing before because it was trying to authenticate? So this is working because Squirrelmail is part of $mynetworks (localhost) and there are

Re: Switching to 587 submission

2011-12-08 Thread Grant
is this: > > 587 is used by MUA's (i.e. clients) to submit *outbound* messages to your MTA > (relay). > > 25 is used by your MTA to receive *incoming* messages from other > administrative domains (organizations). Port 25 is never used to submit outbound messages? If not, I'm confused as to why Squirrelmail describes its "SMTP Port" setting this way: This is the port to connect to for SMTP. Usually 25. - Grant

Re: Switching to 587 submission

2011-12-08 Thread Grant
gh. I just noticed that I can't send mail from Thunderbird unless I include permit_sasl_authenticated in the above smtpd_recipient_restrictions block. I get relay access denied otherwise. - Grant

Re: Switching to 587 submission

2011-12-08 Thread Grant
eah I use Gmail anyway) so I'm happy to stick with Squirrelmail over Roundcube. - Grant

Re: Switching to 587 submission

2011-12-07 Thread Grant
function expects > 2 parameters and was given zero: > > $ cat test.php > > > $ php test.php > PHP Warning:  stream_socket_enable_crypto() expects at least 2 parameters, 0 > given in /home/mjo/test.php on line 1 > > Warning: stream_socket_enable_crypto() expects at least 2 parameters, 0 > given in /home/mjo/test.php on line 1 I get the same error. Squirrelmail does send mail over SSL 465. - Grant

Re: Switching to 587 submission

2011-12-07 Thread Grant
ng > exercised. SASL must be working since Thunderbird can send mail over 587, correct? I don't see why local Squirrelmail won't send mail over 587, but remote Thunderbird will. Squirrelmail also won't send mail over port 25, but it will send mail over 465. - Grant

Re: Switching to 587 submission

2011-12-07 Thread Grant
or even "digest-md5" and "cram-md5" (as we do here) with TB using > "Encrypted password" as the authentication type. You found a typo in my /etc/sasl2/smtpd.conf which I've corrected and I no longer get the "Bad sequence of commands 503 5.5.1 Error: auth

Re: Switching to 587 submission

2011-12-07 Thread Grant
_alias_maps = hash:/etc/postfix/virtual message_size_limit = 2048 smtpd_tls_security_level = may smtpd_tls_auth_only = yes smtpd_tls_key_file = /etc/ssl/postfix/key.pem smtpd_tls_cert_file = /etc/ssl/postfix/cert.pem smtpd_tls_CAfile = /etc/ssl/postfix/cacert.pem smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom - Grant

Re: Switching to 587 submission

2011-12-07 Thread Grant
ct to IMAP and >  SMTP servers that use STARTTLS (which is different from TLS). I'm trying to figure out why I can't connect to 587 in Squirrelmail. I can in Thunderbird. - Grant

Re: Switching to 587 submission

2011-12-07 Thread Grant
usually does not go over the WAN If I set "Secure SMTP (TLS) : false" in squirrelmail, I get: Authentication required 530 5.7.0 Must issue a STARTTLS command first If I change port 587 to 25 in squirrelmail I get: Bad sequence of commands 503 5.5.1 Error: authentication not enabled - Grant

Re: Switching to 587 submission

2011-12-07 Thread Grant
S on 143? I just read that Squirrelmail doesn't support STARTTLS, so I must continue to use smtps 465 in order to use Squirrelmail? - Grant

Switching to 587 submission

2011-12-07 Thread Grant
_level = may smtpd_tls_auth_only = yes Thanks to anyone who can help me out with this or point out any deficiencies/stupidities in my config. - Grant

Should I have postgrey listen on a socket?

2010-12-03 Thread Grant
I just noticed that postgrey is listening on localhost:10030. Would it be better to have it listen to a socket? - Grant

Re: Closing port 25

2010-11-28 Thread Grant
good about obeying the 'rules'. And AFAIK, port 25 is one of > the rules. Again, see Mouss for a better explanation. > > I've got some hand built spam filtering in my firewall -- to catch stuff > that gets through Postfix. That's what I was trying to suggest. Great stuff guys, thanks a lot. - Grant

Re: Closing port 25

2010-11-28 Thread Grant
ur users can use it send > mail). > > if you also need "inbound" mail (external users to send to your server), > then you must keep port 25 open. Thank you. I do need to receive mail on the server too so I'll keep port 25 open. - Grant

Re: Closing port 25

2010-11-28 Thread Grant
you elaborate on that a bit? I'm not sure what you mean. > OTOH, you are liable to get a lot of traffic on port 25 that you don't want > to miss. You might not really want to close it. I thought postfix's smtp/smtps is only used for mail transmission for my mail clients? - Grant

Re: Closing port 25

2010-11-28 Thread Grant
g in master.cf: smtp inet n - n - - smtpd and restarted postfix and port 25 is closed. - Grant

Closing port 25

2010-11-28 Thread Grant
I run postfix and my mail clients use smtps so I was thinking I may as well close port 25. How can I do that? - Grant

Re: master.cf question

2010-11-17 Thread Grant
       http://www.postfix.org/smtpd.8.html > >> to the following: >> >> smtps     inet  n       -       n       -       -       smtp >>   -o smtpd_tls_wrappermode=yes > > The one above is wrong. > >        http://www.postfix.org/smtp.8.html Thank you Viktor. - Grant

master.cf question

2010-11-16 Thread Grant
inet n - n - - smtp -o smtpd_tls_wrappermode=yes Can anyone tell me what is the functional difference? - Grant

Re: [SP] Re: [SP] Re: How to force SMTP AUTH to restrict Sender Addresses?

2010-06-17 Thread Andrew G. Grant
Thank you Victor for giving me that wonderfully concise answer. On Jun 17, 2010, at 9:53 AM, Victor Duchovni wrote: On Thu, Jun 17, 2010 at 07:30:44AM -0700, Andrew G. Grant wrote: > Jose, > > Unfortunately, looking at another server OS doesn't help me to find the > answer

Re: [SP] Re: [SP] Re: How to force SMTP AUTH to restrict Sender Addresses…

2010-06-17 Thread Andrew G. Grant
Jose, Unfortunately, looking at another server OS doesn't help me to find the answer to this question. But thank you for the suggestion. I am still trying to find out how Apple OS X Server 10.6.3 (Darwin Kernel Version 10.3.0), running Postfix 2.5.5, Amavisd, ClamAV, SpamAssassin, Dovecot, and S

Re: Smtpd_sender_maps and sender / recipient restrictions

2010-06-16 Thread Andrew G. Grant
Thank you Wietse. That was very helpful and I believe I can get this done now. —— Andrew Grant Information Systems Administrator Email: andrew.gr...@caddock.com Caddock Electronics, Inc. High Performance Resistor Products Web: www.caddock.com 17271 North Umpqua Hwy

Re: [SP] Re: [SP] Re: How to force SMTP AUTH to restrict Sender Addresses…

2010-06-16 Thread Andrew G. Grant
d updating another separate list of Email Addresses and User Names for "smtpd_sender_login_maps". On Jun 16, 2010, at 3:49 AM, Charles Marcus wrote: On 2010-06-15 6:29 PM, Andrew G. Grant wrote: > Can anyone answer the question about how SASL is able to > authenticate Users with their Passwords stor

Smtpd_sender_maps and sender / recipient restrictions

2010-06-15 Thread Andrew G. Grant
I just got smtpd_sender_maps to work with smtpd_sender_restrictions using reject_authenticated_sender_login_mismatch. While researching how that worked, I saw information indicating that you could apply the reject_sender_login_mismatch to the smtpd_recipient_restrictions. Can someone explain ho

  1   2   >