>So would this work:
>
>smtpd_recipient_restrictions = permit_sasl_authenticated,
>check_sender_access hash:/usr/pkg/etc/postfix/sender_access,
>reject_unauth_destination, reject_unauth_pipelining, reject_rbl_client
>zen.spamhaus.org, check_policy_service inet:127.0.0.1:10023, permit
>
>As in the m
> No, since that will only whitelist the sender part;
> smtpd_recipient_restrictions may still reject the message or the
> recipient(s).
> Put the sender check in smtpd_recipient_restrictions instead.
So would this work:
smtpd_recipient_restrictions = permit_sasl_authenticated,
check_sender_acces
Hi Rob
Thanks for your reply - that's certainly cleared a few things up!
>> check_recipient_access hash:/usr/pkg/etc/postfix/access,
>
> "access" is a bad name for this. Since you're checking recipient
> addresses, I would suggest a name of "rcpt_access", or similar.
I've renamed this to sender_
Hi,
I'm trying to achieve the following:
Stop spammers (obviously)
Permit relaying when I'm outside the network (using SASL)
After reading through postconf, to prevent duplicate checks I removed
a number of checks from smtpd_sender_restrictions, so that it now
looks like this:
smtpd_sender_rest
On 23 January 2011 13:33, Noel Jones wrote:
> No, the different smtpd_*_restrictions define *when* or in what order the
> checks run. This is further simplified by the sane default
> smtpd_delay_reject=yes, which delays evaluation of smtpd_{client, helo,
> sender, recipient}_restrictions until a
On 23 January 2011 10:15, mouss wrote:
> Le 23/01/2011 03:45, IT geek 31 a écrit :
>> A recent poster asked for configuration to be checked, and it has made
>> me question my own sender and recipient restrictions:
>>
>> smtpd_sender_restrictions =
>&
A recent poster asked for configuration to be checked, and it has made
me question my own sender and recipient restrictions:
smtpd_sender_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
check_sender_access hash:/usr/pkg/etc/postfix/sender_access,
reject_non_fqdn_sender
On 18 January 2011 22:34, Wietse Venema wrote:
> IT geek 31:
>> On 18 January 2011 22:22, Wietse Venema wrote:
>> > IT geek 31:
>> >> I have an issue regarding SSL/TLS.
>> >>
>> >> I have configured my certificates and STARTTLS works fine. ?O
On 18 January 2011 22:22, Wietse Venema wrote:
> IT geek 31:
>> I have an issue regarding SSL/TLS.
>>
>> I have configured my certificates and STARTTLS works fine. Out of
>> curosity, I wanted to get SSL over tcp/465 working.
> Port 465 uses a different protoco
I have an issue regarding SSL/TLS.
I have configured my certificates and STARTTLS works fine. Out of
curosity, I wanted to get SSL over tcp/465 working.
I uncommented the following line in master.cf:
smtps inet n - n - - smtpd
And netsat shows the serve
My understanding is to prevent these errors, you obtain the root
certificate for each server mail certificate your Postfix server
connects to, append it to a pem file and reference it with
smtp_tls_CAfile in main.conf.
This could obviously take a while. On a Windows installation you can
refer to
ce:
- Sometimes (encrypt if valid key is found, do not if a key is not found)
On 7 January 2011 14:40, Mikael Bak wrote:
> IT geek 31 wrote:
>>
>> Outlook is all-or-nothing - it can force encryption for all
>> recipients, regardless if they have a certificate or not, or no
> If you really like to do you might use header_checks to detect the
> Content-Type. Signed mail for example has "Content-Type: multipart/signed".
> For header_checks have a look here
> http://www.postfix.org/header_checks.5.html, but be aware that the content
> has already leaked as others said. I
On 6 January 2011 19:49, Jerry wrote:
> On Thu, 6 Jan 2011 19:21:56 +
> IT geek 31 articulated:
>
>> I think you've nailed it there Tom - I'm trying to teach better
>> etiquette. Ideally I'd like a plugin for his mail client (Outlook)
>> that au
>> On 6 January 2011 14:25, Ansgar Wiechers wrote:
>>> On 2011-01-06 IT geek 31 wrote:
>>>> My accountant and I both have digital certificates and most of the
>>>> time encrypt our mails. But he often forgets, meaning sensitive
>>>> information
I am talking about the mail content, and I'm using S/MIME.
Yes, I'm sure the accountant will never send me unencrypted mail.
Thanks,
On 6 January 2011 14:25, Ansgar Wiechers wrote:
> On 2011-01-06 IT geek 31 wrote:
>> My accountant and I both have digital certificates and
My accountant and I both have digital certificates and most of the
time encrypt our mails. But he often forgets, meaning sensitive
information is sent in plaintext.
Is there any way to instruct Postfix to reject his mail unless it is encrypted?
I know I can setup TLS, but that is something I do
17 matches
Mail list logo
