I couldn't find any 2.8.0-1 SRPMS.
I used the following to build from source after backing up my config dir:
make makefiles \
CCARGS='-fPIC -DUSE_TLS -DUSE_SSL \
-DHAS_MYSQL -I/usr/include/mysql -DPREFIX=\"/usr\" \
-DSNAPSHOT -I/usr/include/openssl \
-I/usr/include' \
AUXLIBS='-L/usr/lib64 -L/usr/lib/openssl -lssl -lcrypto \
-lz -l
Noel,
You're correct about reject_sender_login_mismatch , the problem is
with my smtpd_sender_login_maps query and not the restriction itself.,
I'll have to revisit that at a later time. Thanks for all your help.
Thanks guys.
My relay server has been upgraded to 2.7.2 and smtp server to 2.4.13
inet_protocols = all < Had to add this due to some SPF records
now using ip6: entries
reject_sender_login_mismatch before permit_sasl_authenticated <---
Results in the following unwanted result:
Jan 22 14:30:
This is the config for my SMTP server, anything stand out?
anvil_rate_time_unit = 180s
body_checks = regexp:/etc/postfix/body_checks
bounce_size_limit = 1500
broken_sasl_auth_clients = yes
default_destination_concurrency_limit = 5
disable_vrfy_command = yes
header_checks = regexp:/etc/postfix/hea
Sahil,
I tested your command and it worked, thanks for that.
I used the following command to determine what needed to be removed
from my main.cf:
postconf -d > defaultcfg && postconf -n > customcfg && perl -ne 'print
if ($seen{$_} .= @ARGV) =~ /10$/' customcfg defaultcfg
Then I made the suggested changes and I'm left with:
anvil_rate_time_unit = 180s
bod
Thanks Noel, I will make the suggested changes along with cleaning out
the defaults. As far as the check policy goes, I shouldnt have any
issues moving it on this server because all I have enabled is HELO and
SPF checking. Now on my SMTP server, I have to have it before or else
the quota checking d
CentOS 5.5
mail_version = 2.3.3
Thanks Noel. Let me know if I'm missing anything. This server is
supposed to act just as a relay.
postconf -n
alias_maps =
anvil_rate_time_unit = 180s
body_checks = regexp:/etc/postfix/body_checks
bounce_size_limit = 1500
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directo
I've been somewhat satisfied with the config I've had in place for a
while, but I thought it wouldn't hurt to have the experts take a look
and see if I've fubared something. Would theĀ preferredĀ method be a
postconf -n or snippets from main.cf?
Have you already looked at http://www.postfix.org/SASL_README.html ?
You would probably need to compile SASL with the required auth mechanisms.
I was able to accomplish that as well using fail2ban and some custom
regex rules for it. It can be setup to use iptables or /etc/hosts.deny
http://www.fail2ban.org/
I completely misunderstood his request, sorry.
You may be able to use a mysql access map with a template like below:
user = dbuser
password = dbpasswd
dbname = dbname
query =
SELECT y
FROM access
WHERE x='%s'
Noel,
Does your info apply to servers used only for outgoing mail as well?
I see, thank you.
Although untested, here is how I set mine up, can anyone confirm this
would work for the OPs question?
anvil_rate_time_unit= 60m
smtpd_recipient_limit = 100
smtpd_recipient_overshoot_limit = 20
smtpd_client_message_rate_limit = 100
smtpd_client_recipient_rate_limit = 100
smtpd_client_connectio
I'm having a hard time understanding your setup. From what I can
gather, you're MX records point to google, incoming mail is then
fetched from google to your local server where you have added matching
users via ldap, but you wish to forward it BACK to google??
> Doesn't Postfix use /var/spool/postfix/etc/resolv.conf (which may be
> different)?
>
If he's chroot'ed then I would assume yes.
Setup snort and find out where the connections are coming from. There
are many ways to do this.
also check /etc/sysconfig/networking/profiles/default/resolv.conf
Is your server behind a NAT firewall?
I'll provide my config, but keep in mind, the entire process is based
on a scoring system which will vary from setup to setup. It's highly
likely you will have to tweak the scores based on your specific needs.
Below is my config, you can view the default settings by typing
'policyd-weight defaults'
Sure, what's the policy on this list for that? Attachment or just copy/paste?
I also can vouch for policyd-weight , with a bit of configuration it
can be a very useful tool. Combine it with the fail2ban postfix log
wrapper and you're on the right track.
I stopped using the perl SPF implementation because it would spawn too
many instances and not properly terminate the process when complete,
after a while it would overload the server with MailScanner running
alongside. I haven't tried the python version.
Makes sense.
Arthur, why not just set it in the main.cf ?
I may be wrong, but I believe when you change those settings, a
postfix reload might not work. You may need to stop and start the
service.
inet_interfaces - contols which IP addresses that Postfix listens on.
smtp_bind_address - specifies which IP address to send email from.
That's all I know
smtp_bind_address = x.x.x.x
Thanks Noel, this information has helped me as well.
You might need to add these to your ok-ipaddresses file
zr2usa.com OK
vps.zr2usa.com OK
nob...@vps.zr2usa.com OK
ke...@vps.zr2usa.com OK
67.213.214.192 OK
212.96.160.162 OK
It looks like its rejecting the HELO
Thank Noel, I appreciate the info.
Couldn't you restrict the large bounces by setting bounce_size_limit = x ?
smtpd_data_restrictions = reject_multi_recipient_bounce is a good idea too
What linux distro are you running?
Try adding this to your smtpd.conf
sql_select: dummy
Or you could recompile sasl without sql capabilities
Have you tried adding:
auxprop_plugin: ldap
I can't connect from my location...
[r...@smtp1 postfix]# telnet mail2.draxlerinsurance.com 25
Trying 67.227.17.36...
telnet: connect to address 67.227.17.36: Connection refused
send mail to a domain NOT hosted by your mail server
> then you want them to authenticate to ensure that you are not an open relay,
> but incoming mail need not be restricted except to make sure that you are
> the MX for the domains.
>
> Make sense?
>
> Thomas
>
--
Walter P
Clarification,
Troubleshooting what seems to be mail being sent FROM our own domains *without
authentication* TO anywhere.
On Sat, Jun 12, 2010 at 2:03 PM, Walter Pinto wrote:
> There's no need to be rude sir. I'm just trying to become more familiar
> with the Postfix system a
domains TO anywhere
On Sat, Jun 12, 2010 at 9:40 AM, Jeroen Geilman wrote:
> On 06/12/2010 07:06 AM, Walter Pinto wrote:
>
> Recipient map is also SQL based, here's the config.
>
> [r...@mx sql]# cat relay_recipient_map.conf
> user = xxx
> passw
st need confirmation.
Is this statement true or false? You cannot restrict sending mail to
authenticated sessions without also restricting incoming mail as well.
On Fri, Jun 11, 2010 at 5:38 PM, Jeroen Geilman wrote:
> On 06/12/2010 02:08 AM, Walter Pinto wrote:
>
>> I'm looking
:local mail delivery disabled
relay_domains = mysql:/etc/postfix/sql/relay_transport_map.conf
header_checks = regexp:/etc/postfix/header_checks
mime_header_checks = $header_checks
nested_header_checks =
body_checks= regexp:/etc/postfix/body_checks
44 matches
Mail list logo
