On Saturday 10 December 2011 11:20:50 Grant wrote:
> >> #relay_domains = $mydestination
> >
> > this is inccrrect :/
> >
> > relay domains is NOT localy, mydestination is ONLY localy
> >
> > suggest to remove that line from main.cf
>
> This is the default, how can it be incorrect?
The default
>> #relay_domains = $mydestination
>
>
> this is inccrrect :/
>
> relay domains is NOT localy, mydestination is ONLY localy
>
> suggest to remove that line from main.cf
This is the default, how can it be incorrect?
I use it with the following to lock down port 25:
mydestination = my-actual-domai
On 12/10/2011 5:12 AM, Benny Pedersen wrote:
> On Thu, 8 Dec 2011 15:29:57 -0800, Grant wrote:
>
>> #relay_domains = $mydestination
>
> this is inccrrect :/
>
> relay domains is NOT localy, mydestination is ONLY localy
>
> suggest to remove that line from main.cf
>
>
That's the default setti
On Sat, 10 Dec 2011 12:53:33 +0100, Reindl Harald wrote:
smtpd_recipient_restrictions = permit_mynetworks
reject_non_fqdn_recipient
reject_non_fqdn_sender
permit_mynetworks after *_fqdn_*
NO
mynetworks are only trusted servers
fqdn is better done in mua, so yes imho
Am 10.12.2011 10:52, schrieb Benny Pedersen:
> On Thu, 08 Dec 2011 22:03:58 +0100, Reindl Harald wrote:
>
>> smtpd_recipient_restrictions = permit_mynetworks
>> reject_non_fqdn_recipient
>> reject_non_fqdn_sender
>
> permit_mynetworks after *_fqdn_*
NO
mynetworks are only trusted servers
On Thu, 8 Dec 2011 15:29:57 -0800, Grant wrote:
#relay_domains = $mydestination
this is inccrrect :/
relay domains is NOT localy, mydestination is ONLY localy
suggest to remove that line from main.cf
On Thu, 08 Dec 2011 22:03:58 +0100, Reindl Harald wrote:
smtpd_recipient_restrictions = permit_mynetworks
reject_non_fqdn_recipient
reject_non_fqdn_sender
permit_mynetworks after *_fqdn_*
On Thu, 8 Dec 2011 07:46:52 -0800, Grant wrote:
Javascript gives me the creeps (yeah I use Gmail anyway) so I'm happy
to stick with Squirrelmail over Roundcube.
gmail users can use remote sasl auth aswell if outgoing from gmail is
not working :-)
otoh roundcube can use gmail imap servers, wo
On 12/9/11 1:36 PM, /dev/rob0 wrote:
> On Friday 09 December 2011 14:23:01 Philip Prindeville wrote:
>> On 12/9/11 11:39 AM, Grant wrote:
> Philip:
Now whenever you upgrade Squirrelmail to something current,
you can pass your free time trying to figure out how to get
it to do STARTTL
On Friday 09 December 2011 14:23:01 Philip Prindeville wrote:
> On 12/9/11 11:39 AM, Grant wrote:
Philip:
> >> Now whenever you upgrade Squirrelmail to something current,
> >> you can pass your free time trying to figure out how to get
> >> it to do STARTTLS. :-)
> >
> > No need. Squirrelmail co
On 12/9/11 11:39 AM, Grant wrote:
>>> I should add that I took Noel's advice and Thunderbird is connecting
>>> remotely to 587 and Squirrelmail is connecting locally to 587 without
>>> encryption or authentication. The above config pertains to that
>>> arrangement.
>>>
>>> - Grant
>>
>>
>> Now whe
>> I should add that I took Noel's advice and Thunderbird is connecting
>> remotely to 587 and Squirrelmail is connecting locally to 587 without
>> encryption or authentication. The above config pertains to that
>> arrangement.
>>
>> - Grant
>
>
> Now whenever you upgrade Squirrelmail to something
On 12/9/11 2:26 AM, Reindl Harald wrote:
> well, as long thunderbird offers STARTTLS or SSL and for SSL 465 as
> default and as long 465 does not eat anybodys children
It kicked my dog once...
On 12/9/11 8:07 AM, Grant wrote:
> I should add that I took Noel's advice and Thunderbird is connecting
> remotely to 587 and Squirrelmail is connecting locally to 587 without
> encryption or authentication. The above config pertains to that
> arrangement.
>
> - Grant
Now whenever you upgrade
>> master.cf:
>>
>> submission inet n - n - - smtpd
>> -o smtpd_sasl_auth_enable=yes
>> -o
>> smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
>>
You should also have:
smtpd_tls_security_lev
On 12/9/2011 10:15 AM, Grant wrote:
> master.cf:
>
> submission inet n - n - - smtpd
> -o smtpd_sasl_auth_enable=yes
> -o
> smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
>
>>>
>>> You should also have:
>>>
>
>> It was also repeatedly suggested that I switch to exactly the
>> arrangement that I've switched to.
>
>
> No, that was only presented as an option (there is always more than one way
> to skin a cat).
>
> Doing it the way you did it makes your primary submission port *less*
> secure, *just* so yo
On 2011-12-09 11:25 AM, Grant wrote:
It was also repeatedly suggested that I switch to exactly the
arrangement that I've switched to.
No, that was only presented as an option (there is always more than one
way to skin a cat).
Doing it the way you did it makes your primary submission port *l
>> Thank you but if I do that I won't be able to connect from
>> Squirrelmail which does not currently support STARTTLS. Squirrelmail
>> is on the same machine as postfix so TLS isn't necessary there anyway.
>
>
> Which is why it was repeatedly suggested to you to continue to use port 465
> (smtps
On 2011-12-09 11:12 AM, Grant wrote:
Thank you but if I do that I won't be able to connect from
Squirrelmail which does not currently support STARTTLS. Squirrelmail
is on the same machine as postfix so TLS isn't necessary there anyway.
Which is why it was repeatedly suggested to you to contin
master.cf:
submission inet n - n - - smtpd
-o smtpd_sasl_auth_enable=yes
-o
smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
>>
>> You should also have:
>>
>> smtpd_tls_security_level=encrypt
>>
>> for t
>>> master.cf:
>>>
>>> submission inet n - n - - smtpd
>>> -o smtpd_sasl_auth_enable=yes
>>> -o
>>> smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
>
>
> You should also have:
>
> smtpd_tls_security_level=encrypt
>
> for the submission s
On 12/9/2011 10:04 AM, Charles Marcus wrote:
> On 2011-12-09 10:07 AM, Grant wrote:
>>> master.cf:
>>>
>>> submission inet n - n - - smtpd
>>> -o smtpd_sasl_auth_enable=yes
>>> -o
>>> smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
>>>
On 2011-12-09 10:07 AM, Grant wrote:
master.cf:
submission inet n - n - - smtpd
-o smtpd_sasl_auth_enable=yes
-o
smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
You should also have:
smtpd_tls_security_level=encrypt
for the subm
>> You can use SquirrelMail on 587. It doesn't work right now because
>> of your smtpd_security_level=encrypt. You could change your
>> submission restrictions to something like
>> -o smtpd_security_level=may
>> -o mynetworks=127.0.0.1
>> -o smtpd_tls_auth_only=yes
>> -o
>> smtpd_recipient_res
Am 09.12.2011 03:44, schrieb Philip Prindeville:
> On 12/8/11 5:33 PM, Reindl Harald wrote:
>>
>>> Got it. I misunderstood you before. May I ask why using 465 for
>>> Thunderbird and Squirrelmail would be better than 587 for Thunderbird
>>> and 25 for Squirrelmail talking to localhost?
>>
>> th
>> Is it alright to send on port 25 from Squirrelmail when it's on the
>> same machine as postfix?
>
> OK, but not optimal. Better to leave on 465 to separate the traffic.
>
>> That way I can make 587 require TLS and
>> authentication but not require that local Squirrelmail encrypt or
>> authenti
On 12/8/11 5:33 PM, Reindl Harald wrote:
>
>> Got it. I misunderstood you before. May I ask why using 465 for
>> Thunderbird and Squirrelmail would be better than 587 for Thunderbird
>> and 25 for Squirrelmail talking to localhost?
>
> there is no better
> configure a server as YOU need
>
Wel
On 12/8/11 4:29 PM, Grant wrote:
>>> Is it alright to send on port 25 from Squirrelmail when it's on the
>>> same machine as postfix? That way I can make 587 require TLS and
>>> authentication but not require that local Squirrelmail encrypt or
>>> authenticate.
>>
>> No, I'd do exactly what I sai
On 12/08/2011 05:18 PM, Grant wrote:
I've boiled my config down to this. It is functional and I think it
is secure and that it rejects any attempt to send messages from
outside mynetworks unless authenticated. Am I correct? Please
consider all other directives to be default.
You're fine.
I
>> Got it. I misunderstood you before. May I ask why using 465 for
>> Thunderbird and Squirrelmail would be better than 587 for Thunderbird
>> and 25 for Squirrelmail talking to localhost?
>
> I'm quite sure that he never said to use 465 for Thunderbird. The
> reason you don't want to use port 2
On 12/8/2011 6:11 PM, Grant wrote:
> Got it. I misunderstood you before. May I ask why using 465 for
> Thunderbird and Squirrelmail would be better than 587 for Thunderbird
> and 25 for Squirrelmail talking to localhost?
The good reason to not use port 25 for local user submissions is
that it al
On 09/12/11 13:11, Grant wrote:
> Got it. I misunderstood you before. May I ask why using 465 for
> Thunderbird and Squirrelmail would be better than 587 for Thunderbird
> and 25 for Squirrelmail talking to localhost?
I'm quite sure that he never said to use 465 for Thunderbird. The
reason you
Am 09.12.2011 01:11, schrieb Grant:
>>> I think I can't do that because I also need to connect to 587 from
>>> Thunderbird in remote locations.
>>
>> You're making this way too complicated.
>>
>> Either continue to happily use 465 as you always have, or make the
>> changes to submission I suggest
>> I think I can't do that because I also need to connect to 587 from
>> Thunderbird in remote locations.
>
> You're making this way too complicated.
>
> Either continue to happily use 465 as you always have, or make the
> changes to submission I suggested a few minutes ago. These changes
> still
On 12/8/2011 5:29 PM, Grant wrote:
> I think I can't do that because I also need to connect to 587 from
> Thunderbird in remote locations.
You're making this way too complicated.
Either continue to happily use 465 as you always have, or make the
changes to submission I suggested a few minutes ago
> 25 is used by your MTA to receive *incoming* messages from other
> administrative domains (organizations).
Port 25 is never used to submit outbound messages? If not, I'm
confused as to why Squirrelmail describes its "SMTP Port" setting this
way:
This is the
On 12/8/11 1:49 PM, Grant wrote:
25 is used by your MTA to receive *incoming* messages from other
administrative domains (organizations).
>>>
>>> Port 25 is never used to submit outbound messages? If not, I'm
>>> confused as to why Squirrelmail describes its "SMTP Port" setting this
>>>
>> So I should specify smtpd_client_restrictions or
>> smtpd_recipient_restrictions, but not both?
>>
>
> I think most people find it easier to put all of the restrictions under
> smtpd_recipient_restrictions, since you can just read them top-to-bottom
> with smtpd_delay_reject = yes (the default).
On 12/8/2011 2:49 PM, Grant wrote:
> Is it alright to send on port 25 from Squirrelmail when it's on the
> same machine as postfix?
OK, but not optimal. Better to leave on 465 to separate the traffic.
> That way I can make 587 require TLS and
> authentication but not require that local Squirrel
Am 08.12.2011 21:49, schrieb Grant:
25 is used by your MTA to receive *incoming* messages from other
administrative domains (organizations).
>>>
>>> Port 25 is never used to submit outbound messages? If not, I'm
>>> confused as to why Squirrelmail describes its "SMTP Port" setting thi
>>> 25 is used by your MTA to receive *incoming* messages from other
>>> administrative domains (organizations).
>>
>> Port 25 is never used to submit outbound messages? If not, I'm
>> confused as to why Squirrelmail describes its "SMTP Port" setting this
>> way:
>>
>> This is the port to connect
On 12/08/2011 03:24 PM, Grant wrote:
So I should specify smtpd_client_restrictions or
smtpd_recipient_restrictions, but not both?
I think most people find it easier to put all of the restrictions under
smtpd_recipient_restrictions, since you can just read them top-to-bottom
with smtpd_delay
On Thursday 08 December 2011 14:24:00 Grant wrote:
> Squirrelmail and postfix are on the same machine. I've changed
> Squirrelmail to send to port 25 with no authentication and no TLS
> and it works! It must have been failing before because it was
> trying to authenticate?
>
> So this is working
On 12/8/11 1:06 PM, Grant wrote:
>> I don't think you're really getting the significance of port 587 vs. port 25.
>
> I think you're right.
>
>> 587 can be used encrypted or unencrypted, authenticated (preferably) or
>> not... you could for instance just limit 587 connections from a particular
>>> You don't really need the permit_sasl_authenticated, since you shouldn't
>>> be
>>> trying to auth on port 25. It doesn't hurt, though.
>>
>>
>> I just noticed that I can't send mail from Thunderbird unless I
>> include permit_sasl_authenticated in the above
>> smtpd_recipient_restrictions bloc
On Thursday 08 December 2011 14:06:15 Grant wrote:
Philip:
> > 587 can be used encrypted or unencrypted, authenticated
> > (preferably) or not... you could for instance just limit 587
> > connections from a particular subnet, etc.
>
> Why then won't Squirrelmail send mail on port 587 unencrypted w
I don't see why local Squirrelmail won't send mail over 587,
but remote Thunderbird will. Squirrelmail also won't send mail over
port 25, but it will send mail over 465.
>>>
>>>
>>> Do you have a new-enough SquirrelMail? From the looks of it, the only
>>> version >= 1.5.1 is the dev
On 12/8/2011 1:28 PM, Michael Orlitzky wrote:
> On 12/08/2011 02:21 PM, Gary Smith wrote:
>>
>> Wouldn't it be smarter to just tell SquirrelMail to use port 587 and
>> pass through authentication? This way if the server is compromised
>> or has another exploit there isn't a simple internal email s
On 12/8/11 8:46 AM, Grant wrote:
>>> I don't see why local Squirrelmail won't send mail over 587,
>>> but remote Thunderbird will. Squirrelmail also won't send mail over
>>> port 25, but it will send mail over 465.
>>
>>
>> Do you have a new-enough SquirrelMail? From the looks of it, the only
>> v
On 12/08/2011 02:21 PM, Gary Smith wrote:
Wouldn't it be smarter to just tell SquirrelMail to use port 587 and
pass through authentication? This way if the server is compromised
or has another exploit there isn't a simple internal email server to
send all that spam from.
This is exactly what w
> So you should change 'client' to 'recipient' in master.cf before you
> remove the 'permit_sasl_authenticated' in main.cf.
>
> At that point, SquirrelMail (or anything else) won't be able to send
> mail unless it authenticates on port 587, sends to one of your domains
> on port 25, or is in $myne
On 12/08/2011 11:24 AM, Grant wrote:
You don't really need the permit_sasl_authenticated, since you shouldn't be
trying to auth on port 25. It doesn't hurt, though.
I just noticed that I can't send mail from Thunderbird unless I
include permit_sasl_authenticated in the above
smtpd_recipient_re
>>> You've probably got permit_mynetworks near the top of your
>>> smtpd_foo_restrictions, which are inherited by default. The "-o
>>
>>
>> The only smtpd_foo_restrictions I have in main.cf are:
>>
>> smtpd_recipient_restrictions =
>> permit_sasl_authenticated,
>> permit_mynetworks,
>> I don't see why local Squirrelmail won't send mail over 587,
>> but remote Thunderbird will. Squirrelmail also won't send mail over
>> port 25, but it will send mail over 465.
>
>
> Do you have a new-enough SquirrelMail? From the looks of it, the only
> version >= 1.5.1 is the development snaps
On 12/07/2011 10:13 PM, Grant wrote:
You've probably got permit_mynetworks near the top of your
smtpd_foo_restrictions, which are inherited by default. The "-o
The only smtpd_foo_restrictions I have in main.cf are:
smtpd_recipient_restrictions =
permit_sasl_authenticated,
per
>> I'm trying to figure out why I can't connect to 587 in Squirrelmail.
>> I can in Thunderbird.
>>
>
> You did select STARTTLS in the SquirrelMail config, right? The postfix logs
> might give you an idea what it's trying to do.
If I try to send mail in Squirrelmail with "Secure SMTP (TLS) : true"
> You've probably got permit_mynetworks near the top of your
> smtpd_foo_restrictions, which are inherited by default. The "-o
The only smtpd_foo_restrictions I have in main.cf are:
smtpd_recipient_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_
On 12/07/2011 09:10 PM, Grant wrote:
I'm trying to figure out why I can't connect to 587 in Squirrelmail.
I can in Thunderbird.
You did select STARTTLS in the SquirrelMail config, right? The postfix
logs might give you an idea what it's trying to do.
The docs say that you need PHP with the
On 12/07/2011 09:48 PM, /dev/rob0 wrote:
On Wednesday 07 December 2011 19:58:18 Michael Orlitzky wrote:
On 12/07/2011 08:09 PM, Grant wrote:
Is IMAP over SSL on 993 deprecated in favor of using STARTTLS on
143?
Nope. I personally prefer the dedicated port for POP3/IMAP.
Preferences aside, t
On Wednesday 07 December 2011 19:58:18 Michael Orlitzky wrote:
> On 12/07/2011 08:09 PM, Grant wrote:
> > Is IMAP over SSL on 993 deprecated in favor of using STARTTLS on
> > 143?
>
> Nope. I personally prefer the dedicated port for POP3/IMAP.
Preferences aside, the fact remains that SSL has been
> Just a point of clarification... port 465 isn't "deprecated" because it was
> never formerly assigned by IANA.
>
> It was highjacked by some mailer (I forget which) and when 587 was assigned,
> it was agreed to stop using the former port.
>
> As for one of your questions, it's assumed that 465
>>> the main-question is why you need to encrypt sending messages from
>>> a webmail which usually does not go over the WAN
>>
>> If I set "Secure SMTP (TLS) : false" in squirrelmail, I get:
>>
>> Authentication required
>> 530 5.7.0 Must issue a STARTTLS command first
>>
>> If I change port 587 to
Just a point of clarification... port 465 isn't "deprecated" because it was
never formerly assigned by IANA.
It was highjacked by some mailer (I forget which) and when 587 was assigned, it
was agreed to stop using the former port.
As for one of your questions, it's assumed that 465 comes up wit
On 12/07/2011 07:49 PM, Grant wrote:
I've been using smtps on port 465 for sending mail but I read it's
deprecated so I'm trying to switch to submission port 587.
With 465 I was using the "Connection security: SSL/TLS" setting in
Thunderbird, but after switching to 587 I can't send mail unless I
>> Is IMAP over SSL on 993 deprecated in favor of using STARTTLS on 143?
>
>
> Nope. I personally prefer the dedicated port for POP3/IMAP.
OK, I'll stick with it for IMAP.
>> I just read that Squirrelmail doesn't support STARTTLS, so I must
>> continue to use smtps 465 in order to use Squirrelmai
On 12/07/2011 08:09 PM, Grant wrote:
Is IMAP over SSL on 993 deprecated in favor of using STARTTLS on 143?
Nope. I personally prefer the dedicated port for POP3/IMAP.
I just read that Squirrelmail doesn't support STARTTLS, so I must
continue to use smtps 465 in order to use Squirrelmail?
Am 08.12.2011 02:40, schrieb Grant:
yes because it is STARTTLS
465 is smtp over ssl and NOT STARTTLS
we provide both on smtp/imap/pop3 because all of them
having a dedicated "over ssl" port and STARTTLS over
the standard-port if configured
SMTP unencrypt
I've been using smtps on port 465 for sending mail but I read it's
deprecated so I'm trying to switch to submission port 587.
With 465 I was using the "Connection security: SSL/TLS" setting in
Thunderbird, but after switching to 587 I can't send mail unless I
change it
Am 08.12.2011 02:09, schrieb Grant:
>>> I've been using smtps on port 465 for sending mail but I read it's
>>> deprecated so I'm trying to switch to submission port 587.
>>>
>>> With 465 I was using the "Connection security: SSL/TLS" setting in
>>> Thunderbird, but after switching to 587 I can't
>> I've been using smtps on port 465 for sending mail but I read it's
>> deprecated so I'm trying to switch to submission port 587.
>>
>> With 465 I was using the "Connection security: SSL/TLS" setting in
>> Thunderbird, but after switching to 587 I can't send mail unless I
>> change it to STARTTLS
Am 08.12.2011 01:49, schrieb Grant:
> I've been using smtps on port 465 for sending mail but I read it's
> deprecated so I'm trying to switch to submission port 587.
>
> With 465 I was using the "Connection security: SSL/TLS" setting in
> Thunderbird, but after switching to 587 I can't send mail
72 matches
Mail list logo
