[pfx] Re: smtp auth on port 25

2023-08-16 Thread Viktor Dukhovni via Postfix-users
On Thu, Aug 17, 2023 at 09:47:13AM +0800, Jon Smart wrote: > >> If your have smtpd_sasl_auth_enable=yes for your services on port > >> 587 (submission) and port 465 (smtps or submissions), then you can > >> remove it from master.cf when all your AUTH users are not using > >> the port 25 service.

[pfx] Re: smtp auth on port 25

2023-08-16 Thread Jon Smart via Postfix-users
> On Wed, Aug 16, 2023 at 08:48:25PM -0400, Wietse Venema via Postfix-users > wrote: > >> What is the output from >> >> postconf -P '*/inet/smtpd_sasl_auth_enable' >> >> That will show the smtpd_sasl_auth_enable settings in master.cf. >> >> If your have smtpd_sasl_auth_enable=yes for your servi

[pfx] Re: smtp auth on port 25

2023-08-16 Thread Viktor Dukhovni via Postfix-users
On Wed, Aug 16, 2023 at 08:48:25PM -0400, Wietse Venema via Postfix-users wrote: > What is the output from > > postconf -P '*/inet/smtpd_sasl_auth_enable' > > That will show the smtpd_sasl_auth_enable settings in master.cf. > > If your have smtpd_sasl_auth_enable=yes for your services on

[pfx] Re: smtp auth on port 25

2023-08-16 Thread Wietse Venema via Postfix-users
Jon Smart via Postfix-users: > > Jon Smart via Postfix-users skrev den 2023-08-16 04:01: > > > >> How can I disable auth on port 25? I really don't want users to use > >> port > >> 25 for auth sender. i am using postfix version 3.6.4 on ubuntu 22.04. > > > > its default disabled, no ? > > > > unsur

[pfx] Re: smtp auth on port 25

2023-08-16 Thread Jon Smart via Postfix-users
> Jon Smart via Postfix-users skrev den 2023-08-16 04:01: > >> How can I disable auth on port 25? I really don't want users to use >> port >> 25 for auth sender. i am using postfix version 3.6.4 on ubuntu 22.04. > > its default disabled, no ? > > unsure give us "postconf -n | grep auth" > Hello,

[pfx] Re: smtp auth on port 25

2023-08-16 Thread Benny Pedersen via Postfix-users
Peter via Postfix-users skrev den 2023-08-16 09:01: mta to mta can use port 465 or 587 aswell for intended purpose :) This is incorrect, MTAs should not and will not connect to any port other than port 25 for MX traffic. you are correct if you only have ONE mta so its valid if both client an

[pfx] Re: smtp auth on port 25

2023-08-16 Thread Benny Pedersen via Postfix-users
Jon Smart via Postfix-users skrev den 2023-08-16 04:01: How can I disable auth on port 25? I really don't want users to use port 25 for auth sender. i am using postfix version 3.6.4 on ubuntu 22.04. its default disabled, no ? unsure give us "postconf -n | grep auth" my own is mx ~ # postco

[pfx] Re: smtp auth on port 25

2023-08-16 Thread Matus UHLAR - fantomas via Postfix-users
On August 15, 2023 2:15:21 AM GMT+02:00, Jon Smart via Postfix-users wrote: I have disabled port 587/465 to be accessed publicly. but port 25 must be open to internet for MTA communications. My question is, can external users access port 25 for smtp auth and send mail then? Not if you disable

[pfx] Re: smtp auth on port 25

2023-08-16 Thread Peter via Postfix-users
On 15/08/23 21:08, Benny Pedersen via Postfix-users wrote: Peter via Postfix-users skrev den 2023-08-15 10:44: This is a bad idea for several reasons.  If you want submission use ports 465 and/or 587 as they are intended.  Don't try to use a service that is meant for a different purpose for thi

[pfx] Re: smtp auth on port 25

2023-08-15 Thread Jon Smart via Postfix-users
> > > On August 15, 2023 2:15:21 AM GMT+02:00, Jon Smart via Postfix-users > wrote: >>Hello, >> >>I have disabled port 587/465 to be accessed publicly. >> >>but port 25 must be open to internet for MTA communications. >> >>My question is, can external users access port 25 for smtp auth and send >>

[pfx] Re: smtp auth on port 25

2023-08-15 Thread Marvin Renich via Postfix-users
* Benny Pedersen via Postfix-users [230815 05:10]: > Peter via Postfix-users skrev den 2023-08-15 10:44: > > > This is a bad idea for several reasons. If you want submission use > > ports 465 and/or 587 as they are intended. Don't try to use a service > > that is meant for a different purpose f

[pfx] Re: smtp auth on port 25

2023-08-15 Thread Benny Pedersen via Postfix-users
Peter via Postfix-users skrev den 2023-08-15 10:44: This is a bad idea for several reasons. If you want submission use ports 465 and/or 587 as they are intended. Don't try to use a service that is meant for a different purpose for this. mta to mta can use port 465 or 587 aswell for intended

[pfx] Re: smtp auth on port 25

2023-08-15 Thread Peter via Postfix-users
On 15/08/23 12:15, Jon Smart via Postfix-users wrote: I have disabled port 587/465 to be accessed publicly. These are the submission and submissions ports, for user submission of mail. but port 25 must be open to internet for MTA communications. Port 25 is for MX to MX communication, for a

[pfx] Re: smtp auth on port 25

2023-08-15 Thread Christian Kivalo via Postfix-users
On August 15, 2023 2:15:21 AM GMT+02:00, Jon Smart via Postfix-users wrote: >Hello, > >I have disabled port 587/465 to be accessed publicly. > >but port 25 must be open to internet for MTA communications. > >My question is, can external users access port 25 for smtp auth and send >mail then? N

Re: SMTP Auth bind password management

2021-07-09 Thread Viktor Dukhovni
On Fri, Jul 09, 2021 at 04:13:43PM +, Wakefield, Robin wrote: > My company requires that the passwords for all technical accounts be > recycled regularly. It seems that by "technical accounts" you mean service accounts used by software subsystems rather than human users. > Our implementation

Re: SMTP Auth bind password management

2021-07-09 Thread Wietse Venema
>Wakefield, Robin: > Hello, > > My company requires that the passwords for all technical accounts > be recycled regularly. > > Our implementation of SMTP authentication uses the nslcd service > - we regularly rotate between 2 binddn accounts, so that we can > perform the password updates on the ina

Re: SMTP AUTH issue

2015-03-16 Thread Emmanuel Fusté
Le 14/03/2015 09:15, Viktor Dukhovni a écrit : On Fri, Mar 13, 2015 at 06:13:56PM +0100, Emmanuel Fust? wrote: Ok, what do you think about this one ? I added XSASL_AUTH_TEMP in case of crashed / stopped dovecot auth server too. Looks fine to me. What SMTP client is it by the way that treats a

Re: SMTP AUTH issue

2015-03-14 Thread Viktor Dukhovni
On Fri, Mar 13, 2015 at 06:13:56PM +0100, Emmanuel Fust? wrote: > Ok, what do you think about this one ? > I added XSASL_AUTH_TEMP in case of crashed / stopped dovecot auth server > too. Looks fine to me. What SMTP client is it by the way that treats a 535 in response to AUTH as a reason to bo

Re: SMTP AUTH issue

2015-03-13 Thread Emmanuel Fusté
Le 13/03/2015 17:14, Emmanuel Fusté a écrit : Le 11/03/2015 16:54, Emmanuel Fusté a écrit : Le 11/03/2015 16:39, Viktor Dukhovni a écrit : On Wed, Mar 11, 2015 at 01:41:00PM +0100, Emmanuel Fust? wrote: Hello, On a heavy i/o loaded Postfix (2.11.0) server, i've got this behavior: 535 5.7.8

Re: SMTP AUTH issue

2015-03-13 Thread Viktor Dukhovni
On Fri, Mar 13, 2015 at 05:14:24PM +0100, Emmanuel Fust? wrote: > >>You could try the patch below and report your results (presumably > >>for Dovecot). It would be nice to have confirmation for Cyrus > >>also. > > > >Will test and report the result asap. > > Ok work as expected ! Thank you. > > B

Re: SMTP AUTH issue

2015-03-13 Thread Emmanuel Fusté
Le 11/03/2015 16:54, Emmanuel Fusté a écrit : Le 11/03/2015 16:39, Viktor Dukhovni a écrit : On Wed, Mar 11, 2015 at 01:41:00PM +0100, Emmanuel Fust? wrote: Hello, On a heavy i/o loaded Postfix (2.11.0) server, i've got this behavior: 535 5.7.8 Error: authentication failed: Connection lost t

Re: SMTP AUTH issue

2015-03-12 Thread Emmanuel Fusté
Le 11/03/2015 16:39, Viktor Dukhovni a écrit : On Wed, Mar 11, 2015 at 01:41:00PM +0100, Emmanuel Fust? wrote: Hello, On a heavy i/o loaded Postfix (2.11.0) server, i've got this behavior: 535 5.7.8 Error: authentication failed: Connection lost to authentication server Mar 10 16:37:08 xxx

Re: SMTP AUTH issue

2015-03-11 Thread Viktor Dukhovni
On Wed, Mar 11, 2015 at 01:41:00PM +0100, Emmanuel Fust? wrote: > Hello, > > On a heavy i/o loaded Postfix (2.11.0) server, i've got this behavior: > > 535 5.7.8 Error: authentication failed: Connection lost to authentication > server > Mar 10 16:37:08 x postfix/smtpd[20613]: warning:

Re: Smtp auth from a hash or cdb file

2014-12-19 Thread Viktor Dukhovni
On Fri, Dec 19, 2014 at 03:23:39PM +0530, Ram wrote: > Ok fine , Is there any other file based approach that does not use a > "provider" Cyrus SASL supports a "sasldb" interface, or PAM. Either can use a locally stored password database. With PAM, ideally strong password crypts. With "sasldb"

Re: Smtp auth from a hash or cdb file

2014-12-19 Thread li...@rhsoft.net
Am 19.12.2014 um 10:53 schrieb Ram: On 12/19/2014 03:16 PM, li...@rhsoft.net wrote: Am 19.12.2014 um 08:53 schrieb Ram: Can I use postfix smtpauth with a hash or cdb file sasldb2 file is unfriendly , because that requires command line to add / modify. I want to have this fully automated usin

Re: Smtp auth from a hash or cdb file

2014-12-19 Thread Ram
On 12/19/2014 03:16 PM, li...@rhsoft.net wrote: Am 19.12.2014 um 08:53 schrieb Ram: Can I use postfix smtpauth with a hash or cdb file sasldb2 file is unfriendly , because that requires command line to add / modify. I want to have this fully automated using a UI no - cyrus SASL is just a pr

Re: Smtp auth from a hash or cdb file

2014-12-19 Thread li...@rhsoft.net
Am 19.12.2014 um 08:53 schrieb Ram: Can I use postfix smtpauth with a hash or cdb file sasldb2 file is unfriendly , because that requires command line to add / modify. I want to have this fully automated using a UI no - cyrus SASL is just a provider for postfix and postfix as consumer even d

Re: SMTP AUTH SASL only from specified IP address

2014-09-02 Thread Viktor Dukhovni
On Tue, Sep 02, 2014 at 07:25:15PM +0200, Lubomir Majersky wrote: > > # Postfix 2.10 or later, ocnsider: smtpd_relay_restrictions > > smtpd_recipient_restrictions = > > permit_mynetworks, > > check_client_access cidr:${config_directory}/allow-sasl.cidr, > > reject_unauth_desti

Re: SMTP AUTH SASL only from specified IP address

2014-09-02 Thread Lubomir Majersky
main.cf: smtpd_sasl_exceptions_networks = # Don't exclude these !cidr:${config_directory}/allow-sasl.cidr, # Exclude the rest 0.0.0.0/0 allow-sasl.cidr: 192.0.2.0/24 permit_sasl_authenticated 10.0.0.0/8 permit_sasl_authenticated

Re: SMTP AUTH SASL only from specified IP address

2014-09-02 Thread Lubomir Majersky
Dňa 2. 9. 2014 16:36 Fernando Maior wrote / napísal(a): Also, if you look at smtpd_sasl_exceptions_networks you see: What remote SMTP clients the Postfix SMTP server will not offer AUTH support to. AUTH support I want to offer my clients/subnets only. This ensures that if occurs leak credent

Re: SMTP AUTH SASL only from specified IP address

2014-09-02 Thread Lubomir Majersky
Dňa 2. 9. 2014 16:47 Viktor Dukhovni wrote / napísal(a): and the 'file.CIDR' contains: ! 195.98.0.0/19OK ! 195.98.128.0/19OK ! ...OK ! ...OK ! 212.26.160.0/19OK 0.0.0.0/0REJECT Is that so? Yes, that should work. No, that's invalid. The cidr_table(5) docume

Re: SMTP AUTH SASL only from specified IP address

2014-09-02 Thread Fernando Maior
On Tue, Sep 2, 2014 at 11:47 AM, Viktor Dukhovni wrote: > On Tue, Sep 02, 2014 at 09:15:32AM -0500, Noel Jones wrote: > > > > and the 'file.CIDR' contains: > > > > > > ! 195.98.0.0/19OK > > > ! 195.98.128.0/19OK > > > ! ...OK > > > ! ...OK > > > ! 212.26.160.0/19OK > > > 0.0.0

Re: SMTP AUTH SASL only from specified IP address

2014-09-02 Thread Viktor Dukhovni
On Tue, Sep 02, 2014 at 09:15:32AM -0500, Noel Jones wrote: > > and the 'file.CIDR' contains: > > > > ! 195.98.0.0/19OK > > ! 195.98.128.0/19OK > > ! ...OK > > ! ...OK > > ! 212.26.160.0/19OK > > 0.0.0.0/0REJECT > > > > Is that so? > > Yes, that should work. No,

Re: SMTP AUTH SASL only from specified IP address

2014-09-02 Thread Fernando Maior
Hello, Also, I should be wary about using negates (!) on rules. I understand you know the use of postmap command. I suggest using both notations (with ! and without ! before the cidr ip ranges) and using postmap extensively to test the real behaviour of the

Re: SMTP AUTH SASL only from specified IP address

2014-09-02 Thread Fernando Maior
Hello, Also, if you look at smtpd_sasl_exceptions_networks you see: What remote SMTP clients the Postfix SMTP server will not offer AUTH support to. You see, I suppose any cidr range within the file is a range for which postfix will NOT offer AUTH support. So, I believe that you should put "xx.x

Re: SMTP AUTH SASL only from specified IP address

2014-09-02 Thread Lubomir Majersky
Thanks, for reply. Yes, I use port 587, but I can not disable AUTH on port 25... I also have a unruly users... Lubo M. -- http://LuMaX.acom.sk Dňa 2. 9. 2014 16:15 Noel Jones wrote / napísal(a): On 9/2/2014 9:01 AM, Lubomir Majersky wrote: Thanks, I

Re: SMTP AUTH SASL only from specified IP address

2014-09-02 Thread Lubomir Majersky
Certainly, the ideal situation does not exist... - webmail - I solved webmail (...delay between sending individual e-mails, restriction max recipients, login from some country... etc) - If you find that there was a leak credentials, I am blocking a legitimate user account (change password)..

Re: SMTP AUTH SASL only from specified IP address

2014-09-02 Thread Noel Jones
On 9/2/2014 9:01 AM, Lubomir Majersky wrote: > Thanks, I overlooked. So if I understand it, this should be: > > smtpd_sasl_exceptions_networks = cidr: /path/to/file.CIDR no space between map:file = cidr:/path/to/file.cidr > > and the 'file.CIDR' contains: > > ! 195.98.0.0/19OK

Re: SMTP AUTH SASL only from specified IP address

2014-09-02 Thread Lubomir Majersky
Thanks, I overlooked. So if I understand it, this should be: smtpd_sasl_exceptions_networks = cidr: /path/to/file.CIDR and the 'file.CIDR' contains: ! 195.98.0.0/19 OK ! 195.98.128.0/19 OK ! ... OK ! ... OK ! 212.26.160.0/19 OK 0.0.0.0/0 REJECT Is that so?

Re: SMTP AUTH SASL only from specified IP address

2014-09-02 Thread Fernando Maior
Hi, Just think about this: some real and legitimate user may have his/her computer invaded, and used for sending non-authorized e-mails via his/her authorized account. How can this be countered? Because the computer IS in a non-restricted ip range, the user IS authorized and everything else is fi

Re: SMTP AUTH SASL only from specified IP address

2014-09-02 Thread Lubomir Majersky
Hi, I use the FW restrictions, but I can not block the relevant clients from foreign. Therefore, I need to block already authenticated clients, based on written: "Sometimes it happens that my legitimate user has an infected computer and occurs leak credentials, for example to Asia and then

Re: SMTP AUTH SASL only from specified IP address

2014-09-02 Thread Viktor Dukhovni
On Tue, Sep 02, 2014 at 06:45:32AM -0500, Noel Jones wrote: > To answer your question above about 1000 entries in the main.cf > parameter, that sounds like a bad idea. It probably wouldn't give > an error, but would likely make smtpd slow to start, maybe > significantly so. I doubt it's ever bee

Re: SMTP AUTH SASL only from specified IP address

2014-09-02 Thread Fernando Maior
Hello, What about using iptables or other firewall ruling to rule out connections for SMTP from those CIDR ranges? Atenciosamente, --- Fernando Maciel Souto Maior Projetos e Soluções de Tecnologia (31) 9226-9440 TIM On Tue, Sep 2, 2014 at 8:45 AM, Noel Jones wrote: > On 9/2/2014 5:39 AM, Lubo

Re: SMTP AUTH SASL only from specified IP address

2014-09-02 Thread Noel Jones
On 9/2/2014 5:39 AM, Lubomir Majersky wrote: > Hi, > > sorry for my english. I would like to allow access for clients > who are already authenticated (SMTP AUTH SASL), but from specified > IP address ranges only. > > In the Internet I found various posts. I found something that > interest

Re: SMTP auth without mailbox

2013-08-13 Thread Jeroen Geilman
On 08/12/2013 08:30 PM, M. Spini wrote: I need auth to send email, and possibly give the users the possibility to change their pwd. Postfix supports server SASL via either dovecot or cyrus. You can see which your installation supports with #postconf -a I recommend dovecot since it is much

Re: SMTP auth without mailbox

2013-08-12 Thread M. Spini
I need auth to send email, and possibly give the users the possibility to change their pwd. Thanks. Massi Il 12/08/2013 19.56, Wietse Venema ha scritto: massi: Hi there, I need to activate SMTP authentication on a Postfix server that has no mailbox on board (

Re: SMTP auth without mailbox

2013-08-12 Thread Wietse Venema
massi: > Hi there, > I need to activate SMTP authentication on a Postfix server that has no > mailbox on board (it relays email for Google Apps service and certified > emails). All the mailbox are stored on a remote server, they asked me to > activate only the SMTP auth service. > > Can you please

Re: SMTP auth without mailbox

2013-08-12 Thread l...@airstreamcomm.net
We setup dovecot on our outbound relay to talk to a database containing the user information and provide the auth socket to postfix. Unless the address of the recipient has the same domain as the local postfix instance all messages will be relayed on (we set the local domain to something bogus

Re: SMTP auth without mailbox

2013-08-12 Thread Dominik George
Hi, you can run saslauthd as a standalone auth process. -nik massi schrieb: >Hi there, >I need to activate SMTP authentication on a Postfix server that has no >mailbox on board (it relays email for Google Apps service and certified >emails). All the mailbox are stored on a remote server, they

Re: smtp auth

2013-06-27 Thread Fabrizio Monti
@/dev/rob0, you're right that it makes no sense: I wrote a huge stupid, it's working properly!! You ignore the previous email, now go outside and get some fresh air, but I take so much!!! Thank you so much to all of the aid that you gave me! 2013/6/27 /dev/rob0 : > On Thu, Jun 27, 2013 at 09:51:5

Re: smtp auth

2013-06-27 Thread /dev/rob0
On Thu, Jun 27, 2013 at 09:51:50AM +0200, Fabrizio Monti wrote: > I did some testing and I determined that if I configure the SMTP > mail client on port 25 can send e-mails only for my domains. > But if I connect to telnet on port 25 I can send emails to all > the domains. I can stop this? First,

Re: smtp auth

2013-06-27 Thread Fabrizio Monti
Ok, thanks to everyone for their helpful advice, were all valuable. I did some testing and I determined that if I configure the SMTP mail client on port 25 can send e-mails only for my domains. But if I connect to telnet on port 25 I can send emails to all the domains. I can stop this?

Re: smtp auth

2013-06-25 Thread Wietse Venema
Fabrizio Monti: > > but when I try to send mail from client using port 25 without > > authentication and sends the email to me, I do not want this, I do not > > want it to work! Where am I doing wrong? Risce someone to tell me where > > I'm wrong? If you don't want to receive mail from the Interne

Re: smtp auth

2013-06-25 Thread Simon B
On 25 Jun 2013 15:04, "Fabrizio Monti" wrote: > > @Jerry > > >Please don't use HTML format to send email. Plain ASCII is preferred. > Sorry, correct it immediately. > > > postconf -n > > alias_database = hash:/etc/aliases > broken_sasl_auth_clients = yes > command_directory = /usr/sbin > config_di

Re: smtp auth

2013-06-25 Thread Fabrizio Monti
@Jerry >Please don't use HTML format to send email. Plain ASCII is preferred. Sorry, correct it immediately. postconf -n alias_database = hash:/etc/aliases broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix data_d

Re: smtp auth

2013-06-25 Thread Patrick Ben Koetter
Fabrizio, * Fabrizio Monti : > hello to all, > I can not understand: I would like to enable authentication on port 25 > to prevent > my server was used as a free smtp, I configured, by the book, postfix, if I > connect to telnet gives me back > > Escape character is '^]'. > 220 example.com ESMTP

Re: smtp auth

2013-06-25 Thread Jerry
On Tue, 25 Jun 2013 12:15:28 +0200 Fabrizio Monti articulated: > > hello to all, > > I can not understand: I would like to enable authentication on port > > 25 to prevent my server was used as a free smtp, I configured, by > > the book, postfix, if I connect to telnet gives me back > > > > Escape

Re: smtp auth

2013-06-25 Thread Fabrizio Monti
All this because I have problems with my mail server, I have been using as smtp relay, how can I prevent sending email on port 25 and at the same time able to receive mail on port 25? 2013/6/25 Fabrizio Monti > hello to all, > I can not understand: I would like to enable authentication on port

Re: smtp Auth.

2012-11-13 Thread Noel Jones
On 11/13/2012 7:03 AM, Muhammad Yousuf Khan wrote: > On Tue, Nov 13, 2012 at 12:54 PM, Patrick Ben Koetter wrote: >> * Muhammad Yousuf Khan : >>> i have been through several articles and howtos for configuring smtpd >>> to accept credential for authenticantion but all of them are fail. >>> postfix

Re: smtp Auth.

2012-11-13 Thread Muhammad Yousuf Khan
On Tue, Nov 13, 2012 at 12:54 PM, Patrick Ben Koetter wrote: > * Muhammad Yousuf Khan : >> i have been through several articles and howtos for configuring smtpd >> to accept credential for authenticantion but all of them are fail. >> postfix relay email anonymusly no matter what i configure. here

Re: smtp Auth.

2012-11-13 Thread Shiv. Nath
> * Muhammad Yousuf Khan : >> i have been through several articles and howtos for configuring smtpd >> to accept credential for authenticantion but all of them are fail. >> postfix relay email anonymusly no matter what i configure. here is the >> configuration of /etc/postfix/main.cf >> >> smtpd_t

Re: smtp Auth.

2012-11-12 Thread Patrick Ben Koetter
* Muhammad Yousuf Khan : > i have been through several articles and howtos for configuring smtpd > to accept credential for authenticantion but all of them are fail. > postfix relay email anonymusly no matter what i configure. here is the > configuration of /etc/postfix/main.cf > > smtpd_tls_cert_

Re: SMTP AUTH: Need your comments on this guide

2012-11-01 Thread Benny Pedersen
thorso...@lavabit.com skrev den 31-10-2012 22:48: Sure. Why did you (why did the author of the guide) choose Cyrus SASL? If you are using Dovecot IMAP, it makes absolutely no sense then to use Cyrus SASL. Dovecot SASL is much easier to set up. If you're using something else for IMAP, Dovecot SASL

Re: SMTP AUTH: Need your comments on this guide

2012-10-31 Thread Patrick Ben Koetter
* thorso...@lavabit.com : > > The question is: Do you have any applications except for Postfix smtpd > server > > that would need to use saslauthd as password verification service? If you > > don't, ignore the note and go on. > > The problem is that I'm not sure. And I don't know how to check. Us

Re: SMTP AUTH: Need your comments on this guide

2012-10-31 Thread thorsopia
> The question is: Do you have any applications except for Postfix smtpd server > that would need to use saslauthd as password verification service? If you > don't, ignore the note and go on. The problem is that I'm not sure. And I don't know how to check.

Re: SMTP AUTH: Need your comments on this guide

2012-10-31 Thread thorsopia
> Sure. Why did you (why did the author of the guide) choose Cyrus > SASL? If you are using Dovecot IMAP, it makes absolutely no sense > then to use Cyrus SASL. Dovecot SASL is much easier to set up. If > you're using something else for IMAP, Dovecot SASL is a reason to > consider changing. I've a

Re: SMTP AUTH: Need your comments on this guide

2012-10-30 Thread /dev/rob0
On Tue, Oct 30, 2012 at 03:57:33AM -0400, thorso...@lavabit.com wrote: > Do you see any problems with this [1] guide? > > "Note: by changing the saslauthd path other applications that use > saslauthd may be affected." [1] Sure. Why did you (why did the author of the guide) choose Cyrus SASL?

Re: SMTP AUTH: Need your comments on this guide

2012-10-30 Thread Patrick Ben Koetter
* thorso...@lavabit.com : > Hi, > > Do you see any problems with this [1] guide? > > "Note: by changing the saslauthd path other applications that use > saslauthd may be affected." [1] > > How to check that I won't break other apps? They fail? If you tell saslauthd to establish the authenticatio

Re: smtp auth connection restrictions

2012-10-17 Thread Jeroen Geilman
On 10/17/2012 10:36 AM, /dev/rob0 wrote: On Wed, Oct 17, 2012 at 09:35:33AM +0200, Tom Kinghorn wrote: I was wondering id there is any way to specify a destination_concurrency_limit for clients which have used SMTP_AUTH and whose source is not on the $mynetworks. We currently have a problem whe

Re: smtp auth connection restrictions

2012-10-17 Thread Wietse Venema
Tom Kinghorn: > Morning List. > > I was wondering id there is any way to specify a > destination_concurrency_limit for clients which have used SMTP_AUTH and > whose source is > not on the $mynetworks. mumble_destination_concurrency_limit is an output property. You should be rate-limiting the i

Re: smtp auth connection restrictions

2012-10-17 Thread /dev/rob0
On Wed, Oct 17, 2012 at 09:35:33AM +0200, Tom Kinghorn wrote: > I was wondering id there is any way to specify a > destination_concurrency_limit for clients which have used > SMTP_AUTH and whose source is not on the $mynetworks. > > We currently have a problem where the accounts of clients > (who

Re: SMTP Auth question

2011-11-30 Thread Brian Evans - Postfix List
On 11/30/2011 12:55 PM, Peter Tselios wrote: > Hallo, > > I would to like to enable SMTP authentication, as an option feature for our > users, but I have some questions before doing so. > 1st: Is it possible to enable it, without Cyrus of Dovecot? I do not want to > install Cyrus of Dovecot on my

Re: SMTP auth for relayhost

2011-11-09 Thread Curtis Maurand
On 11/9/2011 4:12 AM, Robert Hass wrote: Hi I'm using Postfix at my server. I would like to relay all outgoing e-mails via my main SMTP server (relayhost = ... in main.cf). But my main SMTP server needs SMTP authorization. Where I can configure authentication (login and password) for relayhost ?

Re: SMTP auth for relayhost

2011-11-09 Thread Patrick Ben Koetter
* Robert Hass : > Hi > I'm using Postfix at my server. I would like to relay all outgoing > e-mails via my main SMTP server (relayhost = ... in main.cf). > But my main SMTP server needs SMTP authorization. Where I can > configure authentication (login and password) for relayhost ?

Re: SMTP AUTH on alternative port and mail forwarding domains

2011-07-09 Thread Christoph Scheurer
Hello, I am replying to myself, because I found the problem: > smtp inet n - - - - smtpd > 25025 inet n - - - - smtpd >-o smtpd_tls_auth_only=no >-o smtpd_sasl_auth_enable=yes >-o smtpd_sasl_security_options=noanon

Re: SMTP AUTH on alternative port and mail forwarding domains

2011-07-09 Thread Noel Jones
On 7/9/2011 10:10 AM, Christoph Scheurer wrote: > Hello, > > I have a mail server with postfix 2.5.5 (Debian lenny) which is serving mail > forwarding domains as described in VIRTUAL_README.html without any problems. > The respective part in main.cf contains (domain name removed): > virtual_alias_

Re: SMTP AUTH for all users except for our mailing-lists ?

2011-07-04 Thread Stan Hoeppner
On 7/3/2011 3:14 AM, Frank Bonnet wrote: > Hello > > I would like to force all my real users to use SMTP AUTH > ( SASL + LDAP ) but we have many internal mailing lists > running and I wonder if it is possible to add an exception > for that purpose , I think it would be possible with "mynetwork" >

Re: SMTP AUTH for all users except for our mailing-lists ?

2011-07-04 Thread Frank Bonnet
On 07/03/2011 02:37 PM, Benny Pedersen wrote: On Sun, 03 Jul 2011 10:14:32 +0200, Frank Bonnet wrote: Hello I would like to force all my real users to use SMTP AUTH ( SASL + LDAP ) but we have many internal mailing lists running and I wonder if it is possible to add an exception for that purpos

Re: SMTP AUTH for all users except for our mailing-lists ?

2011-07-03 Thread Benny Pedersen
On Sun, 03 Jul 2011 10:14:32 +0200, Frank Bonnet wrote: Hello I would like to force all my real users to use SMTP AUTH ( SASL + LDAP ) but we have many internal mailing lists running and I wonder if it is possible to add an exception for that purpose , I think it would be possible with "mynetwor

Re: SMTP AUTH

2011-05-04 Thread punit jain
This isn't possible without separating local mail submission from general > internet incoming mail. > > Probably the easiest way to do that is to require your users to submit mail > on the submission port 587 or smtps port 465, and use your firewall to block > or redirect port 25 from your local ne

Re: SMTP AUTH

2011-05-04 Thread Benny Pedersen
On Thu, 5 May 2011 00:54:02 +0530, punit jain wrote: > All *outgoing emails only, from *all users irrespective of whether they > sending to local or non local domains. > Is there a way to achieve ? if you try what i told you in the first email to the maillist then it works if that does not work

Re: SMTP AUTH

2011-05-04 Thread Erwan David
Le Thu 5/05/2011, punit jain disait > > Wouldn't it be better to leave permit_mynetworks in place and restrict > > > $mynetworks to 127.0.0.0/8 instead? > > > > maybe, but the OP imho want to smtp auth ALL emails > > > > > All *outgoing emails only, from *all users irrespective of whether they > s

Re: SMTP AUTH

2011-05-04 Thread punit jain
> >> How do I enforce that ? > > Don't give your users login rights on your mail server. > > what about webmail ? :) > > (sendt from 127.0.0.1 to 0.0.0.0 ip will get catched by permit_mynetworks, > but not by permit_auth* unless its smtp authed) > Webmail is fine as users anyhow need to login. I a

Re: SMTP AUTH

2011-05-04 Thread Noel Jones
On 5/4/2011 2:24 PM, punit jain wrote: > Wouldn't it be better to leave permit_mynetworks in place and restrict > $mynetworks to 127.0.0.0/8 instead? maybe, but the OP imho want to smtp auth ALL emails All *outgoing emails only, from *all users irrespe

Re: SMTP AUTH

2011-05-04 Thread Benny Pedersen
On Wed, 4 May 2011 21:08:55 +0200, Ansgar Wiechers wrote: >> How do I enforce that ? > Don't give your users login rights on your mail server. what about webmail ? :) (sendt from 127.0.0.1 to 0.0.0.0 ip will get catched by permit_mynetworks, but not by permit_auth* unless its smtp authed)

Re: SMTP AUTH

2011-05-04 Thread punit jain
> Wouldn't it be better to leave permit_mynetworks in place and restrict > > $mynetworks to 127.0.0.0/8 instead? > > maybe, but the OP imho want to smtp auth ALL emails > > All *outgoing emails only, from *all users irrespective of whether they sending to local or non local domains. Is there a way

Re: SMTP AUTH

2011-05-04 Thread Benny Pedersen
On Wed, 4 May 2011 20:41:23 +0200, Ansgar Wiechers wrote: >>> When I send a mail from a local user to local domain user hosted on >>> my server I want to make sure it still asks for auth request. >>> How do I achieve it ? >> >> remove any content of permit_mynetworks >> and replace it with permi

Re: SMTP AUTH

2011-05-04 Thread Ansgar Wiechers
Please keep this conversation on-list. On 2011-05-05 punit jain wrote: > Wouldn't it be better to leave permit_mynetworks in place and restrict > $mynetworks to 127.0.0.0/8 instead? > > Exactly what I pointed out for webmail users. > > But that doesnot solve the issue of Auth enable for all user

Re: SMTP AUTH

2011-05-04 Thread Ansgar Wiechers
On 2011-05-04 Benny Pedersen wrote: > On Wed, 4 May 2011 22:47:41 +0530, punit jain wrote: >> When I send a mail from a local user to local domain user hosted on >> my server I want to make sure it still asks for auth request. >> >> How do I achieve it ? > > remove any content of permit_mynetwor

Re: SMTP AUTH

2011-05-04 Thread Benny Pedersen
On Wed, 4 May 2011 22:47:41 +0530, punit jain wrote: > When I send a mail from a local user to local domain user hosted on my > server I want to make sure it still asks for auth request. > > How do I achieve it ? remove any content of permit_mynetworks and replace it with permit_* of other cho

Re: SMTP AUTH

2011-05-04 Thread Noel Jones
On 5/4/2011 12:59 PM, punit jain wrote: Does it make sense ? or you want me to explain more ? Postfix documentation can be found here: http://www.postfix.org/documentation.html If you need more help, please see: http://www.postfix.org/DEBUG_README.html#mail -- Noel Jones

Re: SMTP AUTH

2011-05-04 Thread punit jain
Does it make sense ? or you want me to explain more ?

Re: SMTP AUTH

2011-05-04 Thread punit jain
When I send a mail from a local user to local domain user hosted on my server I want to make sure it still asks for auth request. How do I achieve it ?

Re: SMTP AUTH

2011-05-04 Thread Noel Jones
On 5/4/2011 12:04 PM, punit jain wrote: Hi, How do I ensure that SMTP AUTH is also in place for local domains as well ? Regards, Puneet Your question is unclear. Please explain. -- Noel Jones

Re: SMTP AUTH not subjected to unnecessary check?

2010-03-06 Thread mouss
Voytek Eymont a écrit : > On Fri, March 5, 2010 11:29 am, mouss wrote: >> Voytek Eymont a écrit : > >> there is no evidence in your config that auth'ed mail gets a different >> ticket than other mail. >> >> the recommended way is to enable "submission" (port 587) and configure >> clients to use th

Re: SMTP AUTH not subjected to unnecessary check?

2010-03-06 Thread Magnus Bäck
On Friday, March 05, 2010 at 00:16 CET, Voytek Eymont wrote: > I have Postfix with SMTP AUTH with self issued certificate, it all > works well (as long as I don't touch it..) SMTP authentication has nothing to do with self-signed certificates. > I have now "allowed" some users to use SMTP

Re: SMTP AUTH not subjected to unnecessary check?

2010-03-05 Thread Charles Marcus
On 2010-03-04 8:07 PM, Voytek Eymont wrote: > but I enabled 'submission' and use port 587 for SMTP AUTH, and, am I > missing something? Here's mine: submission inet n - n - - smtpd -o smtpd_tls_security_level=encrypt -o smtpd_tls_auth_only=yes -o smtpd_client_

Re: SMTP AUTH not subjected to unnecessary check?

2010-03-04 Thread Voytek Eymont
On Fri, March 5, 2010 11:29 am, mouss wrote: > Voytek Eymont a écrit : > > there is no evidence in your config that auth'ed mail gets a different > ticket than other mail. > > the recommended way is to enable "submission" (port 587) and configure > clients to use this port. This will be more and

Re: SMTP AUTH not subjected to unnecessary check?

2010-03-04 Thread mouss
Voytek Eymont a écrit : > I have Postfix with SMTP AUTH with self issued certificate, it all works > well (as long as I don't touch it..) > > I have now "allowed" some users to use SMTP AUTH, but, some of their mail > then gets evaluated as 'spam' by amavisd/spamassasin scores, amongst > these, 'd

Re: smtp auth over ssl for smartrelay configuration

2010-01-25 Thread Noel Jones
On 1/25/2010 7:56 AM, Jelle de Jong wrote: Does somebody know the differences between using SSL over port 465 and TLS over port 25 in the settings for the Debian icedove MUA? (I want to make postfix use port 465 for its smtp auth mailrelaying) There's some overlap of terms here -- it's understa

  1   2   >