lists--- via Postfix-users:
> I have a user with an 'old' printer/scanner who wants to scan/email scans
> from the home located device
>
> printer offers:
> machine email address:
> SMTP server:
> SMTP server port:
>
> send authentication: PoPb4SMTP/SMTP AU
Dnia 13.12.2023 o godz. 09:15:52 Bill Cole via Postfix-users pisze:
>
> No AUTH offered. Which is fine, because one should not offer AUTH
> over an unencrypted session. However, your printer saw that and
> instead of using STARTTLS, it hung up. That's bad. It should have
> used STARTTLS to get a u
erver port:
send authentication: PoPb4SMTP/SMTP AUTH: Plain/Login/CRAM-MD5/Auto
login name:
passwd:
I would also expect a session encryption option for using TLS on the
connection, which may be labeled as SSL because it is old.
If your printer has no such option, I'd junk it.
tried 5
I have a user with an 'old' printer/scanner who wants to scan/email scans
from the home located device
printer offers:
machine email address:
SMTP server:
SMTP server port:
send authentication: PoPb4SMTP/SMTP AUTH: Plain/Login/CRAM-MD5/Auto
login name:
passwd:
tried 587 with each of
On Thu, Aug 17, 2023 at 09:47:13AM +0800, Jon Smart wrote:
> >> If your have smtpd_sasl_auth_enable=yes for your services on port
> >> 587 (submission) and port 465 (smtps or submissions), then you can
> >> remove it from master.cf when all your AUTH users are not using
> >> the port 25 service.
> On Wed, Aug 16, 2023 at 08:48:25PM -0400, Wietse Venema via Postfix-users
> wrote:
>
>> What is the output from
>>
>> postconf -P '*/inet/smtpd_sasl_auth_enable'
>>
>> That will show the smtpd_sasl_auth_enable settings in master.cf.
>>
>> If your have smtpd_sasl_auth_enable=yes for your servi
On Wed, Aug 16, 2023 at 08:48:25PM -0400, Wietse Venema via Postfix-users wrote:
> What is the output from
>
> postconf -P '*/inet/smtpd_sasl_auth_enable'
>
> That will show the smtpd_sasl_auth_enable settings in master.cf.
>
> If your have smtpd_sasl_auth_enable=yes for your services on
Jon Smart via Postfix-users:
> > Jon Smart via Postfix-users skrev den 2023-08-16 04:01:
> >
> >> How can I disable auth on port 25? I really don't want users to use
> >> port
> >> 25 for auth sender. i am using postfix version 3.6.4 on ubuntu 22.04.
> >
> > its default disabled, no ?
> >
> > unsur
> Jon Smart via Postfix-users skrev den 2023-08-16 04:01:
>
>> How can I disable auth on port 25? I really don't want users to use
>> port
>> 25 for auth sender. i am using postfix version 3.6.4 on ubuntu 22.04.
>
> its default disabled, no ?
>
> unsure give us "postconf -n | grep auth"
>
Hello,
Peter via Postfix-users skrev den 2023-08-16 09:01:
mta to mta can use port 465 or 587 aswell for intended purpose :)
This is incorrect, MTAs should not and will not connect to any port
other than port 25 for MX traffic.
you are correct if you only have ONE mta
so its valid if both client an
Jon Smart via Postfix-users skrev den 2023-08-16 04:01:
How can I disable auth on port 25? I really don't want users to use
port
25 for auth sender. i am using postfix version 3.6.4 on ubuntu 22.04.
its default disabled, no ?
unsure give us "postconf -n | grep auth"
my own is
mx ~ # postco
On August 15, 2023 2:15:21 AM GMT+02:00, Jon Smart via Postfix-users
wrote:
I have disabled port 587/465 to be accessed publicly.
but port 25 must be open to internet for MTA communications.
My question is, can external users access port 25 for smtp auth and send
mail then?
Not if you
On 15/08/23 21:08, Benny Pedersen via Postfix-users wrote:
Peter via Postfix-users skrev den 2023-08-15 10:44:
This is a bad idea for several reasons. If you want submission use
ports 465 and/or 587 as they are intended. Don't try to use a service
that is meant for a different purpose for thi
>
>
> On August 15, 2023 2:15:21 AM GMT+02:00, Jon Smart via Postfix-users
> wrote:
>>Hello,
>>
>>I have disabled port 587/465 to be accessed publicly.
>>
>>but port 25 must be open to internet for MTA communications.
>>
>>My question is, ca
* Benny Pedersen via Postfix-users [230815 05:10]:
> Peter via Postfix-users skrev den 2023-08-15 10:44:
>
> > This is a bad idea for several reasons. If you want submission use
> > ports 465 and/or 587 as they are intended. Don't try to use a service
> > that is meant for a different purpose f
Peter via Postfix-users skrev den 2023-08-15 10:44:
This is a bad idea for several reasons. If you want submission use
ports 465 and/or 587 as they are intended. Don't try to use a service
that is meant for a different purpose for this.
mta to mta can use port 465 or 587 aswell for intended
submission host, or some
other type of relay to push mail to your MTA on teh public internet.
My question is, can external users access port 25 for smtp auth and send
mail then?
This is a bad idea for several reasons. If you want submission use
ports 465 and/or 587 as they are intended
On August 15, 2023 2:15:21 AM GMT+02:00, Jon Smart via Postfix-users
wrote:
>Hello,
>
>I have disabled port 587/465 to be accessed publicly.
>
>but port 25 must be open to internet for MTA communications.
>
>My question is, can external users access port 25 for smtp aut
Hello,
I have disabled port 587/465 to be accessed publicly.
but port 25 must be open to internet for MTA communications.
My question is, can external users access port 25 for smtp auth and send
mail then?
Thanks.
___
Postfix-users mailing list
On 2022-03-14 03:42, Jaroslaw Rafa wrote:
Looks like a job for identd. You have to set up identd on your server and
make the Postfix service on port 2525 to ask identd about the userid of
connecting process. If it's not setroubleshoot, you should reject the
connection.
That's an interesting ide
On 2022-03-14 07:34, Wietse Venema wrote:
I see that the sender runs on the same machine as Postfix. Can the
sender be configured to use /bin/mail, mailx, or /usr/sbin/sendmail
instead of using SMTP?
Submission through /usr/sbin/sendmail (and therefore /bin/mail and
mailx) can be restricted with
Matt Kinni:
> My goal is to carve out an exception for this process that doesn't
> compromise the overall security of my server, or allow any local users
> to spoof the FROM address of any other user without needing to login
> (whilst allowing setroubleshootd to do exactly that).
>
> The soluti
Sorry, sent to the sender instead of the list. Resending.
Dnia 13.03.2022 o godz. 22:48:37 Matt Kinni pisze:
>
> My goal is to carve out an exception for this process that doesn't
> compromise the overall security of my server, or allow any local
> users to spoof the FROM address of any other use
On Fri, Jul 09, 2021 at 04:13:43PM +, Wakefield, Robin wrote:
> My company requires that the passwords for all technical accounts be
> recycled regularly.
It seems that by "technical accounts" you mean service accounts used by
software subsystems rather than human users.
> Our implementation
>Wakefield, Robin:
> Hello,
>
> My company requires that the passwords for all technical accounts
> be recycled regularly.
>
> Our implementation of SMTP authentication uses the nslcd service
> - we regularly rotate between 2 binddn accounts, so that we can
> perform the password updates on the ina
Hello,
My company requires that the passwords for all technical accounts be recycled
regularly.
Our implementation of SMTP authentication uses the nslcd service - we regularly
rotate between 2 binddn accounts, so that we can perform the password updates
on the inactive account, and then replac
Setup: New install of ubuntu-20.10
Internet host on home lan with no real FQDN
postfix ver. 3.5.6
I'm having a heck of a time getting anywhere with a postfix
installation. I've filled out the main.cf several different ways and
added the passwd hash for smtp auth of a SmartHost but
Wietse,
Viktor,
Thanks for your kind answer.
It seems a bit difficult but I'll try to understand and apply it.
This request (redirect emails of certain domains to 3rd party mail
providers with auth) can't be denied because we are moving from
commercial mail security appliance to postfix and
On Mon, Aug 24, 2020 at 09:35:51AM -0400, Wietse Venema wrote:
> > Some of our customers wanted us to forward all emails sent to some
> > recipient domains to 3rd party relay servers instead of the mail
> > server defined in the recipient domain's MX records.
> >
> > Also they provided smtp u
Zsombor B:
> Hi All,
>
> I need your thoughts.
>
> Some of our customers wanted us to forward all emails sent to some
> recipient domains to 3rd party relay servers instead of the mail
> server defined in the recipient domain's MX records.
>
> Also they provided smtp username and password fo
Hi All,
I need your thoughts.
Some of our customers wanted us to forward all emails sent to some
recipient domains to 3rd party relay servers instead of the mail
server defined in the recipient domain's MX records.
Also they provided smtp username and password for these relay servers.
I.
lists skrev den 2019-12-12 03:08:
Seriously is there ever a case not to use port 587?
On 12.12.19 08:29, Benny Pedersen wrote:
depends on content filtering, if all clients is local all can use port
25
even in this case separation of submission port can help much.
I prefer postscreen and milt
lists skrev den 2019-12-12 03:08:
Seriously is there ever a case not to use port 587?
depends on content filtering, if all clients is local all can use port
25
Jason R Cowart skrev den 2019-12-12 01:10:
smtpd_recipient_restrictions =
check_client_access
cidr:/etc/postfix/access/restricted-local-only.cidr,
check_recipient_access hash:/etc/postfix/access/recipient,
Any thoughts? Thanks in advance.
make check_resipient_access reused in ch
Seriously is there ever a case not to use port 587?
On Thu, Dec 12, 2019 at 12:10:07AM +, Jason R Cowart wrote:
> We're moving to a configuration that will leverage the check_sasl_access
> option to allow only those granted access to authenticate from outside the
> local network and relay mail.
Your submission users should be using port 587, n
We're moving to a configuration that will leverage the check_sasl_access option
to allow only those granted access to authenticate from outside the local
network and relay mail.
This are mostly working (at least amongst the list of users allowed to
send--we'll evaluate the types of things we're
Hi ,
Is there any document for postfix smtp auth with active directory.
I have followed below document .
https://www.howtoforge.com/postfix-dovecot-authentication-against-active-directory-on-centos-5.x
I am getting authentication failure while authenticating and logs says as below.
saslauthd
Le 17/06/2019 à 20:29, Wietse Venema a écrit :
Emmanuel Fust?:
Le 17/06/2019 ? 12:05, Emmanuel Fust? a ?crit?:
Le 16/06/2019 ? 22:37, Viktor Dukhovni a ?crit?:
On Sun, Jun 16, 2019 at 05:46:52PM +0200, Stefan Bauer wrote:
Some of our users use o365 but would like to use our service for
outgo
Le 17/06/2019 à 21:31, Wietse Venema a écrit :
Viktor Dukhovni:
On Mon, Jun 17, 2019 at 02:29:05PM -0400, Wietse Venema wrote:
I suppose that Postfix will need to forward the OORG information
that it received from the Microsoft server, not a name that is
hard-coded in main.cf, and that Postfix
As microsoft ofers DKIM-singing for outgoing mails at no extra cost, i will
validate this information as 3rd authentication token.
Looks much clearer and several addons for postfix exist to do so.
Am Mo., 17. Juni 2019 um 21:31 Uhr schrieb Wietse Venema <
wie...@porcupine.org>:
>
> The latter is
Viktor Dukhovni:
> On Mon, Jun 17, 2019 at 02:29:05PM -0400, Wietse Venema wrote:
>
> > I suppose that Postfix will need to forward the OORG information
> > that it received from the Microsoft server, not a name that is
> > hard-coded in main.cf, and that Postfix will need to send that
> > informa
On Mon, Jun 17, 2019 at 02:29:05PM -0400, Wietse Venema wrote:
> I suppose that Postfix will need to forward the OORG information
> that it received from the Microsoft server, not a name that is
> hard-coded in main.cf, and that Postfix will need to send that
> information only to systems that sho
Emmanuel Fust?:
> Le 17/06/2019 ? 12:05, Emmanuel Fust? a ?crit?:
> > Le 16/06/2019 ? 22:37, Viktor Dukhovni a ?crit?:
> >> On Sun, Jun 16, 2019 at 05:46:52PM +0200, Stefan Bauer wrote:
> >>
> >>> Some of our users use o365 but would like to use our service for
> >>> outgoing
> >>> mails.? We are
Le 17/06/2019 à 13:08, Stefan Bauer a écrit :
Emmanuel,
thank you. That was of great help to see, that others have same isses
with o365.
Do you have any more infos how you do the experimental certificate
matching part with postifx?
In the official experimental release from Wietse.
Emman
d/ouboud internet mails policy/routing/delivery is under the
control of another infrastructure.
Microsoft is always presenting a client certificate. That the only
way to authenticate O365. (the experimental certificate matching will
help you)
For the next part, the complete missing of outbound
O365, the headers are
generated/sanitized by Microsoft and you base your policy on it. For
on-premise -> o365, they don't use the XOORG extension (it is never
announced). On your tenant, you configure an specific "inboud connector"
which should match a specific client certif
On 16-06-19 21:50, Peter wrote:
> On 17/06/19 2:00 AM, Stefan Bauer wrote:
>> we are running a small smtp relay service with postfix for
>> authenticated users. Unfortunately office 365 does not offer any smtp
>> authentication mechanism when sending mails via connectors to smarthosts.
>
> I ca
Emmanuel Fust?:
> The "proper" Microsoft way is to use their proprietary XOORG SMTP
> extension used in their hybrid cloud scenario.
- Is there a protocol definition for this, or is there only
implementation by trial and error?
- How is the XOORG information verified against other information
(c
is always presenting a client certificate. That the only way
> to authenticate O365. (the experimental certificate matching will help you)
> For the next part, the complete missing of outbound SMTP AUTH (under the
> control of Microsoft or the client organization) is the difficult/crazy
>
under the
control of another infrastructure.
Microsoft is always presenting a client certificate. That the only way
to authenticate O365. (the experimental certificate matching will help you)
For the next part, the complete missing of outbound SMTP AUTH (under the
control of Microsoft or t
I'm glad you're asking. These are cloud-hosted domains at microsofts
exchange online (o365) infrastructure.
Each user can set outgoing routing to smarthosts(called connectors) in
exchanges admin-center. But - as said, no smtp-authentication is offered.
We're providing sending-capabilities paired
> On Jun 16, 2019, at 6:38 PM, Bill Cole
> wrote:
>
>> On 16 Jun 2019, at 16:27, @lbutlr wrote:
>>
>> On 16 Jun2019, at 12:05, Bill Cole
>> wrote:
> [...]
>>
>>> As the OP says, they support an outbound "smarthost" connector,
>>
>>
>> Not a term I’ve heard before.
>
> The term "smarthost" dates
On 16 Jun 2019, at 16:27, @lbutlr wrote:
On 16 Jun2019, at 12:05, Bill Cole
wrote:
[...]
As the OP says, they support an outbound "smarthost" connector,
Not a term I’ve heard before.
The term "smarthost" dates from the days when it was fairly common for
some hosts to know more about h
On 16 Jun 2019, at 14:33, Stefan Bauer wrote:
Bill,
yes thats the question. i would consider the two factors as reliable.
MS is
signing mails. i just like clear user authentication instead of rely
on
volatile ips/blocks, microsoft publishes/changes.
what i need to check is also, whether MS
On Sun, Jun 16, 2019 at 05:46:52PM +0200, Stefan Bauer wrote:
> Some of our users use o365 but would like to use our service for outgoing
> mails. We are offering smtp sending services. Integrating our service in
> o365 is tricky, as one can only specify a smarthost but microsoft does not
> offe
On 16 Jun2019, at 12:05, Bill Cole
wrote:
> But they do.
Wild.
> As the OP says, they support an outbound "smarthost" connector,
Not a term I’ve heard before.
> This is not such an unusual requirement. I have worked with multiple
> businesses whose regulatory compliance relies on having all
On 17/06/19 2:00 AM, Stefan Bauer wrote:
we are running a small smtp relay service with postfix for authenticated
users. Unfortunately office 365 does not offer any smtp authentication
mechanism when sending mails via connectors to smarthosts.
I can't believe I just looked up MS docs for you,
Bill,
yes thats the question. i would consider the two factors as reliable. MS is
signing mails. i just like clear user authentication instead of rely on
volatile ips/blocks, microsoft publishes/changes.
what i need to check is also, whether MS allows spoofing of sender address.
i need to make su
On 16 Jun 2019, at 13:40, Stefan Bauer wrote:
MS is publishing source ips/ranges.
sasl_exeptions_networks seems an option but i still dont like the lack
of
authentication.
So if you know that the SMTP client matches SPF (or a statically-set
address set) for the sender domain AND the sender
On 16 Jun 2019, at 13:18, @lbutlr wrote:
On 16 Jun2019, at 10:48, Stefan Bauer wrote:
[...]
the last mile o365->recipient should go through our service like
o365->postfix->recipient
I do not believe any company, much less Microsoft, is going to sent
emails from their users to other users t
MS is publishing source ips/ranges.
sasl_exeptions_networks seems an option but i still dont like the lack of
authentication.
Am Sonntag, 16. Juni 2019 schrieb Wietse Venema :
> Stefan Bauer:
>> its like the first:
>>
>> end-user client -> microsoft server -> postfix server -> remote recipient
>
Stefan Bauer:
> its like the first:
>
> end-user client -> microsoft server -> postfix server -> remote recipient
How would Postfix know that the server is Microsoft Office 365?
>From the reverse DNS?
Wietse
On 16 Jun2019, at 10:48, Stefan Bauer wrote:
> our users send/receive via o365.
That’s not what you said. You said "some of our users use o365 but would like
to use our service for outgoing mails.”
> the last mile o365->recipient should go through our service like
> o365->postfix->recipient
I
its like the first:
end-user client -> microsoft server -> postfix server -> remote recipient
Am Sonntag, 16. Juni 2019 schrieb Wietse Venema :
> Stefan Bauer:
>> our users send/receive via o365. the last mile o365->recipient should go
>> through our service like o365->postfix->recipient
>
> Dum
Stefan Bauer:
> our users send/receive via o365. the last mile o365->recipient should go
> through our service like o365->postfix->recipient
Dumb question: is the mail flow like this:
end-user client -> microsoft server -> postfix server -> remote recipient
Or is it something else?
- Local recip
our users send/receive via o365. the last mile o365->recipient should go
through our service like o365->postfix->recipient
here, o365 does not offer smtp auth against postfix.
Am Sonntag, 16. Juni 2019 schrieb @lbutlr :
> On 16 Jun2019, at 09:46, Stefan Bauer wrote:
>> som
On 16 Jun2019, at 09:46, Stefan Bauer wrote:
> some of our users use o365 but would like to use our service for outgoing
> mails. we are offering smtp sending services. integrating our service in o365
> is tricky, as one can only specify a smarthost but microsoft does not offer
> any kind of au
Stefan Bauer skrev den 2019-06-16 17:46:
some of our users use o365 but would like to use our service for
outgoing mails. we are offering smtp sending services. integrating our
service in o365 is tricky, as one can only specify a smarthost
cyrus-sasl support rimap, if o365 users can use that ?
some of our users use o365 but would like to use our service for outgoing
mails. we are offering smtp sending services. integrating our service in
o365 is tricky, as one can only specify a smarthost but microsoft does not
offer any kind of authentication for smarthosts.
so i'm asking if someone al
On Sun, Jun 16, 2019 at 04:00:38PM +0200, Stefan Bauer wrote:
> We are running a small smtp relay service with postfix for authenticated
> users. Unfortunately office 365 does not offer any smtp authentication
> mechanism when sending mails via connectors to smarthosts.
There's a giant gap betwee
Hi,
we are running a small smtp relay service with postfix for authenticated
users. Unfortunately office 365 does not offer any smtp authentication
mechanism when sending mails via connectors to smarthosts.
how could one protect smtp submission in another way?
without authentication, everyone fr
Jozsef Kadlecsik:
> Hi,
>
> Is there a way to setup 2FA in SMTP auth (with postfix) when the client is
> Outlook? It seems it does not support either GSSAPI (Kerberos) or client
> cert auth.
>
> Is there any way to get a working 2FA with Outlook in a non MS
> environm
Hi,
Is there a way to setup 2FA in SMTP auth (with postfix) when the client is
Outlook? It seems it does not support either GSSAPI (Kerberos) or client
cert auth.
Is there any way to get a working 2FA with Outlook in a non MS
environment?
Thanks any tips!
Best regards,
Jozsef
-
E-mail
On 29 Dec 2017, at 02:18, Matus UHLAR - fantomas wrote:
ssl usually means port 465 with implicit SSL, while 587 requires explicit
ssl (aka starttls).
On 29.12.17 07:43, @lbutlr wrote:
As I understand it port 465 was deprecated 20 years ago.
It holds on in some servers because old versions (l
> On Dec 29, 2017, at 9:43 AM, @lbutlr wrote:
>
> As I understand it port 465 was deprecated 20 years ago.
Strangely enough, it may get a second life:
https://tools.ietf.org/html/draft-ietf-uta-email-deep-12#section-3
https://tools.ietf.org/html/draft-ietf-uta-email-deep-12#section-3.3
On 29 Dec 2017, at 02:18, Matus UHLAR - fantomas wrote:
> ssl usually means port 465 with implicit SSL, while 587 requires explicit
> ssl (aka starttls).
As I understand it port 465 was deprecated 20 years ago.
It holds on in some servers because old versions (like pre 2010) of Microsoft
softwa
>> so, it connects on port 25...?
>
> apparently - did you look to master.cf if there's "-o syslog_name" option
> in the submission service?
Matus,
thanks for your help
no, no syslog:
# grep syslog master.cf
#
BUT, I got the user to EDIT her existing account and, alter server host
names from o
On 29.12.17 20:47, Voytek wrote:
On Fri, December 29, 2017 8:18 pm, Matus UHLAR - fantomas wrote:
ssl usually means port 465 with implicit SSL, while 587 requires explicit
ssl (aka starttls).
with Outlook 2010, it has: none/tls/ssl/auto
so it's the same as 2007. TLS means starttls and runt
On Fri, December 29, 2017 8:18 pm, Matus UHLAR - fantomas wrote:
> ssl usually means port 465 with implicit SSL, while 587 requires explicit
> ssl (aka starttls).
with Outlook 2010, it has: none/tls/ssl/auto
so, I've tried tls as well as ssl, just in case
> However, with default postfix/master
On 29.12.17 15:32, Voytek wrote:
smtpd_recipient_restrictions = reject_unknown_sender_domain,
reject_unknown_recipient_domain, reject_non_fqdn_sender,
reject_non_fqdn_recipient, reject_unlisted_recipient, permit_mynetworks,
check_sasl_access hash:/etc/postfix/sasl_access permit_sasl_authenticated
10 to hand, I've installed 2016, tested account
setup, all worked, both IMAP and 587/SMTP auth
the end user in question is remote to me, 2010 seems to have different
options than 2016 I have tested
the Outlook system is remote to me, it's possible end user screwed
something up
on Outloo
> On Jun 28, 2016, at 2:11 AM, Rob Maidment wrote:
>
> Filtering out the STARTTLS option can be achieved using
> smtpd_discard_ehlo_keyword_address_maps as described above.
> The smtpd_tls_security_level parameter must be set to "may" rather
> than "encrypt" if there are any profiles where TLS i
rofile can be defined in terms of
client IP address or host name; each connection profile defines
whether SMTP AUTH should be offered and the valid credentials; the
server must ensure clients can only authenticate using the credentials
from the appropriate profile.
Filtering out the SMTP AUTH opt
On Fri, Jun 24, 2016 at 04:10:40PM +0100, Rob Maidment wrote:
> I could set smtpd_tls_security_level to "may" instead and then verify
> that TLS has been used where it is required (e.g. using a policy
> service), however that means Postfix will not validate the client
> certificate right? (because
On 24 June 2016 at 14:59, Wietse Venema wrote:
>> I need to ensure TLS is used (and client certificates are verified)
>> for some clients but not offered to others. What happens if I use
>> smtpd_discard_ehlo_keyword_address_maps to strip the STARTTLS keyword
>> but smtpd_tls_security_level is se
;s performance.
If you need a system that distributes clients over different SMTP
service instances, then that can be done with a new daemon that
receives connections from postscreen, and that sends them to the
appropriate smtpd services.
> My problem is that I need the SMTP server to selectively
cided to pass through. And once a client IP is
whitelisted the correct smtpd name for that IP could be retained in
the cache.
My problem is that I need the SMTP server to selectively offer SMTP
AUTH (and STARTTLS) based on the domain name of the connecting client,
as defined by the client IP's
't know how I didn't spot that.
>
> Do you think it's feasible to enhance postscreen to hand off to
> different smtpd service names (e.g. with different SMTP AUTH
> settings), based on the IP address of the connecting client? Or based
> on the client domain name obt
feasible to enhance postscreen to hand off to
different smtpd service names (e.g. with different SMTP AUTH
settings), based on the IP address of the connecting client? Or based
on the client domain name obtained via PTR record (with a fallback for
when the lookup fails)? (The domain name requir
On Wed, Jun 22, 2016 at 07:17:03AM -0400, Wietse Venema wrote:
Typo here:
> In master.cf:
>
> smtpd inet . . . . . postscreen -o smtpd_service_name=blah
..^
This should be "smtp", the services(5) name for port 25.
> blah pass . . . . . smtpd
--
http://rob0.nodns4.us/
Offl
Rob Maidment:
> On 1 June 2016 at 15:37, Wietse Venema wrote:
> > postscreen by design allows a "good" client to talk directly to an
> > smtpd process without knowing the sender or recipient. Therefore,
> > you will need two postcreens
>
> So I would require two postscreens, and two SMTP servers,
On 1 June 2016 at 15:37, Wietse Venema wrote:
> postscreen by design allows a "good" client to talk directly to an
> smtpd process without knowing the sender or recipient. Therefore,
> you will need two postcreens
So I would require two postscreens, and two SMTP servers, with each
postscreen hand
Rob Maidment:
> On 31 May 2016 at 17:21, Viktor Dukhovni wrote:
> >
> > The Dovecot SASL backend has access to the client's IP address,
> > but I don't know whether it sees that early enough to supply Postfix
> > with a client-dependent mechanism list, nor whether Dovecot has the
> > feature you'r
On 31 May 2016 at 17:21, Viktor Dukhovni wrote:
>
> The Dovecot SASL backend has access to the client's IP address,
> but I don't know whether it sees that early enough to supply Postfix
> with a client-dependent mechanism list, nor whether Dovecot has the
> feature you're looking for.
The Cyrus
Rob Maidment:
> On 31 May 2016 at 17:32, Sebastian Nielsen wrote:
> > You would need to use a firewall for this.
>
> That's an interesting idea. I was considering deploying postscreen -
> could postscreen do the splitting instead of the firewall? If not then
> I guess I would need multiple posts
On 31 May 2016 at 17:32, Sebastian Nielsen wrote:
> You would need to use a firewall for this.
That's an interesting idea. I was considering deploying postscreen -
could postscreen do the splitting instead of the firewall? If not then
I guess I would need multiple postscreen instances talking to
16 18:05
Till: Postfix users
Ämne: Different SMTP AUTH options and credentials for different clients
How can I implement this in the Postfix SMTP server?
For certain client IP addresses no authentication is required and the EHLO
response should not advertise the AUTH option.
For a second s
On Tue, May 31, 2016 at 05:04:33PM +0100, Rob Maidment wrote:
> How can I implement this in the Postfix SMTP server?
>
> For certain client IP addresses no authentication is required and the
> EHLO response should not advertise the AUTH option.
smtpd_discard_ehlo_keyword_address_maps (au
How can I implement this in the Postfix SMTP server?
For certain client IP addresses no authentication is required and the
EHLO response should not advertise the AUTH option.
For a second set of client IP addresses authentication is required and
the EHLO response should advertise AUTH PLAIN.
For
1 - 100 of 506 matches
Mail list logo
