Re: Transport mapping via mySQL?

>It's actually quite simple: >1) Create a file with the MySQL credentials and the query >2) Include the created file in transport_maps within main.cf > >/etc/postfix/mysql_relay_transport_maps.cf > user = dbuser > password = dbpass > dbname = maildb > hosts =

How to forbid using openssl.. starttls to connect port 25?

hi, How to forbid using openssl.. starttls to connect port 25? Or how to forbid AUTH PLAIN on port 25, and just using port 587 for submission? Thanks.

TLS details not in header as viewed from email client (claws)

I no longer see TLS details in the header. I checked maillog and TLS is being established. --- From maillog: Nov 8 07:49:44 theranch postfix/smtpd[30627]: Anonymous TLS connection established from nm27.bullet.mail.ne1.yahoo.com[98.138.90.90]: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SH

Re: How to forbid using openssl.. starttls to connect port 25?

On Wed, Nov 09, 2016 at 12:47:05AM -0800, vod vos wrote: > How to forbid using openssl.. starttls to connect port 25? You can only do that by disabling TLS entirely, but that does not seem to be what you're asking for. On the receiving end, there is no way to distinguish between "openssl -start

Re: How to forbid using openssl.. starttls to connect port 25?

That helps. Thanks. On 星期三, 09 十一月 2016 01:21:15 -0800Viktor Dukhovni wrote On Wed, Nov 09, 2016 at 12:47:05AM -0800, vod vos wrote: > How to forbid using openssl.. starttls to connect port 25? You can only do that by disabling TLS entirely,

Re: TLS details not in header as viewed from email client (claws)

On 11/9/2016 2:56 AM, li...@lazygranch.com wrote: > I no longer see TLS details in the header. I checked maillog and > TLS is being established. > --- > From maillog: > Nov 8 07:49:44 theranch postfix/smtpd[30627]: Anonymous TLS connection > established from nm27.bullet.mail.ne1.yahoo.

Re: How to forbid using openssl.. starttls to connect port 25?

master.cf: smtp inet ... smtpd ... -o smtp_relay_restrictions=$mua_relay_restrictions -o smtp_recipient_restrictions=$mua_recipient_restrictions -o smtpd_tls_security_level=encrypt -o smtpd_tls_auth_only=yes -o smtpd_sasl_auth_enable=yes But th

Postfix for sendmail users - rejecting users with custom SMTP codes and text

I'm in the process of migrating my personal domain to a new server, and in the process I'm switching from sendmail to Postfix. One feature I haven't been able to quite figure out is part of sendmail's "virtusertable" - *most* of this is equivalent to virtual_alias_maps, but it also allows you to d

Re: Postfix for sendmail users - rejecting users with custom SMTP codes and text

On 11/9/2016 8:58 AM, Kris Deugau wrote: > I'm in the process of migrating my personal domain to a new server, and > in the process I'm switching from sendmail to Postfix. > > One feature I haven't been able to quite figure out is part of > sendmail's "virtusertable" - *most* of this is equivalent

Re: How to forbid using openssl.. starttls to connect port 25?

vod vos: > master.cf: > > smtp inet ... smtpd > ... > -o smtp_relay_restrictions=$mua_relay_restrictions > -o smtp_recipient_restrictions=$mua_recipient_restrictions > -o smtpd_tls_security_level=encrypt > -o smtpd_tls_auth_only=yes > -o smtpd_sasl_auth_ena

Re: TLS details not in header as viewed from email client (claws)

I posted the entire header from claws. That is the receive header since I sent the message from yahoo.   Original Message   From: Noel Jones Sent: Wednesday, November 9, 2016 6:53 AM To: postfix-users@postfix.org Reply To: postfix users Subject: Re: TLS details not in header as viewed from email

Re: How to forbid using openssl.. starttls to connect port 25?

What I want to do is to forbid AUTH PLAIN on port 25, and just on port 587. Thanks Wietse. > If smtpd_tls_security_level=may, the port 25 is still could not be forbided. You can't forbid connections made with "starttls s_client...". Where do you get the idea from that that is ev

Re: TLS details not in header as viewed from email client (claws)

On 11/9/2016 9:32 AM, li...@lazygranch.com wrote: > I posted the entire header from claws. That is the receive header since I > sent the message from yahoo. > There are no Received: headers in what you posted. That's where the TLS information is found. Either your claws is set to hide those hea

Re: How to forbid using openssl.. starttls to connect port 25?

vod vos: > What I want to do is to forbid AUTH PLAIN on port 25, /etc/postfix/main.cf: smtp ... smtpd -o smtpd_tls_auth_only=yes However, you should not enable AUTH on port 25 at all, when your submission clients connect to port 587. The port 25 service is for MTA-to-MTA traffic, and that sh

Re: TLS details not in header as viewed from email client (claws)

"smtpd_tls_received_header = yes" is in the postconf. But I appreciate the heads up on what to look for. So many parameters! I'm going to set up a different mail client as a double check. The Claws people say nothing has changed on their end, but who knows. If I just set up a second imap, there sh

Re: How to forbid using openssl.. starttls to connect port 25?

it seem modify "-o smtpd_sasl_auth_enable=no" below "smtp ... smtpd" work for me. then you could not auth successfully via port 25, and could auth successfully via port 587 using tls. thanks all. On 星期三, 09 十一月 2016 08:35:36 -0800Wietse Venema wrote

Re: TLS details not in header as viewed from email client (claws)

The claws group sent me on a wild goose chase. Postfix seems to work just fine with Seamonkey email. The TLS portion of the header follows. from nm24-vm3.bullet.mail.ne1.yahoo.com (nm24-vm3.bullet.mail.ne1.yahoo.com [98.138.91.154]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128

Re: Postfix for sendmail users - rejecting users with custom SMTP codes and text

Noel Jones wrote: > On 11/9/2016 8:58 AM, Kris Deugau wrote: >> I'm in the process of migrating my personal domain to a new server, and >> in the process I'm switching from sendmail to Postfix. >> >> One feature I haven't been able to quite figure out is part of >> sendmail's "virtusertable" - *mos

Re: How to forbid using openssl.. starttls to connect port 25?

> On Nov 9, 2016, at 9:54 AM, vod vos wrote: > > master.cf: > smtp inet ... smtpd > ... > -o smtp_relay_restrictions=$mua_relay_restrictions > -o smtp_recipient_restrictions=$mua_recipient_restrictions > -o smtpd_tls_security_level=encrypt > -o smtpd_tls_auth_o

how to forbid telnet to port 25 or 587 to send mail via my server?

hi, when telnet mail.example.com 25 or 587, the server will echo 220, how to cancel the respond to telnet after mail server configuration? thanks

Re: how to forbid telnet to port 25 or 587 to send mail via my server?

> On Nov 9, 2016, at 9:32 PM, vod vos wrote: > > hi, > > when telnet mail.example.com 25 or 587, the server will echo 220, > > how to c_a_n_c_e_l the respond to telnet after mail server configuration? Your question makes no sense... An SMTP server will respond to TCP client connections via "

which has priority settings, main.cf or master.cf?

Hi, We can configure these in main.cf smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination,check_poli cy_service unix:private/policyd-spf,reject_invalid_hostname,reject_unauth_pipelining,reject_non_fqdn_sender,reject_unknown_sender_domai