Zen includes the "PBL" component, which consists largely of
residential and mobile consumer IPs.
On 24/05/24 02:12, Matus UHLAR - fantomas via Postfix-users wrote:
Yes, but these are (usually) not considered valid clients, these
should use submission/submissions(smtps) ports where
reject_rbl_
On 23/05/2024 14:45, Bill Cole via Postfix-users wrote:
is rumored to have said:
Don't accept mail from home networks. For example, use "reject_dbl_client
zen.spamhaus.org". For this you must use your own DNS resolver,
not the DNSresolver from your ISP.
On 23.05.24 07:00, Northwind via Pos
On 24/05/2024 03:15, Peter via Postfix-users wrote:
No you definately should disable auth on port 25 regardless. It is possible for postscreen to pass a connection to
smtpd and smtpd can *then* offer auth.
To answer your original question, you can just set -o smtpd_sasl_auth_enable=no in m
On 23.05.24 21:03, John Hill via Postfix-users wrote:
I use Fail2Ban to block the failed IP. The script writes it into the
nftables table immediately.
I think this keeps Postfix waiting and times out, not a big deal. Is
there a cli that my bash script could force disconnect the ip from
Postfi
On 24/05/2024 03:15, Peter via Postfix-users wrote:
No you definately should disable auth on port 25 regardless. It is
possible for postscreen to pass a connection to smtpd and smtpd can
*then* offer auth.
To answer your original question, you can just set -o
smtpd_sasl_auth_enable=no in m
Allen Coates via Postfix-users skrev den 2024-05-24 11:51:
Many moons ago I was told to put "smtpd_sasl_auth_enable=no" in
main.cf, blocking the function everywhere, and then put "-o
smtpd_sasl_auth_enable=yes" in the submission stanza(s) in master.cf,
expressly enabling it *just* there.
th
Authentication-Results list.sys4.de; dkim=pass header.d=junc.eu;
arc=none (Message is not ARC signed); dmarc=pass (Used From Domain
Record) header.from=junc.eu policy.dmarc=reject
where comes REJECT from ?
___
Postfix-users mailing list -- postfix-us
What command do you use to reset the connection?
On 5/24/24 6:18 AM, Matus UHLAR - fantomas via Postfix-users wrote:
On 23.05.24 21:03, John Hill via Postfix-users wrote:
I use Fail2Ban to block the failed IP. The script writes it into the
nftables table immediately.
I think this keeps Postfi
so, in main.cf:
smtpd_sasl_auth_enable=no
then in master.cf:
submission inet n - y - - smtpd
-o smtpd_sasl_auth_enable=yes
Am I right? does this disable sasl_auth for port 25, but still authorize
users on port 587/465?
Thanks a lot.
Many moons ago I was tol
Northwind via Postfix-users skrev den 2024-05-24 14:17:
so, in main.cf:
smtpd_sasl_auth_enable=no
comment this out in main.cf, it already default no
then in master.cf:
submission inet n - y - - smtpd
-o smtpd_sasl_auth_enable=yes
Am I right?
yes
does this
root@mx:/etc/postfix# vi main.cf
root@mx:/etc/postfix# vi master.cf
root@mx:/etc/postfix# service postfix restart
i have comment out this line in main.cf:
#smtpd_sasl_auth_enable = yes
And enable this in master.cf:
submission inet n - y - - smtpd
-o smtpd_sasl_aut
my guess, submission clients were using ehlo, and a mx client uses helo
command. so postfix differ them based on this command?
regards.
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@post
Northwind via Postfix-users skrev den 2024-05-24 14:37:
and restarted postfix.
now I think it should be working.
telnet localhost 25
ehlo localhost
if you see AUTH in ehlo results it not done yet
no AUTH results take another beer :)
___
Postfix-us
ehlo localhost.localdomain
250-mx.domain.xyz
250-PIPELINING
250-SIZE
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 CHUNKING
no AUTH was there. so it should be working. :)
if you see AUTH in ehlo results it not done yet
_
Am Fr, Mai 24, 2024 at 20:48:16 +0800 schrieb Northwind via Postfix-users:
ehlo localhost.localdomain
250-mx.domain.xyz
250-PIPELINING
250-SIZE
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 CHUNKING
no AUTH was there. so it should be working. :)
Carefull, if y
Stephan Seitz via Postfix-users skrev den 2024-05-24 15:01:
Carefull, if you have „smtpd_tls_auth_only = yes” (I think), then
you’ll see AUTH after STARTTLS…
port 25 must not be tls only
if its needed use another port for tls only
___
Postfix-use
Le 24/05/2024 à 14:17, Northwind via Postfix-users a écrit :
so, in main.cf:
smtpd_sasl_auth_enable=no
then in master.cf:
submission inet n - y - - smtpd
-o smtpd_sasl_auth_enable=yes
Am I right? does this disable sasl_auth for port 25, but still
authorize use
On 24.05.24 07:36, John Hill via Postfix-users wrote:
What command do you use to reset the connection?
no command, just rule in OUTPUT chain:
1710 649K REJECT 6-- * * 0.0.0.0/00.0.0.0/0
tcp spt:25 match-set block-smtp dst reject-with icmp-port-unre
On 24.05.24 20:41, Northwind via Postfix-users wrote:
my guess, submission clients were using ehlo, and a mx client uses
helo command. so postfix differ them based on this command?
EHLO is the extended HELO, supports SMTP extensions. Mail clients just like
servers may use either, but nowadays
Thank you so much.
This is really important.
>
> Le 24/05/2024 à 14:17, Northwind via Postfix-users a écrit :
>
> >
> > so, in main.cf:
> >
> > smtpd_sasl_auth_enable=no
> >
> > then in master.cf:
> >
> > submission inet n - y - - smtpd
> >
> > -o smtp
Stephan Seitz via Postfix-users skrev den 2024-05-24 15:01:
Carefull, if you have „smtpd_tls_auth_only = yes” (I think), then
you’ll see AUTH after STARTTLS…
On 24.05.24 15:12, Benny Pedersen via Postfix-users wrote:
port 25 must not be tls only
if its needed use another port for tls only
t
Am Fr, Mai 24, 2024 at 15:12:31 +0200 schrieb Benny Pedersen via Postfix-users:
Stephan Seitz via Postfix-users skrev den 2024-05-24 15:01:
Carefull, if you have „smtpd_tls_auth_only = yes” (I think), then
you’ll see AUTH after STARTTLS…
port 25 must not be tls only
I didn’t say that, but you
On 2024-05-23 at 20:12:09 UTC-0400 (Fri, 24 May 2024 12:12:09 +1200)
Peter via Postfix-users
is rumored to have said:
On 24/05/24 01:42, Bill Cole via Postfix-users wrote:
[...]
It is also helpful as a matter of system design to decouple user
email addresses from their login usernames. For ex
On 5/24/24 06:51, Benny Pedersen via Postfix-users wrote:
Authentication-Results list.sys4.de; dkim=pass header.d=junc.eu;
arc=none (Message is not ARC signed); dmarc=pass (Used From Domain
Record) header.from=junc.eu policy.dmarc=reject
where comes REJECT from ?
You might consider asking th
On 5/24/24 9:33 AM, Matus UHLAR - fantomas via Postfix-users wrote:
On 24.05.24 07:36, John Hill via Postfix-users wrote:
What command do you use to reset the connection?
no command, just rule in OUTPUT chain:
1710 649K REJECT 6 -- * * 0.0.0.0/0
0.0.0.0/0
just to clarify, submissions is not required to set for enabling
sasl_auth on port 465/587. i have tested it, no need to set a separated
submissions.
my postfix version:
version 3.4.13
thanks
submissions inet n - y - - smtpd
__
On 24/05/24 21:32, Matus UHLAR - fantomas via Postfix-users wrote:
On 24.05.24 12:00, Peter via Postfix-users wrote:
And the OP is referring to SASL AUTH attacks which are for submission,
not MX connections.
But some of those log lines mention postfix/smtpd, which means they
happen on port 25
On 25/05/24 00:17, Northwind via Postfix-users wrote:
so, in main.cf:
smtpd_sasl_auth_enable=no
Yes, although the setting is redundant here since it defaults to no
anyways it's fine to explicitly state it if you want.
then in master.cf:
submission inet n - y - -
On 25/05/24 00:29, Benny Pedersen via Postfix-users wrote:
Northwind via Postfix-users skrev den 2024-05-24 14:17:
so, in main.cf:
smtpd_sasl_auth_enable=no
comment this out in main.cf, it already default no
It's fine to have it, it's simply redundant.
Peter
___
On 25/05/24 00:43, Benny Pedersen via Postfix-users wrote:
Northwind via Postfix-users skrev den 2024-05-24 14:37:
and restarted postfix.
now I think it should be working.
telnet localhost 25
ehlo localhost
if you see AUTH in ehlo results it not done yet
no AUTH results take another beer :)
On 25/05/24 01:12, Benny Pedersen via Postfix-users wrote:
Stephan Seitz via Postfix-users skrev den 2024-05-24 15:01:
Carefull, if you have „smtpd_tls_auth_only = yes” (I think), then
you’ll see AUTH after STARTTLS…
port 25 must not be tls only
Since authentication should never be done on
On 25/05/24 09:50, Northwind via Postfix-users wrote:
just to clarify, submissions is not required to set for enabling
sasl_auth on port 465/587. i have tested it, no need to set a separated
submissions.
Incorrect. submission is *only* port 587, submissions is port 465.
my postfix version
On 25/05/24 01:37, Matus UHLAR - fantomas via Postfix-users wrote:
He mentioned that on postfix with "smtpd_tls_auth_only=yes" (the
default) authentication is only available when TLS is active
The default is no, but it is very common to have it set to yes.
Peter
__
yes I am using smtps as service name indeed.
and smtps has -o smtpd_sasl_auth_enable=yes enabled.
Thanks peter.
On postfix 3.4 submissions was actually called smtps so you want to
enable it in the smtps section (there won't be a submissions entry in
your master.cf unless you added it).
_
34 matches
Mail list logo
