[pfx] Re: implementing some kind of dovecot/imap user@domain based sending restriction to @domain recipients only

On Wed, Nov 06, 2024 at 10:39:41AM +0100, Florian Piekert via Postfix-users wrote: > I found the solution by using in main.cf the > > smtpd_relay_restrictions = permit_mynetworks, >check_sender_access > btree:$meta_directory/restricted_senders, >

[pfx] Re: Opening up port 465

On 7/11/24 09:48, Hua Young via Postfix-users wrote: Nope. smtps (port 465) and submissions (port 587) are two separated services defined in master.cf. Their use will not affect each other. "smtps" is the old name for "submissions" and both refer to 465. "submission" (without the "s" on the en

[pfx] Re: Opening up port 465

Port 465 is opened in master.cf. The difference with port 587 is that port 465 needs "-o smtpd_tls_wrappermode=yes". You need to "postfix reload" after editing master.cf. Just to be sure. Will this break the 587 connection? Nope. smtps (port 465) and submissions (port 587) are two s

[pfx] Re: Opening up port 465

On 06-11-2024 16:52, Wietse Venema via Postfix-users wrote: Danjel Jungersen via Postfix-users: Hey! I have a working setup, all good. But I have a scanner that I cannot get to work. I get _nothing_ in the logs. The scanner reports "error", so not much help here. But I found a screen indic

[pfx] Re: implementing some kind of dovecot/imap user@domain based sending restriction to @domain recipients only

Hello, If I understood correctly, I need to have a "list" containing the "jailed" user1@domain_AB. Let's call it restricted_senders as in the pf docs. ---8<--- # user1@domain_AB    local_only ---8<--- I have added it in my main.cf (I add smtpd_client_restrictions for completeness, perhaps th

[pfx] Re: implementing some kind of dovecot/imap user@domain based sending restriction to @domain recipients only

On 06.11.24 13:05, Florian Piekert via Postfix-users wrote: Following this idea, I would put mua_recipient_restrictions = permit_sasl_authenticated, check_sender_access btree:/etc/postfix/restricted_senders, reject in main.cf and instead

[pfx] Re: implementing some kind of dovecot/imap user@domain based sending restriction to @domain recipients only

- if not, what did your logs say? On 06.11.24 14:08, Florian Piekert via Postfix-users wrote: Nov 6 10:04:15 theater postfix/submission/smtpd[1021573]: fatal: unexpected command-line argument: btree:/etc/postfix/restricted_senders,reject Nov 6 10:04:16 theater postfix/master[1021565]: warnin

[pfx] Re: implementing some kind of dovecot/imap user@domain based sending restriction to @domain recipients only

On 05.11.24 21:11, Florian Piekert via Postfix-users wrote: submission is done via postfix. Auth is against dovecot mechanism with ...sasl_type=dovecot ...sasl_auth_enable=yes ...sasl_path=private/auth in master.cf. So now back to SMTP restriction classes perhaps. Thanks for this pointer/ke

[pfx] Re: implementing some kind of dovecot/imap user@domain based sending restriction to @domain recipients only

People who actually use Dovecot for submission might know. I'm not even sure whether Dovecot's submission facility ever talks to Postfix. On 05.11.24 16:26, postfix--- via Postfix-users wrote: Dovecot doesn't "perform" submission services. It is only a proxy to postfix submission (or other).

[pfx] Re: implementing some kind of dovecot/imap user@domain based sending restriction to @domain recipients only

I found the solution by using in main.cf the smtpd_relay_restrictions = permit_mynetworks, check_sender_access btree:$meta_directory/restricted_senders, permit_sasl_authenticated, reject_unauth_destination direct

[pfx] Re: implementing some kind of dovecot/imap user@domain based sending restriction to @domain recipients only

On Wed, Nov 06, 2024 at 11:57:11AM +0100, Matus UHLAR - fantomas via Postfix-users wrote: > On 06.11.24 21:14, Viktor Dukhovni via Postfix-users wrote: > > This is too fragile, you're liable to create an open relay, if any of > > the sender checks return "OK" based on the sender address alone. >

[pfx] Re: implementing some kind of dovecot/imap user@domain based sending restriction to @domain recipients only

On Wed, Nov 06, 2024 at 10:39:41AM +0100, Florian Piekert via Postfix-users wrote: I found the solution by using in main.cf the smtpd_relay_restrictions = permit_mynetworks, check_sender_access btree:$meta_directory/restricted_senders,

[pfx] Opening up port 465

Hey! I have a working setup, all good. But I have a scanner that I cannot get to work. I get _nothing_ in the logs. The scanner reports "error", so not much help here. But I found a screen indicating port 465. I have only enabled 587 (and 25). Can anyone tell me how I open up 465 the easiest

[pfx] Re: Opening up port 465

Danjel Jungersen via Postfix-users: > Hey! > > I have a working setup, all good. > > But I have a scanner that I cannot get to work. > > I get _nothing_ in the logs. > > The scanner reports "error", so not much help here. > > But I found a screen indicating port 465. > I have only enabled 587

[pfx] Re: implementing some kind of dovecot/imap user@domain based sending restriction to @domain recipients only

Hello, Following this idea, I would put mua_recipient_restrictions = permit_sasl_authenticated,     check_sender_access   btree:/etc/postfix/restricted_senders,     reject in main.cf and instead in master.cf submission inet  n   -   y   

[pfx] Re: implementing some kind of dovecot/imap user@domain based sending restriction to @domain recipients only

Hello Viktor, I found the solution by using in main.cf the smtpd_relay_restrictions = permit_mynetworks, check_sender_access btree:$meta_directory/restricted_senders, permit_sasl_authenticated, reject_unauth

[pfx] Re: implementing some kind of dovecot/imap user@domain based sending restriction to @domain recipients only

Hello, I found the solution by using in main.cf the smtpd_relay_restrictions = permit_mynetworks,    check_sender_access    btree:$meta_directory/restricted_senders,    permit_sasl_authenticated,    reject_unauth_destinati