On 01/09/2013 01:42 PM, Mike C. wrote: > Jan 9 10:22:22 oneimage postfix/smtpd[19511]: fatal: No server certs >> available. TLS can't be enabled >> Jan 9 10:22:23 oneimage postfix/master[7667]: warning: process >> /usr/libexec/postfix/smtpd pid 19511 exit status 1 >> Jan 9 10:22:23 oneimage postfix/master[7667]: warning: >> /usr/libexec/postfix/smtpd: bad command startup -- throttling >> >> These repeat excessively. What I was trying to do was configure Postfix >> / Dovecot so that when I go to pick up my mail it is encrypted first. So >> I set the SMTP server to use "normal password" and SSL/TLS protocol on >> port 465. I don't think it's really asking for breath mints, so what's >> it talking about "certs" for? I think this is CentoOS 6. Anyway, Postfix >> was the default, not Sendmail. >> >> Another problem (which is probably related) is that the machine I call >> in on and use to upload my email for delivery, gets it's IP via DHCP. >> But the IP that I'm assigned comes from Verizon, and they draw from a >> rather large pool of IPs. The range of potential IPs that I might be >> assigned even crosses class B networks. One hour my IP might be >> 75.220.34.136 and the next time it might be something completely >> different. In any case the possible range is large. So what would I use >> for $mynetworks in main.cf so that I can allow relaying for my outgoing >> email?? Or for remote devices using DHCP, do you use another strategy to >> permit them to send outgoing mail? >> >> I have no problems sending out email from my local network, so I'm >> pretty sure that I've got things partly right, but how do I tell the >> smtp server how to recognize me even if I might be using any IP in say, >> 75.192.0.0/10? Because if I put 75.192.0.0/10 in $mynetworks, that seems >> like a pretty wide filter and doesn't give me the security I want. Or am >> I totally confused on what's actually going on? (I'm pretty new to the >> whole subject of email transfers.) >> > The blurb below from this article, > http://postfixmail.com/blog/index.php/postfix-relay-control/, leads me to > believe it might be helpful in understanding and/or fixing your problem. > > "The mynetworks parameter allows you to set individual IP Addresses or > subnets. When this parameter is used the mynetworks_style parameter is > ignored. In the example below an internal private network is included as > well as a public subnet. The example also includes a single IP Address. > This gives you flexibility in configuring the options. > mynetworks=192.168.5.0/24 12.32.34.32 216.168.0.1/24 Thanks, but this article (besides being rather poorly written) sort of falls apart at the end and fades out suddenly, just as it gets to the good stuff; configuring SMTP server. But it mentions dynamic IP addresses only to say that dealing with them is hard. (and I know that already!) The article assumes you're working with static IPs.
The problem I'm having is that I have two remote computers that I may want to to use to send email to someone outside my network. They are both connected to the Internet via dhcp provided by either my ISP or verizon.com. I solved the problem for the first one by looking throuh the logs to see what IPs they were assigning to me. Fortunately, the possibilities were limited, and so I simply added an entry for each class C address that covered the addresses I had been assigned before. That solved the problem with that machine and even though I 'm allowing potential easy access to 500 IPs or so that I don't know, this did work. The other one that uses Verizon's service has lots of variation in the dynamic IPs it assigns. It doesn't see practical to put something like 75.0.0.0/8 in $mynetworks because that leaves the door open to over 16 million IPs. So what I'm wondering is if there is another way for me to identify myself so that my server will let me upload mail (to Dovecot) I've composed on the tablet and then send it back out to the Internet heading to the person to whom it's addressed? If I understand this correctly another method is to create a certificate with encryption, and by using public and private eys, etc. so that my server knows that it's me and that it should relay mail for me. That sounds like the right solution. I don't need anything from an official company if I can make these myself, it won't bother me if it complains that the certificate is home made. As long as it delivers my mail. Anyone know any good articles about creating certificates, or is ti simple enough to just relate? Cheers! - Bill Thoen _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
