Mark Alan: > It did not imagine that it would be so difficult to configure > postscreen/postfix to achieve such a simple specification.
The hardest part of support on this mailing list is to get a precise spec that does not conflict with itself. Once we have that, configuration is not hard at all. # postconf -n|grep postscreen postscreen_access_list = static:reject postscreen_blacklist_action = enforce postscreen_greet_banner = # telnet 127.0.0.1 smtp Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 foo.example.com ESMTP Postfix ehlo foo 250-foo.example.com 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN mail from:<me> 250 2.1.0 Ok rcpt to:<you> 450 4.3.2 Service currently unavailable You complained that Postfix would engage into STARTTLS, but that is a requirement if you want it to reject mail EXACTLY as if postscreen talks to a stranger. Wietse