On 7 June 2016 at 23:35, Catalin Bucur <c...@geniusnet.ro> wrote: > Salutare, > > > Se da: > # cat /etc/centos-release > CentOS Linux release 7.2.1511 (Core) > # uname -a > Linux mail 3.10.0-327.10.1.el7.x86_64 #1 SMP Tue Feb 16 17:03:50 UTC > 2016 x86_64 x86_64 x86_64 GNU/Linux > # rpm -qa|grep postfix > postfix-2.10.1-6.el7.x86_64 > > In main.cf am diverse restrictii obisnuite: > smtpd_client_restrictions = hash:/etc/postfix/access, > permit_mynetworks, > permit_sasl_authenticated, > reject_rbl_client zen.spamhaus.org, > reject_rbl_client bl.spamcop.net, [etc] > > Ideea e ca pentru trimiterea de mailuri (prin portul de submission de > exemplu) sa nu faca verificarile de mai sus. Daca ma autentific sa fie > de ajuns sa accepte mailul si sa-l trimita, fara sa ma streseze de > exemplu ca ip-ul public de la care trimit este prin vreun blacklist. In > master.cf am facut asa: > > submission inet n - n - - smtpd > -o syslog_name=postfix/submission > -o smtpd_etrn_restrictions=reject > -o smtpd_sasl_auth_enable=yes > -o receive_override_options=no_address_mappings > -o > > smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject > -o > > smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject >
ce nu vad e TLS enabled, la submission trebuie sa ai ceva de genul: -o smtpd_enforce_tls=yes si probabil ai ceva de genul: smtpd_sasl_security_options = noanonymous, noplaintext smtpd_sasl_tls_security_options = noanonymous care nu permite sasl auth decit pe encrypted connections ceea ce duce la reject. pune 'postconf |grep smtpd_sasl' undeva. Sau grep smtpd_. > > Si chiar vad procesul de postfix pentru submission pornit ca atare: > > postfix 6717 0.0 0.1 106752 5780 ? S 01:20 0:00 \_ > smtpd -n submission -t inet -u -o stress= -s 2 -o > syslog_name=postfix/submission -o smtpd_etrn_restrictions=reject -o > smtpd_sasl_auth_enable=yes -o > receive_override_options=no_address_mappings -o > > smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject > -o > > smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject > > In schimb cand incerc sa trimit mail: > > Jun 8 01:17:16 mail postfix/submission/smtpd[6260]: connect from > unknown[213.233.85.145] > Jun 8 01:17:16 mail postfix/submission/smtpd[6260]: NOQUEUE: reject: > CONNECT from unknown[213.233.85.145]: 554 5.7.1 > <unknown[213.233.85.145]>: Client host rejected: Access denied; proto=SMTP > Jun 8 01:17:47 mail postfix/submission/smtpd[6276]: connect from > unknown[213.233.85.145] > Jun 8 01:17:47 mail postfix/submission/smtpd[6276]: NOQUEUE: reject: > CONNECT from unknown[213.233.85.145]: 554 5.7.1 > <unknown[213.233.85.145]>: Client host rejected: Access denied; proto=SMTP > Jun 8 01:18:17 mail postfix/submission/smtpd[6276]: lost connection > after UNKNOWN from unknown[213.233.85.145] > Jun 8 01:18:17 mail postfix/submission/smtpd[6276]: disconnect from > unknown[213.233.85.145] > ce e mai jos e smtpd nu submission. > Jun 8 01:18:18 mail postfix/smtpd[6315]: connect from > unknown[213.233.85.145] > Jun 8 01:18:38 mail postfix/smtpd[6315]: NOQUEUE: reject: CONNECT from > unknown[213.233.85.145]: 554 5.7.1 Service unavailable; Client host > [213.233.85.145] blocked using zen.spamhaus.org; > https://www.spamhaus.org/query/ip/213.233.85.145; proto=SMTP > > Din teorie, ce scrie in master.cf face override la ce e in main.cf dar > la mine nu :-) Imi scapa ceva, dar nu stiu ce, asa ca daca aveti vreo > idee... > > > Mersi, > > -- > Catalin Bucur > > _______________________________________________ > RLUG mailing list > RLUG@lists.lug.ro > http://lists.lug.ro/mailman/listinfo/rlug > _______________________________________________ RLUG mailing list RLUG@lists.lug.ro http://lists.lug.ro/mailman/listinfo/rlug
