Re: Σχετ: Implement SMTP Auth in a non-disruptive way?
Please do not top-post on this list. I wrote: I this is a good spot for the standard response of please don't tell us what your proposed solution is, please tell us what is the problem you are trying to solve. In other words, why do you suddenly need SMTP AUTH (and I'm assuming here you want it even for clients in $mynetworks) and what is the problem you think making it required will solve? Peter Tselios replied: Well, There are a number of reasons. Like for example, stopping emails from non-existed users, or stopping email bombing from zombie PCs. The majority of emails in the queues of my MTA is backscatter and one of the ways to reduce it is SMTP Auth. Backscatter is a symptom of another problem. Fix that problem rather than trying to block the symptom. More important thought is the need to enable access to the MTA from other networks too, so, I need the SMTP AUTH. How does that affect hosts in $mynetworks? You can have SMTP AUTH turned on but still allow unauthenticated mail from hosts within $mynetworks. -- Larry Stone lston...@stonejongleux.com http://www.stonejongleux.com/
Σχετ: Σχετ: Implement SMTP Auth in a non-disruptive way?
Please do not top-post on this list. I wrote: I this is a good spot for the standard response of please don't tell us what your proposed solution is, please tell us what is the problem you are trying to solve. In other words, why do you suddenly need SMTP AUTH (and I'm assuming here you want it even for clients in $mynetworks) and what is the problem you think making it required will solve? Peter Tselios replied: Well, There are a number of reasons. Like for example, stopping emails from non-existed users, or stopping email bombing from zombie PCs. The majority of emails in the queues of my MTA is backscatter and one of the ways to reduce it is SMTP Auth. Backscatter is a symptom of another problem. Fix that problem rather than trying to block the symptom. More important thought is the need to enable access to the MTA from other networks too, so, I need the SMTP AUTH. How does that affect hosts in $mynetworks? You can have SMTP AUTH turned on but still allow unauthenticated mail from hosts within $mynetworks. -- Larry Stone lston...@stonejongleux.com http://www.stonejongleux.com/ The point it to block spam originating from zombie PCs in my networks. I already allow traffic from $mynetworks but that, unfortunately, includes spam. So, the point is to reduce that emails.
Re: Implement SMTP Auth in a non-disruptive way?
Am 08.02.2012 14:57, schrieb Peter Tselios: Hallo, So far I have not implemented SMTP Auth for various reasons (on of them was the fact that I had no Postfix installed). Anyway, I would like to implement it, but since I have a relatively large base (200K emails), I would like to do it in a non-disruptive way. I was thinking to implement something like a bounce message for each outgoing mail without authentication. That message will not stop the delivery of the email, but it will, simply, inform unauthenticated users about the fact that in a few days they will be forced to do so. When D-day comes, I would like to return to unauthenticated users a custom DSN, not the build-in error. Is there any way to do it? If not, is there any other way to do it? this is not possible postfix has SASL active or not postfix rejectes a message or not and no, it makes no sense a custom DSN, not the build-in error because you have to reject a message that you will not accept how have this worked before? all users from machines in mynetworks if not you have a open relay if the machine is connected to the internet signature.asc Description: OpenPGP digital signature
Re: Implement SMTP Auth in a non-disruptive way?
On Wed, 8 Feb 2012, Peter Tselios wrote: So far I have not implemented SMTP Auth for various reasons (on of them was the fact that I had no Postfix installed). Anyway, I would like to implement it, but since I have a relatively large base (200K emails), I would like to do it in a non-disruptive way. I was thinking to implement something like a bounce message for each outgoing mail without authentication. That message will not stop the delivery of the email, but it will, simply, inform unauthenticated users about the fact that in a few days they will be forced to do so. When D-day comes, I would like to return to unauthenticated users a custom DSN, not the build-in error. Is there any way to do it? If not, is there any other way to do it? I this is a good spot for the standard response of please don't tell us what your proposed solution is, please tell us what is the problem you are trying to solve. In other words, why do you suddenly need SMTP AUTH (and I'm assuming here you want it even for clients in $mynetworks) and what is the problem you think making it required will solve? -- Larry Stone lston...@stonejongleux.com
Re: Implement SMTP Auth in a non-disruptive way?
Greetings, Reindi, search through postfix docs for that: + permit_sasl_authenticated + permit_mynetworks (play with the mynetworks definition, so, initially you allow all mail from your local network, and when *all* of your users moved to new authenticated schema, you just removed local network from here) That one is not so important, but I have found it really useful in my environment: + reject_authenticated_sender_login_mismatch (this is an interesting one, that you can later replace with: reject_sender_login_mismatch ... now, I use LDAP with all of this). I am a little in a hurry now, but if you read the docs you may get the idea. I hope this helps, Ildefonso Camargo.
Re: Implement SMTP Auth in a non-disruptive way?
Am 09.02.2012 04:49, schrieb Jose Ildefonso Camargo Tolosa: Greetings, Reindi, search through postfix docs for that: + permit_sasl_authenticated + permit_mynetworks (play with the mynetworks definition, so, initially you allow all mail from your local network, and when *all* of your users moved to new authenticated schema, you just removed local network from here) That one is not so important, but I have found it really useful in my environment: + reject_authenticated_sender_login_mismatch (this is an interesting one, that you can later replace with: reject_sender_login_mismatch ... now, I use LDAP with all of this). I am a little in a hurry now, but if you read the docs you may get the idea. I hope this helps first it was not me having a problem with SMTP Auth second all of this doe snot help in the strange wishes of the OP which are making no sense at all, below quoted again please do not read only the subject! ___- this is what i meant with making no sense at all I would like to do it in a non-disruptive way. I was thinking to implement something like a bounce message for each outgoing mail without authentication. That message will not stop the delivery of the email, but it will, simply, inform unauthenticated users about the fact that in a few days they will be forced to do so. When D-day comes, I would like to return to unauthenticated users a custom DSN, not the build-in error. signature.asc Description: OpenPGP digital signature
Σχετ: Implement SMTP Auth in a non-disruptive way?
Well, There are a number of reasons. Like for example, stopping emails from non-existed users, or stopping email bombing from zombie PCs. The majority of emails in the queues of my MTA is backscatter and one of the ways to reduce it is SMTP Auth. More important thought is the need to enable access to the MTA from other networks too, so, I need the SMTP AUTH. - Αρχικό μήνυμα - Απο: Larry Stone lston...@stonejongleux.com Προς: Peter Tselios s91...@yahoo.gr Κοιν.: Postfix Users postfix-users@postfix.org Στάλθηκε: 4:32 μ.μ. Τετάρτη, 8 Φεβρουαρίου 2012 Θεμα: Re: Implement SMTP Auth in a non-disruptive way? On Wed, 8 Feb 2012, Peter Tselios wrote: So far I have not implemented SMTP Auth for various reasons (on of them was the fact that I had no Postfix installed). Anyway, I would like to implement it, but since I have a relatively large base (200K emails), I would like to do it in a non-disruptive way. I was thinking to implement something like a bounce message for each outgoing mail without authentication. That message will not stop the delivery of the email, but it will, simply, inform unauthenticated users about the fact that in a few days they will be forced to do so. When D-day comes, I would like to return to unauthenticated users a custom DSN, not the build-in error. Is there any way to do it? If not, is there any other way to do it? I this is a good spot for the standard response of please don't tell us what your proposed solution is, please tell us what is the problem you are trying to solve. In other words, why do you suddenly need SMTP AUTH (and I'm assuming here you want it even for clients in $mynetworks) and what is the problem you think making it required will solve? -- Larry Stone lston...@stonejongleux.com
Σχετ: Implement SMTP Auth in a non-disruptive way?
Well, I believe you meaning: reject_unauthenticated_sender_login_mismatch. I tried that on my test env, but I did not add the permit_sasl_authenticated and I had issues. Now, it's better, thanks! I still need the DSN style message back for those users and I hope to have some ideas. - Αρχικό μήνυμα - Απο: Jose Ildefonso Camargo Tolosa ildefonso.cama...@gmail.com Προς: Postfix Users postfix-users@postfix.org Κοιν.: Στάλθηκε: 5:49 π.μ. Πέμπτη, 9 Φεβρουαρίου 2012 Θεμα: Re: Implement SMTP Auth in a non-disruptive way? Greetings, Reindi, search through postfix docs for that: + permit_sasl_authenticated + permit_mynetworks (play with the mynetworks definition, so, initially you allow all mail from your local network, and when *all* of your users moved to new authenticated schema, you just removed local network from here) That one is not so important, but I have found it really useful in my environment: + reject_authenticated_sender_login_mismatch (this is an interesting one, that you can later replace with: reject_sender_login_mismatch ... now, I use LDAP with all of this). I am a little in a hurry now, but if you read the docs you may get the idea. I hope this helps, Ildefonso Camargo.