Michael, after I configured postscreen, how do I test it?
I tried doing out of turn talking but it didn't seem to block me...
Rgds,
Michael, after I configured postscreen, how do I test it?
I tried doing out of turn talking but it didn't seem to block me...
Are you getting lines like this in your mail log:
Dec 6 03:13:46 mx1 postfix/postscreen[2810]: CONNECT from ...
- Grant
On 12/06/11 19:57, Grant wrote:
That will disable postgrey, but isn't enough to enable postscreen. There
are a couple of daemons you have to enable in master.cf (steps 2 through 6):
http://www.postfix.org/POSTSCREEN_README.html#enable
That README refers to lines that are commented-out in
On 12/06/11 20:02, Grant wrote:
Aye aye. Should I make the change like this:
#smtps inet n - n - - smtpd
# -o smtpd_tls_wrappermode=yes
submission inet n - n - - smtpd
-o smtpd_tls_security_level=encrypt
# -o
On Dec 7, 2011 11:05 PM, Grant emailgr...@gmail.com wrote:
Michael, after I configured postscreen, how do I test it?
I tried doing out of turn talking but it didn't seem to block me...
Are you getting lines like this in your mail log:
Dec 6 03:13:46 mx1 postfix/postscreen[2810]:
That will disable postgrey, but isn't enough to enable postscreen. There
are a couple of daemons you have to enable in master.cf (steps 2 through 6):
http://www.postfix.org/POSTSCREEN_README.html#enable
That README refers to lines that are commented-out in master.cf; of
course, if you've
Aye aye. Should I make the change like this:
#smtps inet n - n - - smtpd
# -o smtpd_tls_wrappermode=yes
submission inet n - n - - smtpd
-o smtpd_tls_security_level=encrypt
# -o smtpd_sasl_auth_enable=yes
# -o
On 12/07/11 13:16, Grant wrote:
Are you sure? I was using smtps like this:
smtps inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o
On 12/07/11 13:56, Michael Orlitzky wrote:
Are all of your clients in mynetworks? If so, it doesn't really matter
unless you want to prevent your own users from forging the envelope
sender or From: address.
Whoops, correction: you can still forge the From: header with
Are you sure? I was using smtps like this:
smtps inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
but I
What about trouble with the DNSBL lists? I know when I changed my IP
address I had to work to get the new one removed from a few blacklists
it had previously been placed on. I wasn't sending spam, but my
messages would have been blocked under that config if I hadn't done
the work to get the
On 12/06/11 11:32, Grant wrote:
Got it. Your explanations are positively lucid.
I added this to /etc/postifx/main.cf:
postscreen_greet_action = enforce
postscreen_pipelining_enable = yes
postscreen_pipelining_action = enforce
postscreen_non_smtp_command_enable = yes
On Tue, Dec 6, 2011 at 11:11 AM, Michael Orlitzky mich...@orlitzky.com wrote:
On 12/06/11 11:32, Grant wrote:
Got it. Your explanations are positively lucid.
I added this to /etc/postifx/main.cf:
postscreen_greet_action = enforce
postscreen_pipelining_enable = yes
Got it. Your explanations are positively lucid.
I added this to /etc/postifx/main.cf:
postscreen_greet_action = enforce
postscreen_pipelining_enable = yes
postscreen_pipelining_action = enforce
postscreen_non_smtp_command_enable = yes
postscreen_non_smtp_command_action = enforce
On 12/06/2011 04:34 PM, Grant wrote:
Do you know how smtps comes into play? Right now I've got the
following uncommented in master.cf:
smtp inet n - n - - smtpd
smtps inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes
On Dec 7, 2011 2:22 AM, Paul Hartman paul.hartman+gen...@gmail.com
wrote:
On Tue, Dec 6, 2011 at 11:11 AM, Michael Orlitzky mich...@orlitzky.com
wrote:
On 12/06/11 11:32, Grant wrote:
Got it. Your explanations are positively lucid.
I added this to /etc/postifx/main.cf:
That will disable postgrey, but isn't enough to enable postscreen. There
are a couple of daemons you have to enable in master.cf (steps 2 through 6):
http://www.postfix.org/POSTSCREEN_README.html#enable
That README refers to lines that are commented-out in master.cf; of
course, if you've
SMTPS is deprecated. You probably don't need it at all, unless you do. Some
older (Microsoft...) clients can't use anything else for encryption.
These days, the proper way to secure your users' connections is with TLS
on the submission port, 587. You should also have a commented-out
On Dec 7, 2011 8:01 AM, Grant emailgr...@gmail.com wrote:
That will disable postgrey, but isn't enough to enable postscreen. There
are a couple of daemons you have to enable in master.cf (steps 2
through 6):
http://www.postfix.org/POSTSCREEN_README.html#enable
That README refers to
Here's the entirety of my main.cf postscreen section for reference. I've
deemed these safe, but you shouldn't enable them without reading what they
do!
#
# Postscreen settings
#
postscreen_greet_action = enforce
postscreen_dnsbl_sites =
psbl.surriel.com,
bl.spamcop.net,
On Dec 6, 2011 7:19 AM, Grant emailgr...@gmail.com wrote:
Here's the entirety of my main.cf postscreen section for reference. I've
deemed these safe, but you shouldn't enable them without reading what
they
do!
#
# Postscreen settings
#
postscreen_greet_action = enforce
On 12/05/2011 07:45 PM, Pandu Poluan wrote:
I've looked up each of those parameters and they sound fine to me.
How long have you been running them? Have you been notified of any
mistakenly rejected mail? It's very important my server doesn't miss
any mail, even if it means dealing
On Dec 6, 2011 7:58 AM, Michael Orlitzky mich...@orlitzky.com wrote:
On 12/05/2011 07:45 PM, Pandu Poluan wrote:
I've looked up each of those parameters and they sound fine to me.
How long have you been running them? Have you been notified of any
mistakenly rejected mail? It's
On 12/05/2011 08:01 PM, Pandu Poluan wrote:
Four months without a false positive? Good enough for me. Where do I
sign? :-)
main.cf
=)
I've looked up each of those parameters and they sound fine to me.
How long have you been running them? Have you been notified of any
mistakenly rejected mail? It's very important my server doesn't miss
any mail, even if it means dealing with more spam.
Similar situation with
On 12/05/2011 10:24 PM, Grant wrote:
What about trouble with the DNSBL lists? I know when I changed my IP
address I had to work to get the new one removed from a few blacklists
it had previously been placed on. I wasn't sending spam, but my
messages would have been blocked under that config
On Dec 4, 2011 10:10 AM, Michael Orlitzky mich...@orlitzky.com wrote:
On 12/03/2011 09:48 PM, Pandu Poluan wrote:
Thanks! Very helpful resources.
You mentioned amavisd-new. What's their relationship? I mean, if I
deploy postscreen, how will it affect amavisd-new?
Postscreen sits in
On 12/03/2011 02:52 PM, Grant wrote:
I haven't set up any antivirus measures on my Gentoo systems so I
think I should. Is clamav run as a scheduled filesystem scanner on
each system and as an email scanner on the mail server all that's
necessary?
Nobody (as far as I know?) scans linux
I haven't set up any antivirus measures on my Gentoo systems so I
think I should. Is clamav run as a scheduled filesystem scanner on
each system and as an email scanner on the mail server all that's
necessary?
Nobody (as far as I know?) scans linux filesystems unless there's a legal
On 12/03/2011 07:59 PM, Grant wrote:
I haven't set up any antivirus measures on my Gentoo systems so I
think I should. Is clamav run as a scheduled filesystem scanner on
each system and as an email scanner on the mail server all that's
necessary?
Nobody (as far as I know?) scans linux
Very cool. I found out clamscan and avgfree scan the filesystem so I
thought I should set it up, but if it's not necessary I won't bother.
All of my mail users are on Gentoo so do I need to bother having
clamav scan my incoming mail?
Well, they aren't going to get infected with anything,
On Dec 4, 2011 5:58 AM, Michael Orlitzky mich...@orlitzky.com wrote:
On 12/03/2011 02:52 PM, Grant wrote:
I haven't set up any antivirus measures on my Gentoo systems so I
think I should. Is clamav run as a scheduled filesystem scanner on
each system and as an email scanner on the mail
On 12/03/2011 08:57 PM, Grant wrote:
Very cool. I found out clamscan and avgfree scan the filesystem so I
thought I should set it up, but if it's not necessary I won't bother.
All of my mail users are on Gentoo so do I need to bother having
clamav scan my incoming mail?
Well, they aren't
On 12/03/2011 08:59 PM, Pandu Poluan wrote:
This is new information to me. If you're subscribed to Gentoo-server,
you'll know that I am in the process of setting up a mailfiltering
gateway for my company.
Any resources on this postscreen facility? sounds like a very nice
thing to implement.
On Dec 4, 2011 9:21 AM, Michael Orlitzky mich...@orlitzky.com wrote:
On 12/03/2011 08:59 PM, Pandu Poluan wrote:
This is new information to me. If you're subscribed to Gentoo-server,
you'll know that I am in the process of setting up a mailfiltering
gateway for my company.
Any resources
On 12/03/2011 09:48 PM, Pandu Poluan wrote:
Thanks! Very helpful resources.
You mentioned amavisd-new. What's their relationship? I mean, if I
deploy postscreen, how will it affect amavisd-new?
Postscreen sits in front of smtpd, and handles all incoming connections.
It hands the good
36 matches
Mail list logo
