I am noticing that the stock dovecot is old and the stock postfix is old, but
postfix isn't so old that there's no postscreen.
I understand that the submission port is supposed to be encrypted and that
changes have to be made to postfix/dovecot/and even MUAs to do SMTP Authority.
My target MUA's are evolution and rainloop, an html based mail client.
Running an smtp server that doesn't require you to login is probably a bad
idea, but this logging in is extremely difficult to get working.
I think the trouble I'm having is the age of the stock postfix and dovecot. Not
wanting to recompile them and lose CentOS's maintenance work, I could use some
good tips on how to find documentation specific to the versions I have.
A related question, can I dynamically block Internet IP's that try three times
unsuccessfully to send me email because they identify invalidly helo, they fail
smtp auth three times, or they try to relay somewhere else through me? If I
don't dynamically block, the same offenders it seems will flood my maillog all
day long and all night. I'm thinking FAIL2BAN is what I need, but I'm not
certain about the SMTP auth related failures.
-- Michael C. Robinson
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd
$daemon_directory/$process_name $process_id & sleep 5
html_directory = no
inet_interfaces = all
inet_protocols = ipv4
mail_owner = postfix
mailbox_command = /usr/bin/procmail -a "$EXTENSION"
mailbox_size_limit = 0
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
masquerade_domains = $mydomain
message_size_limit = 204800000
milter_default_action = accept
milter_protocol = 2
mydestination = localhost.$mydomain, localhost, $mydomain
mydomain = robinson-west.com
myhostname = goose.robinson-west.com
mynetworks = 127.0.0.0/8, 204.122.17.0/24
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
non_smtpd_milters = $smtpd_milters
postscreen_access_list = permit_mynetworks,
cidr:/etc/postfix/postscreen_access.cidr
postscreen_dnsbl_action = enforce
postscreen_dnsbl_reply_map = texthash:/etc/postfix/dnsbl_reply
postscreen_greet_action = enforce
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
recipient_bcc_maps = hash:/etc/postfix/recipient_bcc
relay_domains =
relay_recipient_maps = hash:/etc/postfix/relay_recipients
relayhost =
sample_directory = /usr/share/doc/postfix-2.10.1/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_note_starttls_offer = yes
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname at Eskimo North
smtpd_milters = inet:127.0.0.1:8891
smtpd_recipient_restrictions = permit_sasl_authenticated, check_helo_access
hash:/etc/postfix/helo_access, reject_unknown_helo_hostname,
reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = reject_unknown_sender_domain
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /opt/etc/certs/cert/server.crt
smtpd_tls_key_file =
/opt/etc/certs/private/goose_robinson-west_com_RSA_private_nopass.key
smtpd_tls_loglevel = 1
smtpd_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
soft_bounce = no
unknown_local_recipient_reject_code = 550
_______________________________________________
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug
