On Thu, 8 Dec 2011 07:46:52 -0800, Grant wrote:
Javascript gives me the creeps (yeah I use Gmail anyway) so I'm happy
to stick with Squirrelmail over Roundcube.
gmail users can use remote sasl auth aswell if outgoing from gmail is
not working :-)
otoh roundcube can use gmail imap servers,
On Thu, 08 Dec 2011 22:03:58 +0100, Reindl Harald wrote:
smtpd_recipient_restrictions = permit_mynetworks
reject_non_fqdn_recipient
reject_non_fqdn_sender
permit_mynetworks after *_fqdn_*
On Thu, 8 Dec 2011 15:29:57 -0800, Grant wrote:
#relay_domains = $mydestination
this is inccrrect :/
relay domains is NOT localy, mydestination is ONLY localy
suggest to remove that line from main.cf
Am 10.12.2011 10:52, schrieb Benny Pedersen:
On Thu, 08 Dec 2011 22:03:58 +0100, Reindl Harald wrote:
smtpd_recipient_restrictions = permit_mynetworks
reject_non_fqdn_recipient
reject_non_fqdn_sender
permit_mynetworks after *_fqdn_*
NO
mynetworks are only trusted servers
On Sat, 10 Dec 2011 12:53:33 +0100, Reindl Harald wrote:
smtpd_recipient_restrictions = permit_mynetworks
reject_non_fqdn_recipient
reject_non_fqdn_sender
permit_mynetworks after *_fqdn_*
NO
mynetworks are only trusted servers
fqdn is better done in mua, so yes imho
On 12/10/2011 5:12 AM, Benny Pedersen wrote:
On Thu, 8 Dec 2011 15:29:57 -0800, Grant wrote:
#relay_domains = $mydestination
this is inccrrect :/
relay domains is NOT localy, mydestination is ONLY localy
suggest to remove that line from main.cf
That's the default setting, so
#relay_domains = $mydestination
this is inccrrect :/
relay domains is NOT localy, mydestination is ONLY localy
suggest to remove that line from main.cf
This is the default, how can it be incorrect?
I use it with the following to lock down port 25:
mydestination = my-actual-domain.com
On Saturday 10 December 2011 11:20:50 Grant wrote:
#relay_domains = $mydestination
this is inccrrect :/
relay domains is NOT localy, mydestination is ONLY localy
suggest to remove that line from main.cf
This is the default, how can it be incorrect?
The default setting was to
Am 09.12.2011 03:44, schrieb Philip Prindeville:
On 12/8/11 5:33 PM, Reindl Harald wrote:
Got it. I misunderstood you before. May I ask why using 465 for
Thunderbird and Squirrelmail would be better than 587 for Thunderbird
and 25 for Squirrelmail talking to localhost?
there is no
You can use SquirrelMail on 587. It doesn't work right now because
of your smtpd_security_level=encrypt. You could change your
submission restrictions to something like
-o smtpd_security_level=may
-o mynetworks=127.0.0.1
-o smtpd_tls_auth_only=yes
-o
On 2011-12-09 10:07 AM, Grant emailgr...@gmail.com wrote:
master.cf:
submission inet n - n - - smtpd
-o smtpd_sasl_auth_enable=yes
-o
smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
You should also have:
On 12/9/2011 10:04 AM, Charles Marcus wrote:
On 2011-12-09 10:07 AM, Grant emailgr...@gmail.com wrote:
master.cf:
submission inet n - n - - smtpd
-o smtpd_sasl_auth_enable=yes
-o
smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
master.cf:
submission inet n - n - - smtpd
-o smtpd_sasl_auth_enable=yes
-o
smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
You should also have:
smtpd_tls_security_level=encrypt
for the submission service...
Thank you but
master.cf:
submission inet n - n - - smtpd
-o smtpd_sasl_auth_enable=yes
-o
smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
You should also have:
smtpd_tls_security_level=encrypt
for the submission service...
Normally
On 2011-12-09 11:12 AM, Grant emailgr...@gmail.com wrote:
Thank you but if I do that I won't be able to connect from
Squirrelmail which does not currently support STARTTLS. Squirrelmail
is on the same machine as postfix so TLS isn't necessary there anyway.
Which is why it was repeatedly
Thank you but if I do that I won't be able to connect from
Squirrelmail which does not currently support STARTTLS. Squirrelmail
is on the same machine as postfix so TLS isn't necessary there anyway.
Which is why it was repeatedly suggested to you to continue to use port 465
(smtps) for
On 2011-12-09 11:25 AM, Grant emailgr...@gmail.com wrote:
It was also repeatedly suggested that I switch to exactly the
arrangement that I've switched to.
No, that was only presented as an option (there is always more than one
way to skin a cat).
Doing it the way you did it makes your
It was also repeatedly suggested that I switch to exactly the
arrangement that I've switched to.
No, that was only presented as an option (there is always more than one way
to skin a cat).
Doing it the way you did it makes your primary submission port *less*
secure, *just* so you can let
On 12/9/2011 10:15 AM, Grant wrote:
master.cf:
submission inet n - n - - smtpd
-o smtpd_sasl_auth_enable=yes
-o
smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
You should also have:
smtpd_tls_security_level=encrypt
for the
master.cf:
submission inet n - n - - smtpd
-o smtpd_sasl_auth_enable=yes
-o
smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
You should also have:
smtpd_tls_security_level=encrypt
for the submission service...
Normally
On 12/9/11 8:07 AM, Grant wrote:
I should add that I took Noel's advice and Thunderbird is connecting
remotely to 587 and Squirrelmail is connecting locally to 587 without
encryption or authentication. The above config pertains to that
arrangement.
- Grant
Now whenever you upgrade
On 12/9/11 2:26 AM, Reindl Harald wrote:
well, as long thunderbird offers STARTTLS or SSL and for SSL 465 as
default and as long 465 does not eat anybodys children
It kicked my dog once...
I should add that I took Noel's advice and Thunderbird is connecting
remotely to 587 and Squirrelmail is connecting locally to 587 without
encryption or authentication. The above config pertains to that
arrangement.
- Grant
Now whenever you upgrade Squirrelmail to something current, you
On 12/9/11 11:39 AM, Grant wrote:
I should add that I took Noel's advice and Thunderbird is connecting
remotely to 587 and Squirrelmail is connecting locally to 587 without
encryption or authentication. The above config pertains to that
arrangement.
- Grant
Now whenever you upgrade
On Friday 09 December 2011 14:23:01 Philip Prindeville wrote:
On 12/9/11 11:39 AM, Grant wrote:
Philip:
Now whenever you upgrade Squirrelmail to something current,
you can pass your free time trying to figure out how to get
it to do STARTTLS. :-)
No need. Squirrelmail connects to 587
On 12/9/11 1:36 PM, /dev/rob0 wrote:
On Friday 09 December 2011 14:23:01 Philip Prindeville wrote:
On 12/9/11 11:39 AM, Grant wrote:
Philip:
Now whenever you upgrade Squirrelmail to something current,
you can pass your free time trying to figure out how to get
it to do STARTTLS. :-)
No
I don't see why local Squirrelmail won't send mail over 587,
but remote Thunderbird will. Squirrelmail also won't send mail over
port 25, but it will send mail over 465.
Do you have a new-enough SquirrelMail? From the looks of it, the only
version = 1.5.1 is the development snapshot. (Do
You've probably got permit_mynetworks near the top of your
smtpd_foo_restrictions, which are inherited by default. The -o
The only smtpd_foo_restrictions I have in main.cf are:
smtpd_recipient_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
On 12/08/2011 11:24 AM, Grant wrote:
You don't really need the permit_sasl_authenticated, since you shouldn't be
trying to auth on port 25. It doesn't hurt, though.
I just noticed that I can't send mail from Thunderbird unless I
include permit_sasl_authenticated in the above
So you should change 'client' to 'recipient' in master.cf before you
remove the 'permit_sasl_authenticated' in main.cf.
At that point, SquirrelMail (or anything else) won't be able to send
mail unless it authenticates on port 587, sends to one of your domains
on port 25, or is in
On 12/08/2011 02:21 PM, Gary Smith wrote:
Wouldn't it be smarter to just tell SquirrelMail to use port 587 and
pass through authentication? This way if the server is compromised
or has another exploit there isn't a simple internal email server to
send all that spam from.
This is exactly what
On 12/8/11 8:46 AM, Grant wrote:
I don't see why local Squirrelmail won't send mail over 587,
but remote Thunderbird will. Squirrelmail also won't send mail over
port 25, but it will send mail over 465.
Do you have a new-enough SquirrelMail? From the looks of it, the only
version = 1.5.1
On 12/8/2011 1:28 PM, Michael Orlitzky wrote:
On 12/08/2011 02:21 PM, Gary Smith wrote:
Wouldn't it be smarter to just tell SquirrelMail to use port 587 and
pass through authentication? This way if the server is compromised
or has another exploit there isn't a simple internal email server to
I don't see why local Squirrelmail won't send mail over 587,
but remote Thunderbird will. Squirrelmail also won't send mail over
port 25, but it will send mail over 465.
Do you have a new-enough SquirrelMail? From the looks of it, the only
version = 1.5.1 is the development snapshot. (Do
On Thursday 08 December 2011 14:06:15 Grant wrote:
Philip:
587 can be used encrypted or unencrypted, authenticated
(preferably) or not... you could for instance just limit 587
connections from a particular subnet, etc.
Why then won't Squirrelmail send mail on port 587 unencrypted with
You don't really need the permit_sasl_authenticated, since you shouldn't
be
trying to auth on port 25. It doesn't hurt, though.
I just noticed that I can't send mail from Thunderbird unless I
include permit_sasl_authenticated in the above
smtpd_recipient_restrictions block. I get relay
On 12/8/11 1:06 PM, Grant wrote:
I don't think you're really getting the significance of port 587 vs. port 25.
I think you're right.
587 can be used encrypted or unencrypted, authenticated (preferably) or
not... you could for instance just limit 587 connections from a particular
subnet,
On 12/08/2011 03:24 PM, Grant wrote:
So I should specify smtpd_client_restrictions or
smtpd_recipient_restrictions, but not both?
I think most people find it easier to put all of the restrictions under
smtpd_recipient_restrictions, since you can just read them top-to-bottom
with
25 is used by your MTA to receive *incoming* messages from other
administrative domains (organizations).
Port 25 is never used to submit outbound messages? If not, I'm
confused as to why Squirrelmail describes its SMTP Port setting this
way:
This is the port to connect to for SMTP.
Am 08.12.2011 21:49, schrieb Grant:
25 is used by your MTA to receive *incoming* messages from other
administrative domains (organizations).
Port 25 is never used to submit outbound messages? If not, I'm
confused as to why Squirrelmail describes its SMTP Port setting this
way:
This is
On 12/8/2011 2:49 PM, Grant wrote:
Is it alright to send on port 25 from Squirrelmail when it's on the
same machine as postfix?
OK, but not optimal. Better to leave on 465 to separate the traffic.
That way I can make 587 require TLS and
authentication but not require that local
So I should specify smtpd_client_restrictions or
smtpd_recipient_restrictions, but not both?
I think most people find it easier to put all of the restrictions under
smtpd_recipient_restrictions, since you can just read them top-to-bottom
with smtpd_delay_reject = yes (the default).
But
On 12/8/11 1:49 PM, Grant wrote:
25 is used by your MTA to receive *incoming* messages from other
administrative domains (organizations).
Port 25 is never used to submit outbound messages? If not, I'm
confused as to why Squirrelmail describes its SMTP Port setting this
way:
This is the
25 is used by your MTA to receive *incoming* messages from other
administrative domains (organizations).
Port 25 is never used to submit outbound messages? If not, I'm
confused as to why Squirrelmail describes its SMTP Port setting this
way:
This is the port to connect to for SMTP.
On 12/8/2011 5:29 PM, Grant wrote:
I think I can't do that because I also need to connect to 587 from
Thunderbird in remote locations.
You're making this way too complicated.
Either continue to happily use 465 as you always have, or make the
changes to submission I suggested a few minutes ago.
I think I can't do that because I also need to connect to 587 from
Thunderbird in remote locations.
You're making this way too complicated.
Either continue to happily use 465 as you always have, or make the
changes to submission I suggested a few minutes ago. These changes
still allow
Am 09.12.2011 01:11, schrieb Grant:
I think I can't do that because I also need to connect to 587 from
Thunderbird in remote locations.
You're making this way too complicated.
Either continue to happily use 465 as you always have, or make the
changes to submission I suggested a few
On 09/12/11 13:11, Grant wrote:
Got it. I misunderstood you before. May I ask why using 465 for
Thunderbird and Squirrelmail would be better than 587 for Thunderbird
and 25 for Squirrelmail talking to localhost?
I'm quite sure that he never said to use 465 for Thunderbird. The
reason you
On 12/8/2011 6:11 PM, Grant wrote:
Got it. I misunderstood you before. May I ask why using 465 for
Thunderbird and Squirrelmail would be better than 587 for Thunderbird
and 25 for Squirrelmail talking to localhost?
The good reason to not use port 25 for local user submissions is
that it
Got it. I misunderstood you before. May I ask why using 465 for
Thunderbird and Squirrelmail would be better than 587 for Thunderbird
and 25 for Squirrelmail talking to localhost?
I'm quite sure that he never said to use 465 for Thunderbird. The
reason you don't want to use port 25 for
On 12/08/2011 05:18 PM, Grant wrote:
I've boiled my config down to this. It is functional and I think it
is secure and that it rejects any attempt to send messages from
outside mynetworks unless authenticated. Am I correct? Please
consider all other directives to be default.
You're fine.
On 12/8/11 4:29 PM, Grant wrote:
Is it alright to send on port 25 from Squirrelmail when it's on the
same machine as postfix? That way I can make 587 require TLS and
authentication but not require that local Squirrelmail encrypt or
authenticate.
No, I'd do exactly what I said we do here:
On 12/8/11 5:33 PM, Reindl Harald wrote:
Got it. I misunderstood you before. May I ask why using 465 for
Thunderbird and Squirrelmail would be better than 587 for Thunderbird
and 25 for Squirrelmail talking to localhost?
there is no better
configure a server as YOU need
Well, there
Is it alright to send on port 25 from Squirrelmail when it's on the
same machine as postfix?
OK, but not optimal. Better to leave on 465 to separate the traffic.
That way I can make 587 require TLS and
authentication but not require that local Squirrelmail encrypt or
authenticate.
You
I've been using smtps on port 465 for sending mail but I read it's
deprecated so I'm trying to switch to submission port 587.
With 465 I was using the Connection security: SSL/TLS setting in
Thunderbird, but after switching to 587 I can't send mail unless I
change it to STARTTLS. Can anyone
Am 08.12.2011 01:49, schrieb Grant:
I've been using smtps on port 465 for sending mail but I read it's
deprecated so I'm trying to switch to submission port 587.
With 465 I was using the Connection security: SSL/TLS setting in
Thunderbird, but after switching to 587 I can't send mail
I've been using smtps on port 465 for sending mail but I read it's
deprecated so I'm trying to switch to submission port 587.
With 465 I was using the Connection security: SSL/TLS setting in
Thunderbird, but after switching to 587 I can't send mail unless I
change it to STARTTLS. Can anyone
Am 08.12.2011 02:09, schrieb Grant:
I've been using smtps on port 465 for sending mail but I read it's
deprecated so I'm trying to switch to submission port 587.
With 465 I was using the Connection security: SSL/TLS setting in
Thunderbird, but after switching to 587 I can't send mail unless
I've been using smtps on port 465 for sending mail but I read it's
deprecated so I'm trying to switch to submission port 587.
With 465 I was using the Connection security: SSL/TLS setting in
Thunderbird, but after switching to 587 I can't send mail unless I
change it to STARTTLS. Can anyone
Am 08.12.2011 02:40, schrieb Grant:
yes because it is STARTTLS
465 is smtp over ssl and NOT STARTTLS
we provide both on smtp/imap/pop3 because all of them
having a dedicated over ssl port and STARTTLS over
the standard-port if configured
SMTP unencrypted / TLS: 587
SMTP over SSL:
On 12/07/2011 08:09 PM, Grant wrote:
Is IMAP over SSL on 993 deprecated in favor of using STARTTLS on 143?
Nope. I personally prefer the dedicated port for POP3/IMAP.
I just read that Squirrelmail doesn't support STARTTLS, so I must
continue to use smtps 465 in order to use Squirrelmail?
Is IMAP over SSL on 993 deprecated in favor of using STARTTLS on 143?
Nope. I personally prefer the dedicated port for POP3/IMAP.
OK, I'll stick with it for IMAP.
I just read that Squirrelmail doesn't support STARTTLS, so I must
continue to use smtps 465 in order to use Squirrelmail?
I
On 12/07/2011 07:49 PM, Grant wrote:
I've been using smtps on port 465 for sending mail but I read it's
deprecated so I'm trying to switch to submission port 587.
With 465 I was using the Connection security: SSL/TLS setting in
Thunderbird, but after switching to 587 I can't send mail unless I
Just a point of clarification... port 465 isn't deprecated because it was
never formerly assigned by IANA.
It was highjacked by some mailer (I forget which) and when 587 was assigned, it
was agreed to stop using the former port.
As for one of your questions, it's assumed that 465 comes up with
the main-question is why you need to encrypt sending messages from
a webmail which usually does not go over the WAN
If I set Secure SMTP (TLS) : false in squirrelmail, I get:
Authentication required
530 5.7.0 Must issue a STARTTLS command first
If I change port 587 to 25 in squirrelmail I
Just a point of clarification... port 465 isn't deprecated because it was
never formerly assigned by IANA.
It was highjacked by some mailer (I forget which) and when 587 was assigned,
it was agreed to stop using the former port.
As for one of your questions, it's assumed that 465 comes up
On Wednesday 07 December 2011 19:58:18 Michael Orlitzky wrote:
On 12/07/2011 08:09 PM, Grant wrote:
Is IMAP over SSL on 993 deprecated in favor of using STARTTLS on
143?
Nope. I personally prefer the dedicated port for POP3/IMAP.
Preferences aside, the fact remains that SSL has been
On 12/07/2011 09:48 PM, /dev/rob0 wrote:
On Wednesday 07 December 2011 19:58:18 Michael Orlitzky wrote:
On 12/07/2011 08:09 PM, Grant wrote:
Is IMAP over SSL on 993 deprecated in favor of using STARTTLS on
143?
Nope. I personally prefer the dedicated port for POP3/IMAP.
Preferences aside,
On 12/07/2011 09:10 PM, Grant wrote:
I'm trying to figure out why I can't connect to 587 in Squirrelmail.
I can in Thunderbird.
You did select STARTTLS in the SquirrelMail config, right? The postfix
logs might give you an idea what it's trying to do.
The docs say that you need PHP with
You've probably got permit_mynetworks near the top of your
smtpd_foo_restrictions, which are inherited by default. The -o
The only smtpd_foo_restrictions I have in main.cf are:
smtpd_recipient_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
I'm trying to figure out why I can't connect to 587 in Squirrelmail.
I can in Thunderbird.
You did select STARTTLS in the SquirrelMail config, right? The postfix logs
might give you an idea what it's trying to do.
If I try to send mail in Squirrelmail with Secure SMTP (TLS) : true
I get 0
On 12/07/2011 10:13 PM, Grant wrote:
You've probably got permit_mynetworks near the top of your
smtpd_foo_restrictions, which are inherited by default. The -o
The only smtpd_foo_restrictions I have in main.cf are:
smtpd_recipient_restrictions =
permit_sasl_authenticated,
72 matches
Mail list logo