[pfx] Re: printer ip SMTP AUTH / mynetworks question

lists--- via Postfix-users: > I have a user with an 'old' printer/scanner who wants to scan/email scans > from the home located device > > printer offers: > machine email address: > SMTP server: > SMTP server port: > > send authentication: PoPb4SMTP/SMTP AUTH

[pfx] Re: printer ip SMTP AUTH / mynetworks question

Dnia 13.12.2023 o godz. 09:15:52 Bill Cole via Postfix-users pisze: > > No AUTH offered. Which is fine, because one should not offer AUTH > over an unencrypted session. However, your printer saw that and > instead of using STARTTLS, it hung up. That's bad. It should have > used STARTTLS to get a

[pfx] Re: printer ip SMTP AUTH / mynetworks question

: send authentication: PoPb4SMTP/SMTP AUTH: Plain/Login/CRAM-MD5/Auto login name: passwd: I would also expect a session encryption option for using TLS on the connection, which may be labeled as SSL because it is old. If your printer has no such option, I'd junk it. tried 587 with each

[pfx] printer ip SMTP AUTH / mynetworks question

I have a user with an 'old' printer/scanner who wants to scan/email scans from the home located device printer offers: machine email address: SMTP server: SMTP server port: send authentication: PoPb4SMTP/SMTP AUTH: Plain/Login/CRAM-MD5/Auto login name: passwd: tried 587 with each of the 4 AUTH

[pfx] Re: smtp auth on port 25

On Thu, Aug 17, 2023 at 09:47:13AM +0800, Jon Smart wrote: > >> If your have smtpd_sasl_auth_enable=yes for your services on port > >> 587 (submission) and port 465 (smtps or submissions), then you can > >> remove it from master.cf when all your AUTH users are not using > >> the port 25 service.

[pfx] Re: smtp auth on port 25

> On Wed, Aug 16, 2023 at 08:48:25PM -0400, Wietse Venema via Postfix-users > wrote: > >> What is the output from >> >> postconf -P '*/inet/smtpd_sasl_auth_enable' >> >> That will show the smtpd_sasl_auth_enable settings in master.cf. >> >> If your have smtpd_sasl_auth_enable=yes for your

[pfx] Re: smtp auth on port 25

On Wed, Aug 16, 2023 at 08:48:25PM -0400, Wietse Venema via Postfix-users wrote: > What is the output from > > postconf -P '*/inet/smtpd_sasl_auth_enable' > > That will show the smtpd_sasl_auth_enable settings in master.cf. > > If your have smtpd_sasl_auth_enable=yes for your services on

[pfx] Re: smtp auth on port 25

Jon Smart via Postfix-users: > > Jon Smart via Postfix-users skrev den 2023-08-16 04:01: > > > >> How can I disable auth on port 25? I really don't want users to use > >> port > >> 25 for auth sender. i am using postfix version 3.6.4 on ubuntu 22.04. > > > > its default disabled, no ? > > > >

[pfx] Re: smtp auth on port 25

> Jon Smart via Postfix-users skrev den 2023-08-16 04:01: > >> How can I disable auth on port 25? I really don't want users to use >> port >> 25 for auth sender. i am using postfix version 3.6.4 on ubuntu 22.04. > > its default disabled, no ? > > unsure give us "postconf -n | grep auth" > Hello,

[pfx] Re: smtp auth on port 25

Peter via Postfix-users skrev den 2023-08-16 09:01: mta to mta can use port 465 or 587 aswell for intended purpose :) This is incorrect, MTAs should not and will not connect to any port other than port 25 for MX traffic. you are correct if you only have ONE mta so its valid if both client

[pfx] Re: smtp auth on port 25

Jon Smart via Postfix-users skrev den 2023-08-16 04:01: How can I disable auth on port 25? I really don't want users to use port 25 for auth sender. i am using postfix version 3.6.4 on ubuntu 22.04. its default disabled, no ? unsure give us "postconf -n | grep auth" my own is mx ~ #

[pfx] Re: smtp auth on port 25

On August 15, 2023 2:15:21 AM GMT+02:00, Jon Smart via Postfix-users wrote: I have disabled port 587/465 to be accessed publicly. but port 25 must be open to internet for MTA communications. My question is, can external users access port 25 for smtp auth and send mail then? Not if you

[pfx] Re: smtp auth on port 25

On 15/08/23 21:08, Benny Pedersen via Postfix-users wrote: Peter via Postfix-users skrev den 2023-08-15 10:44: This is a bad idea for several reasons.  If you want submission use ports 465 and/or 587 as they are intended.  Don't try to use a service that is meant for a different purpose for

[pfx] Re: smtp auth on port 25

> > > On August 15, 2023 2:15:21 AM GMT+02:00, Jon Smart via Postfix-users > wrote: >>Hello, >> >>I have disabled port 587/465 to be accessed publicly. >> >>but port 25 must be open to internet for MTA communications. >> >>My question is, ca

[pfx] Re: smtp auth on port 25

* Benny Pedersen via Postfix-users [230815 05:10]: > Peter via Postfix-users skrev den 2023-08-15 10:44: > > > This is a bad idea for several reasons. If you want submission use > > ports 465 and/or 587 as they are intended. Don't try to use a service > > that is meant for a different purpose

[pfx] Re: smtp auth on port 25

Peter via Postfix-users skrev den 2023-08-15 10:44: This is a bad idea for several reasons. If you want submission use ports 465 and/or 587 as they are intended. Don't try to use a service that is meant for a different purpose for this. mta to mta can use port 465 or 587 aswell for intended

[pfx] Re: smtp auth on port 25

, for a submission host, or some other type of relay to push mail to your MTA on teh public internet. My question is, can external users access port 25 for smtp auth and send mail then? This is a bad idea for several reasons. If you want submission use ports 465 and/or 587 as they are intended

[pfx] Re: smtp auth on port 25

On August 15, 2023 2:15:21 AM GMT+02:00, Jon Smart via Postfix-users wrote: >Hello, > >I have disabled port 587/465 to be accessed publicly. > >but port 25 must be open to internet for MTA communications. > >My question is, can external users access port 25 for smt

[pfx] smtp auth on port 25

Hello, I have disabled port 587/465 to be accessed publicly. but port 25 must be open to internet for MTA communications. My question is, can external users access port 25 for smtp auth and send mail then? Thanks. ___ Postfix-users mailing list

Re: Securing a local mail app that is unable to smtp auth

On 2022-03-14 03:42, Jaroslaw Rafa wrote: Looks like a job for identd. You have to set up identd on your server and make the Postfix service on port 2525 to ask identd about the userid of connecting process. If it's not setroubleshoot, you should reject the connection. That's an interesting

Re: Securing a local mail app that is unable to smtp auth

On 2022-03-14 07:34, Wietse Venema wrote: I see that the sender runs on the same machine as Postfix. Can the sender be configured to use /bin/mail, mailx, or /usr/sbin/sendmail instead of using SMTP? Submission through /usr/sbin/sendmail (and therefore /bin/mail and mailx) can be restricted

Re: Securing a local mail app that is unable to smtp auth

Matt Kinni: > My goal is to carve out an exception for this process that doesn't > compromise the overall security of my server, or allow any local users > to spoof the FROM address of any other user without needing to login > (whilst allowing setroubleshootd to do exactly that). > > The

Re: Securing a local mail app that is unable to smtp auth

Sorry, sent to the sender instead of the list. Resending. Dnia 13.03.2022 o godz. 22:48:37 Matt Kinni pisze: > > My goal is to carve out an exception for this process that doesn't > compromise the overall security of my server, or allow any local > users to spoof the FROM address of any other

Re: SMTP Auth bind password management

On Fri, Jul 09, 2021 at 04:13:43PM +, Wakefield, Robin wrote: > My company requires that the passwords for all technical accounts be > recycled regularly. It seems that by "technical accounts" you mean service accounts used by software subsystems rather than human users. > Our

Re: SMTP Auth bind password management

>Wakefield, Robin: > Hello, > > My company requires that the passwords for all technical accounts > be recycled regularly. > > Our implementation of SMTP authentication uses the nslcd service > - we regularly rotate between 2 binddn accounts, so that we can > perform the password updates on the

SMTP Auth bind password management

Hello, My company requires that the passwords for all technical accounts be recycled regularly. Our implementation of SMTP authentication uses the nslcd service - we regularly rotate between 2 binddn accounts, so that we can perform the password updates on the inactive account, and then

postfix with smtp auth on non fqdn host

Setup: New install of ubuntu-20.10 Internet host on home lan with no real FQDN postfix ver. 3.5.6 I'm having a heck of a time getting anywhere with a postfix installation. I've filled out the main.cf several different ways and added the passwd hash for smtp auth of a SmartHost but instead

Re: more recipients on the same relay server with smtp auth

Wietse, Viktor, Thanks for your kind answer. It seems a bit difficult but I'll try to understand and apply it. This request (redirect emails of certain domains to 3rd party mail providers with auth) can't be denied because we are moving from commercial mail security appliance to postfix

Re: more recipients on the same relay server with smtp auth

On Mon, Aug 24, 2020 at 09:35:51AM -0400, Wietse Venema wrote: > > Some of our customers wanted us to forward all emails sent to some > > recipient domains to 3rd party relay servers instead of the mail > > server defined in the recipient domain's MX records. > > > > Also they provided smtp

Re: more recipients on the same relay server with smtp auth

Zsombor B: > Hi All, > > I need your thoughts. > > Some of our customers wanted us to forward all emails sent to some > recipient domains to 3rd party relay servers instead of the mail > server defined in the recipient domain's MX records. > > Also they provided smtp username and password

more recipients on the same relay server with smtp auth

Hi All, I need your thoughts. Some of our customers wanted us to forward all emails sent to some recipient domains to 3rd party relay servers instead of the mail server defined in the recipient domain's MX records. Also they provided smtp username and password for these relay servers.

Re: rejections after limiting access to smtp auth

lists skrev den 2019-12-12 03:08: Seriously is there ever a case not to use port 587? On 12.12.19 08:29, Benny Pedersen wrote: depends on content filtering, if all clients is local all can use port 25 even in this case separation of submission port can help much. I prefer postscreen and

Re: rejections after limiting access to smtp auth

lists skrev den 2019-12-12 03:08: Seriously is there ever a case not to use port 587? depends on content filtering, if all clients is local all can use port 25

Re: rejections after limiting access to smtp auth

Jason R Cowart skrev den 2019-12-12 01:10: smtpd_recipient_restrictions = check_client_access cidr:/etc/postfix/access/restricted-local-only.cidr, check_recipient_access hash:/etc/postfix/access/recipient, Any thoughts? Thanks in advance. make check_resipient_access reused in

Re: rejections after limiting access to smtp auth

Seriously is there ever a case not to use port 587?

Re: rejections after limiting access to smtp auth

On Thu, Dec 12, 2019 at 12:10:07AM +, Jason R Cowart wrote: > We're moving to a configuration that will leverage the check_sasl_access > option to allow only those granted access to authenticate from outside the > local network and relay mail. Your submission users should be using port 587,

rejections after limiting access to smtp auth

We're moving to a configuration that will leverage the check_sasl_access option to allow only those granted access to authenticate from outside the local network and relay mail. This are mostly working (at least amongst the list of users allowed to send--we'll evaluate the types of things

postfix smtp auth with active directory

Hi , Is there any document for postfix smtp auth with active directory. I have followed below document . https://www.howtoforge.com/postfix-dovecot-authentication-against-active-directory-on-centos-5.x I am getting authentication failure while authenticating and logs says as below. saslauthd

Re: authenticate o365 users with postfix without smtp auth

Le 17/06/2019 à 20:29, Wietse Venema a écrit : Emmanuel Fust?: Le 17/06/2019 ? 12:05, Emmanuel Fust? a ?crit?: Le 16/06/2019 ? 22:37, Viktor Dukhovni a ?crit?: On Sun, Jun 16, 2019 at 05:46:52PM +0200, Stefan Bauer wrote: Some of our users use o365 but would like to use our service for

Re: authenticate o365 users with postfix without smtp auth

Le 17/06/2019 à 21:31, Wietse Venema a écrit : Viktor Dukhovni: On Mon, Jun 17, 2019 at 02:29:05PM -0400, Wietse Venema wrote: I suppose that Postfix will need to forward the OORG information that it received from the Microsoft server, not a name that is hard-coded in main.cf, and that

Re: authenticate o365 users with postfix without smtp auth

As microsoft ofers DKIM-singing for outgoing mails at no extra cost, i will validate this information as 3rd authentication token. Looks much clearer and several addons for postfix exist to do so. Am Mo., 17. Juni 2019 um 21:31 Uhr schrieb Wietse Venema < wie...@porcupine.org>: > > The latter is

Re: authenticate o365 users with postfix without smtp auth

Viktor Dukhovni: > On Mon, Jun 17, 2019 at 02:29:05PM -0400, Wietse Venema wrote: > > > I suppose that Postfix will need to forward the OORG information > > that it received from the Microsoft server, not a name that is > > hard-coded in main.cf, and that Postfix will need to send that > >

Re: authenticate o365 users with postfix without smtp auth

On Mon, Jun 17, 2019 at 02:29:05PM -0400, Wietse Venema wrote: > I suppose that Postfix will need to forward the OORG information > that it received from the Microsoft server, not a name that is > hard-coded in main.cf, and that Postfix will need to send that > information only to systems that

Re: authenticate o365 users with postfix without smtp auth

Emmanuel Fust?: > Le 17/06/2019 ? 12:05, Emmanuel Fust? a ?crit?: > > Le 16/06/2019 ? 22:37, Viktor Dukhovni a ?crit?: > >> On Sun, Jun 16, 2019 at 05:46:52PM +0200, Stefan Bauer wrote: > >> > >>> Some of our users use o365 but would like to use our service for > >>> outgoing > >>> mails.? We are

Re: authenticate o365 users with postfix without smtp auth

Le 17/06/2019 à 13:08, Stefan Bauer a écrit : Emmanuel, thank you. That was of great help to see, that others have same isses with o365. Do you have any more infos how you do the experimental certificate matching part with postifx? In the official experimental release from Wietse.

Re: authenticate o365 users with postfix without smtp auth

nternet mails policy/routing/delivery is under the control of another infrastructure. Microsoft is always  presenting a client certificate. That the only way to authenticate O365. (the experimental certificate matching will help you) For the next part, the complete missing of outbound SMTP AUTH

Re: authenticate o365 users with postfix without smtp auth

the headers are generated/sanitized by Microsoft and you base your policy on it. For on-premise -> o365, they don't use the XOORG extension (it is never announced). On your tenant, you configure an specific "inboud connector" which should match a specific client certificate CN (

Re: authenticate o365 users with postfix without smtp auth

On 16-06-19 21:50, Peter wrote: > On 17/06/19 2:00 AM, Stefan Bauer wrote: >> we are running a small smtp relay service with postfix for >> authenticated users. Unfortunately office 365 does not offer any smtp >> authentication mechanism when sending mails via connectors to smarthosts. > > I

Re: authenticate o365 users with postfix without smtp auth

Emmanuel Fust?: > The "proper" Microsoft way is to use their proprietary XOORG SMTP > extension used in their hybrid cloud scenario. - Is there a protocol definition for this, or is there only implementation by trial and error? - How is the XOORG information verified against other information

Re: authenticate o365 users with postfix without smtp auth

presenting a client certificate. That the only way > to authenticate O365. (the experimental certificate matching will help you) > For the next part, the complete missing of outbound SMTP AUTH (under the > control of Microsoft or the client organization) is the difficult/crazy >

Re: authenticate o365 users with postfix without smtp auth

control of another infrastructure. Microsoft is always  presenting a client certificate. That the only way to authenticate O365. (the experimental certificate matching will help you) For the next part, the complete missing of outbound SMTP AUTH (under the control of Microsoft or the

Re: authenticate o365 users with postfix without smtp auth

I'm glad you're asking. These are cloud-hosted domains at microsofts exchange online (o365) infrastructure. Each user can set outgoing routing to smarthosts(called connectors) in exchanges admin-center. But - as said, no smtp-authentication is offered. We're providing sending-capabilities paired

Re: authenticate o365 users with postfix without smtp auth

> On Jun 16, 2019, at 6:38 PM, Bill Cole > wrote: > >> On 16 Jun 2019, at 16:27, @lbutlr wrote: >> >> On 16 Jun2019, at 12:05, Bill Cole >> wrote: > [...] >> >>> As the OP says, they support an outbound "smarthost" connector, >> >> >> Not a term I’ve heard before. > > The term "smarthost"

Re: authenticate o365 users with postfix without smtp auth

On 16 Jun 2019, at 16:27, @lbutlr wrote: On 16 Jun2019, at 12:05, Bill Cole wrote: [...] As the OP says, they support an outbound "smarthost" connector, Not a term I’ve heard before. The term "smarthost" dates from the days when it was fairly common for some hosts to know more about

Re: authenticate o365 users with postfix without smtp auth

On 16 Jun 2019, at 14:33, Stefan Bauer wrote: Bill, yes thats the question. i would consider the two factors as reliable. MS is signing mails. i just like clear user authentication instead of rely on volatile ips/blocks, microsoft publishes/changes. what i need to check is also, whether MS

Re: authenticate o365 users with postfix without smtp auth

On Sun, Jun 16, 2019 at 05:46:52PM +0200, Stefan Bauer wrote: > Some of our users use o365 but would like to use our service for outgoing > mails. We are offering smtp sending services. Integrating our service in > o365 is tricky, as one can only specify a smarthost but microsoft does not >

Re: authenticate o365 users with postfix without smtp auth

On 16 Jun2019, at 12:05, Bill Cole wrote: > But they do. Wild. > As the OP says, they support an outbound "smarthost" connector, Not a term I’ve heard before. > This is not such an unusual requirement. I have worked with multiple > businesses whose regulatory compliance relies on having all

Re: authenticate o365 users with postfix without smtp auth

On 17/06/19 2:00 AM, Stefan Bauer wrote: we are running a small smtp relay service with postfix for authenticated users. Unfortunately office 365 does not offer any smtp authentication mechanism when sending mails via connectors to smarthosts. I can't believe I just looked up MS docs for you,

Re: authenticate o365 users with postfix without smtp auth

Bill, yes thats the question. i would consider the two factors as reliable. MS is signing mails. i just like clear user authentication instead of rely on volatile ips/blocks, microsoft publishes/changes. what i need to check is also, whether MS allows spoofing of sender address. i need to make

Re: authenticate o365 users with postfix without smtp auth

On 16 Jun 2019, at 13:40, Stefan Bauer wrote: MS is publishing source ips/ranges. sasl_exeptions_networks seems an option but i still dont like the lack of authentication. So if you know that the SMTP client matches SPF (or a statically-set address set) for the sender domain AND the

Re: authenticate o365 users with postfix without smtp auth

On 16 Jun 2019, at 13:18, @lbutlr wrote: On 16 Jun2019, at 10:48, Stefan Bauer wrote: [...] the last mile o365->recipient should go through our service like o365->postfix->recipient I do not believe any company, much less Microsoft, is going to sent emails from their users to other users

Re: authenticate o365 users with postfix without smtp auth

MS is publishing source ips/ranges. sasl_exeptions_networks seems an option but i still dont like the lack of authentication. Am Sonntag, 16. Juni 2019 schrieb Wietse Venema : > Stefan Bauer: >> its like the first: >> >> end-user client -> microsoft server -> postfix server -> remote recipient >

Re: authenticate o365 users with postfix without smtp auth

Stefan Bauer: > its like the first: > > end-user client -> microsoft server -> postfix server -> remote recipient How would Postfix know that the server is Microsoft Office 365? >From the reverse DNS? Wietse

Re: authenticate o365 users with postfix without smtp auth

On 16 Jun2019, at 10:48, Stefan Bauer wrote: > our users send/receive via o365. That’s not what you said. You said "some of our users use o365 but would like to use our service for outgoing mails.” > the last mile o365->recipient should go through our service like > o365->postfix->recipient

Re: authenticate o365 users with postfix without smtp auth

its like the first: end-user client -> microsoft server -> postfix server -> remote recipient Am Sonntag, 16. Juni 2019 schrieb Wietse Venema : > Stefan Bauer: >> our users send/receive via o365. the last mile o365->recipient should go >> through our service like o365->postfix->recipient > >

Re: authenticate o365 users with postfix without smtp auth

Stefan Bauer: > our users send/receive via o365. the last mile o365->recipient should go > through our service like o365->postfix->recipient Dumb question: is the mail flow like this: end-user client -> microsoft server -> postfix server -> remote recipient Or is it something else? - Local

Re: authenticate o365 users with postfix without smtp auth

our users send/receive via o365. the last mile o365->recipient should go through our service like o365->postfix->recipient here, o365 does not offer smtp auth against postfix. Am Sonntag, 16. Juni 2019 schrieb @lbutlr : > On 16 Jun2019, at 09:46, Stefan Bauer wrote: >> som

Re: authenticate o365 users with postfix without smtp auth

On 16 Jun2019, at 09:46, Stefan Bauer wrote: > some of our users use o365 but would like to use our service for outgoing > mails. we are offering smtp sending services. integrating our service in o365 > is tricky, as one can only specify a smarthost but microsoft does not offer > any kind of

Re: authenticate o365 users with postfix without smtp auth

Stefan Bauer skrev den 2019-06-16 17:46: some of our users use o365 but would like to use our service for outgoing mails. we are offering smtp sending services. integrating our service in o365 is tricky, as one can only specify a smarthost cyrus-sasl support rimap, if o365 users can use that ?

Re: authenticate o365 users with postfix without smtp auth

some of our users use o365 but would like to use our service for outgoing mails. we are offering smtp sending services. integrating our service in o365 is tricky, as one can only specify a smarthost but microsoft does not offer any kind of authentication for smarthosts. so i'm asking if someone

Re: authenticate o365 users with postfix without smtp auth

On Sun, Jun 16, 2019 at 04:00:38PM +0200, Stefan Bauer wrote: > We are running a small smtp relay service with postfix for authenticated > users. Unfortunately office 365 does not offer any smtp authentication > mechanism when sending mails via connectors to smarthosts. There's a giant gap

authenticate o365 users with postfix without smtp auth

Hi, we are running a small smtp relay service with postfix for authenticated users. Unfortunately office 365 does not offer any smtp authentication mechanism when sending mails via connectors to smarthosts. how could one protect smtp submission in another way? without authentication, everyone

Re: OT: SMTP auth, 2FA, Outlook

Jozsef Kadlecsik: > Hi, > > Is there a way to setup 2FA in SMTP auth (with postfix) when the client is > Outlook? It seems it does not support either GSSAPI (Kerberos) or client > cert auth. > > Is there any way to get a working 2FA with Outlook in a non MS >

OT: SMTP auth, 2FA, Outlook

Hi, Is there a way to setup 2FA in SMTP auth (with postfix) when the client is Outlook? It seems it does not support either GSSAPI (Kerberos) or client cert auth. Is there any way to get a working 2FA with Outlook in a non MS environment? Thanks any tips! Best regards, Jozsef - E-mail

Re: Outlook 2010 smtp auth probs ?

On 29 Dec 2017, at 02:18, Matus UHLAR - fantomas wrote: ssl usually means port 465 with implicit SSL, while 587 requires explicit ssl (aka starttls). On 29.12.17 07:43, @lbutlr wrote: As I understand it port 465 was deprecated 20 years ago. It holds on in some servers

Re: Outlook 2010 smtp auth probs ?

> On Dec 29, 2017, at 9:43 AM, @lbutlr wrote: > > As I understand it port 465 was deprecated 20 years ago. Strangely enough, it may get a second life: https://tools.ietf.org/html/draft-ietf-uta-email-deep-12#section-3

Re: Outlook 2010 smtp auth probs ?

On 29 Dec 2017, at 02:18, Matus UHLAR - fantomas wrote: > ssl usually means port 465 with implicit SSL, while 587 requires explicit > ssl (aka starttls). As I understand it port 465 was deprecated 20 years ago. It holds on in some servers because old versions (like pre 2010)

Re: Outlook 2010 smtp auth probs ?

>> so, it connects on port 25...? > > apparently - did you look to master.cf if there's "-o syslog_name" option > in the submission service? Matus, thanks for your help no, no syslog: # grep syslog master.cf # BUT, I got the user to EDIT her existing account and, alter server host names from

Re: Outlook 2010 smtp auth probs ?

On 29.12.17 20:47, Voytek wrote: On Fri, December 29, 2017 8:18 pm, Matus UHLAR - fantomas wrote: ssl usually means port 465 with implicit SSL, while 587 requires explicit ssl (aka starttls). with Outlook 2010, it has: none/tls/ssl/auto so it's the same as 2007. TLS means starttls and

Re: Outlook 2010 smtp auth probs ?

On Fri, December 29, 2017 8:18 pm, Matus UHLAR - fantomas wrote: > ssl usually means port 465 with implicit SSL, while 587 requires explicit > ssl (aka starttls). with Outlook 2010, it has: none/tls/ssl/auto so, I've tried tls as well as ssl, just in case > However, with default

Re: Outlook 2010 smtp auth probs ?

On 29.12.17 15:32, Voytek wrote: smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unlisted_recipient, permit_mynetworks, check_sasl_access hash:/etc/postfix/sasl_access

Outlook 2010 smtp auth probs ?

, I've installed 2016, tested account setup, all worked, both IMAP and 587/SMTP auth the end user in question is remote to me, 2010 seems to have different options than 2016 I have tested the Outlook system is remote to me, it's possible end user screwed something up on Outlook, the setup for old

Re: Different SMTP AUTH options and credentials for different clients

> On Jun 28, 2016, at 2:11 AM, Rob Maidment wrote: > > Filtering out the STARTTLS option can be achieved using > smtpd_discard_ehlo_keyword_address_maps as described above. > The smtpd_tls_security_level parameter must be set to "may" rather > than "encrypt" if there are

Re: Different SMTP AUTH options and credentials for different clients

rofile can be defined in terms of client IP address or host name; each connection profile defines whether SMTP AUTH should be offered and the valid credentials; the server must ensure clients can only authenticate using the credentials from the appropriate profile. Filtering out the SMTP AUTH

Re: Different SMTP AUTH options and credentials for different clients

On Fri, Jun 24, 2016 at 04:10:40PM +0100, Rob Maidment wrote: > I could set smtpd_tls_security_level to "may" instead and then verify > that TLS has been used where it is required (e.g. using a policy > service), however that means Postfix will not validate the client > certificate right?

Re: Different SMTP AUTH options and credentials for different clients

On 24 June 2016 at 14:59, Wietse Venema wrote: >> I need to ensure TLS is used (and client certificates are verified) >> for some clients but not offered to others. What happens if I use >> smtpd_discard_ehlo_keyword_address_maps to strip the STARTTLS keyword >> but

Re: Different SMTP AUTH options and credentials for different clients

postscreen's performance. If you need a system that distributes clients over different SMTP service instances, then that can be done with a new daemon that receives connections from postscreen, and that sends them to the appropriate smtpd services. > My problem is that I need the SMTP server to

Re: Different SMTP AUTH options and credentials for different clients

postscreen decided to pass through. And once a client IP is whitelisted the correct smtpd name for that IP could be retained in the cache. My problem is that I need the SMTP server to selectively offer SMTP AUTH (and STARTTLS) based on the domain name of the connecting client, as defined by the clie

Re: Different SMTP AUTH options and credentials for different clients

't know how I didn't spot that. > > Do you think it's feasible to enhance postscreen to hand off to > different smtpd service names (e.g. with different SMTP AUTH > settings), based on the IP address of the connecting client? Or based > on the client domain name obtained via PTR r

Re: Different SMTP AUTH options and credentials for different clients

hance postscreen to hand off to different smtpd service names (e.g. with different SMTP AUTH settings), based on the IP address of the connecting client? Or based on the client domain name obtained via PTR record (with a fallback for when the lookup fails)? (The domain name requirement preven

Re: Different SMTP AUTH options and credentials for different clients

On Wed, Jun 22, 2016 at 07:17:03AM -0400, Wietse Venema wrote: Typo here: > In master.cf: > > smtpd inet . . . . . postscreen -o smtpd_service_name=blah ..^ This should be "smtp", the services(5) name for port 25. > blah pass . . . . . smtpd -- http://rob0.nodns4.us/

Re: Different SMTP AUTH options and credentials for different clients

Rob Maidment: > On 1 June 2016 at 15:37, Wietse Venema wrote: > > postscreen by design allows a "good" client to talk directly to an > > smtpd process without knowing the sender or recipient. Therefore, > > you will need two postcreens > > So I would require two

Re: Different SMTP AUTH options and credentials for different clients

On 1 June 2016 at 15:37, Wietse Venema wrote: > postscreen by design allows a "good" client to talk directly to an > smtpd process without knowing the sender or recipient. Therefore, > you will need two postcreens So I would require two postscreens, and two SMTP servers,

Re: Different SMTP AUTH options and credentials for different clients

Rob Maidment: > On 31 May 2016 at 17:21, Viktor Dukhovni wrote: > > > > The Dovecot SASL backend has access to the client's IP address, > > but I don't know whether it sees that early enough to supply Postfix > > with a client-dependent mechanism list, nor whether

Re: Different SMTP AUTH options and credentials for different clients

On 31 May 2016 at 17:21, Viktor Dukhovni wrote: > > The Dovecot SASL backend has access to the client's IP address, > but I don't know whether it sees that early enough to supply Postfix > with a client-dependent mechanism list, nor whether Dovecot has the > feature

Re: Different SMTP AUTH options and credentials for different clients

Rob Maidment: > On 31 May 2016 at 17:32, Sebastian Nielsen wrote: > > You would need to use a firewall for this. > > That's an interesting idea. I was considering deploying postscreen - > could postscreen do the splitting instead of the firewall? If not then > I guess I

Re: Different SMTP AUTH options and credentials for different clients

On 31 May 2016 at 17:32, Sebastian Nielsen wrote: > You would need to use a firewall for this. That's an interesting idea. I was considering deploying postscreen - could postscreen do the splitting instead of the firewall? If not then I guess I would need multiple postscreen

SV: Different SMTP AUTH options and credentials for different clients

:05 Till: Postfix users <postfix-users@postfix.org> Ämne: Different SMTP AUTH options and credentials for different clients How can I implement this in the Postfix SMTP server? For certain client IP addresses no authentication is required and the EHLO response should not advertise the AUTH

Re: Different SMTP AUTH options and credentials for different clients

On Tue, May 31, 2016 at 05:04:33PM +0100, Rob Maidment wrote: > How can I implement this in the Postfix SMTP server? > > For certain client IP addresses no authentication is required and the > EHLO response should not advertise the AUTH option. smtpd_discard_ehlo_keyword_address_maps

Different SMTP AUTH options and credentials for different clients

How can I implement this in the Postfix SMTP server? For certain client IP addresses no authentication is required and the EHLO response should not advertise the AUTH option. For a second set of client IP addresses authentication is required and the EHLO response should advertise AUTH PLAIN.

  1   2   3   4   5   >