No, since that will only whitelist the sender part;
smtpd_recipient_restrictions may still reject the message or the
recipient(s).
Put the sender check in smtpd_recipient_restrictions instead.
So would this work:
smtpd_recipient_restrictions = permit_sasl_authenticated,
check_sender_access
So would this work:
smtpd_recipient_restrictions = permit_sasl_authenticated,
check_sender_access hash:/usr/pkg/etc/postfix/sender_access,
reject_unauth_destination, reject_unauth_pipelining, reject_rbl_client
zen.spamhaus.org, check_policy_service inet:127.0.0.1:10023, permit
As in the minute
Hi,
I'm trying to achieve the following:
Stop spammers (obviously)
Permit relaying when I'm outside the network (using SASL)
After reading through postconf, to prevent duplicate checks I removed
a number of checks from smtpd_sender_restrictions, so that it now
looks like this:
Hi Rob
Thanks for your reply - that's certainly cleared a few things up!
check_recipient_access hash:/usr/pkg/etc/postfix/access,
access is a bad name for this. Since you're checking recipient
addresses, I would suggest a name of rcpt_access, or similar.
I've renamed this to sender_access
On 23 January 2011 10:15, mouss mo...@ml.netoyen.net wrote:
Le 23/01/2011 03:45, IT geek 31 a écrit :
A recent poster asked for configuration to be checked, and it has made
me question my own sender and recipient restrictions:
smtpd_sender_restrictions =
permit_sasl_authenticated
On 23 January 2011 13:33, Noel Jones njo...@megan.vbhcs.org wrote:
No, the different smtpd_*_restrictions define *when* or in what order the
checks run. This is further simplified by the sane default
smtpd_delay_reject=yes, which delays evaluation of smtpd_{client, helo,
sender,
A recent poster asked for configuration to be checked, and it has made
me question my own sender and recipient restrictions:
smtpd_sender_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
check_sender_access hash:/usr/pkg/etc/postfix/sender_access,
I have an issue regarding SSL/TLS.
I have configured my certificates and STARTTLS works fine. Out of
curosity, I wanted to get SSL over tcp/465 working.
I uncommented the following line in master.cf:
smtps inet n - n - - smtpd
And netsat shows the
On 18 January 2011 22:22, Wietse Venema wie...@porcupine.org wrote:
IT geek 31:
I have an issue regarding SSL/TLS.
I have configured my certificates and STARTTLS works fine. Out of
curosity, I wanted to get SSL over tcp/465 working.
Port 465 uses a different protocol than port 25
On 18 January 2011 22:34, Wietse Venema wie...@porcupine.org wrote:
IT geek 31:
On 18 January 2011 22:22, Wietse Venema wie...@porcupine.org wrote:
IT geek 31:
I have an issue regarding SSL/TLS.
I have configured my certificates and STARTTLS works fine. ?Out of
curosity, I wanted
My understanding is to prevent these errors, you obtain the root
certificate for each server mail certificate your Postfix server
connects to, append it to a pem file and reference it with
smtp_tls_CAfile in main.conf.
This could obviously take a while. On a Windows installation you can
refer to
(encrypt if valid key is found, do not if a key is not found)
On 7 January 2011 14:40, Mikael Bak mik...@t-online.hu wrote:
IT geek 31 wrote:
Outlook is all-or-nothing - it can force encryption for all
recipients, regardless if they have a certificate or not, or none at
all.
Thunderbird
My accountant and I both have digital certificates and most of the
time encrypt our mails. But he often forgets, meaning sensitive
information is sent in plaintext.
Is there any way to instruct Postfix to reject his mail unless it is encrypted?
I know I can setup TLS, but that is something I
I am talking about the mail content, and I'm using S/MIME.
Yes, I'm sure the accountant will never send me unencrypted mail.
Thanks,
On 6 January 2011 14:25, Ansgar Wiechers li...@planetcobalt.net wrote:
On 2011-01-06 IT geek 31 wrote:
My accountant and I both have digital certificates
On 6 January 2011 14:25, Ansgar Wiechers li...@planetcobalt.net wrote:
On 2011-01-06 IT geek 31 wrote:
My accountant and I both have digital certificates and most of the
time encrypt our mails. But he often forgets, meaning sensitive
information is sent in plaintext.
Is there any way
On 6 January 2011 19:49, Jerry postfix-u...@seibercom.net wrote:
On Thu, 6 Jan 2011 19:21:56 +
IT geek 31 itgee...@googlemail.com articulated:
I think you've nailed it there Tom - I'm trying to teach better
etiquette. Ideally I'd like a plugin for his mail client (Outlook
If you really like to do you might use header_checks to detect the
Content-Type. Signed mail for example has Content-Type: multipart/signed.
For header_checks have a look here
http://www.postfix.org/header_checks.5.html, but be aware that the content
has already leaked as others said. If you
17 matches
Mail list logo
