Le 01.02.2011 19:19, Nigel Kukard a écrit :
>
[snip]
>> smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
>> -o broken_sasl_auth_clients=yes
>> -o smtpd_sasl_path=smtpd
>> -o smtpd_tls_cert_file=/etc/postfix/certs/mycert.pem
>> -o smtpd_tls_key_file=/etc/postfix/certs/mykey.key
>> -o smtpd_tls_loglevel=2
>> -o smtpd_tls_received_header=yes
>> -o smtpd_tls_security_level=encrypt
>>
>
> You're overriding alot of those smtpd_recipient_restrictions in
> master.cf , what port is the mail entering your mailserver on?
>
Hello Nigel,
Now, it listens on ports 25 (standard smtp), 465 and 587 ( both TLS).
port 10587 was also used for TLS tests.
The firewall would filter port 25 (ACCEPT for just a few internal
servers IPs and university MXs), users should use TLS only...
I tried to check with postconf, to make sure that restrictions policy
service was used:
# postconf | grep policy
lmtp_tls_policy_maps =
smtp_tls_policy_maps =
smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10031
smtpd_policy_service_max_idle = 300s
smtpd_policy_service_max_ttl = 1000s
smtpd_policy_service_timeout = 100s
smtpd_recipient_restrictions = check_policy_service
inet:127.0.0.1:10031, reject_sender_login_mismatch,
reject_unknown_sender_domain, check_sender_access
hash:/etc/postfix/restricted_senders, permit_sasl_authenticated,
permit_mynetworks, check_relay_domains,reject
but it doesn't ring any bell in my mind.
Yet, I must be missing something...
regards,
sebastien
_______________________________________________
Users mailing list
[email protected]
http://lists.policyd.org/mailman/listinfo/users
