MESSAGE
DATE | 2022-01-12 |
FROM | Wietse Venema
|
SUBJECT | Re: [Hangout - NYLXS] Adding Additional domains and outgoing email
|
From hangout-bounces-at-nylxs.com Tue Jan 18 13:14:12 2022 Return-Path: X-Original-To: archive-at-mrbrklyn.com Delivered-To: archive-at-mrbrklyn.com Received: from www2.mrbrklyn.com (www2.mrbrklyn.com [96.57.23.82]) by mrbrklyn.com (Postfix) with ESMTP id 4C488164065; Tue, 18 Jan 2022 13:14:10 -0500 (EST) X-Original-To: hangout-at-nylxs.com Delivered-To: hangout-at-nylxs.com Received: by mrbrklyn.com (Postfix, from userid 1000) id 200B1164055; Tue, 18 Jan 2022 13:09:11 -0500 (EST) Resent-From: Ruben Safir Resent-Date: Tue, 18 Jan 2022 13:09:10 -0500 Resent-Message-ID: <20220118180910.GR23753-at-www2.mrbrklyn.com> Resent-To: hangout-at-nylxs.com X-Original-To: ruben-at-mrbrklyn.com Delivered-To: ruben-at-mrbrklyn.com Received: from camomile.cloud9.net (camomile.cloud9.net [168.100.1.3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.cloud9.net", Issuer "Sectigo RSA Domain Validation Secure Server CA" (not verified)) by mrbrklyn.com (Postfix) with ESMTPS id 17D61163FD6 for ; Wed, 12 Jan 2022 10:43:46 -0500 (EST) Received: by camomile.cloud9.net (Postfix) id 625AD3364AB; Wed, 12 Jan 2022 10:43:12 -0500 (EST) Delivered-To: postfix-users-outgoing-at-cloud9.net Received: from localhost (localhost [127.0.0.1]) by camomile.cloud9.net (Postfix) with ESMTP id 610673364A0 for ; Wed, 12 Jan 2022 10:43:12 -0500 (EST) X-Virus-Scanned: amavisd-new at cloud9.net Received: from camomile.cloud9.net ([127.0.0.1]) by localhost (camomile.cloud9.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3BeqnS_Ea5qu for ; Wed, 12 Jan 2022 10:43:12 -0500 (EST) Received: by camomile.cloud9.net (Postfix, from userid 54) id 42D603364AF; Wed, 12 Jan 2022 10:43:12 -0500 (EST) Delivered-To: postfix-users-at-cloud9.net Received: from localhost (localhost [127.0.0.1]) by camomile.cloud9.net (Postfix) with ESMTP id 3342E3364AB for ; Wed, 12 Jan 2022 10:43:12 -0500 (EST) X-Virus-Scanned: amavisd-new at cloud9.net Received: from camomile.cloud9.net ([127.0.0.1]) by localhost (camomile.cloud9.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XHHzq0faqyPC for ; Wed, 12 Jan 2022 10:43:12 -0500 (EST) Received: from spike.porcupine.org (spike.porcupine.org [168.100.3.2]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by camomile.cloud9.net (Postfix) with ESMTPS id 144F43364A0 for ; Wed, 12 Jan 2022 10:43:12 -0500 (EST) Received: by spike.porcupine.org (Postfix, from userid 1001) id 4JYsKC53kgzJrNy; Wed, 12 Jan 2022 10:43:11 -0500 (EST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=porcupine.org; s=dktest; t=1642002191; bh=VE8zAUB3Q0wzq4cgXeKFN1aPu7iUpiWCvNArCo+fKW0=; h=Subject:In-Reply-To:To:Date:Reply-To:MIME-Version: Content-Transfer-Encoding:Content-Type:Message-Id:From; b=SYsuO2ezoaz/3HdeGNfqulYuk8CbYvAd1PkvV3/0WlcZsooWzZrRzXCL4B3jnHEY2 QVeY/AC0Hn10jNDRUZjZil6ntt9Dsqyf4G71ykrg+Yty9mdnB2TrajC0haApiCvnW6 FrRXNBLg1Aan8oFlP0nT/lGbFuGXM4eLEn4tXBPA= In-Reply-To: <20220112153128.GA32474-at-www2.mrbrklyn.com> To: Postfix users Date: Wed, 12 Jan 2022 10:43:11 -0500 (EST) X-Mailer: ELM [version 2.4ME+ PL124d (25)] MIME-Version: 1.0 Message-Id: <4JYsKC53kgzJrNy-at-spike.porcupine.org> From: Wietse Venema Precedence: bulk Subject: Re: [Hangout - NYLXS] Adding Additional domains and outgoing email X-BeenThere: hangout-at-nylxs.com X-Mailman-Version: 2.1.30rc1 List-Id: NYLXS Tech Talk and Politics List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Postfix users Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: hangout-bounces-at-nylxs.com Sender: "Hangout"
Wietse: > I think it is a mistake to enforce Spamhaus for clients that connect > to port 578. Clients on port 25 must authenticate.
Ruben Safir: > I agree, but I don't know how to control rules for 587? > How do I tell it to do something only on port 587?
In the stock master.cf file:
#submission inet n - n - - smtpd # -o syslog_name=postfix/submission # -o smtpd_tls_security_level=encrypt # -o smtpd_sasl_auth_enable=yes # -o smtpd_tls_auth_only=yes # -o smtpd_reject_unlisted_recipient=no # Instead of specifying complex smtpd__restrictions here, # specify "smtpd__restrictions=$mua__restrictions" # here, and specify mua__restrictions in main.cf (where # "" is "client", "helo", "sender", "relay", or "recipient"). # -o smtpd_client_restrictions= # -o smtpd_helo_restrictions= # -o smtpd_sender_restrictions= # -o smtpd_relay_restrictions= # -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING
Once the "#" is removed, the smtpd restrictions are:
submission inet n - n - - smtpd ... -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_relay_restrictions= -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject ...
Note that there are no DNSBL checks on the submission port.
Wietse _______________________________________________ Hangout mailing list Hangout-at-nylxs.com http://lists.mrbrklyn.com/mailman/listinfo/hangout
|
|