I want to use SSL with plain auth. Am I supposed to be seeing something OTHER than "250-STARTTLS" ? (should it say "250- AUTH PLAIN" also ? ) Code: >>telnet mail.mydomain.com 587 Trying xx.xx.xx.xx... Connected to mail.mydomain.com. Escape character is '^]'. 220 mail.mydomain.com ESMTP mail.mydomain.com (Linux/GNU) >>ehlo [email protected] 250-mail.mydomain.com 250-PIPELINING 250-SIZE 104857600 250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN >>AUTH LOGIN 438 4.7.0 Encryption required for requested authentication mechanism >>AUTH LOGIN PLAIN 438 4.7.0 Encryption required for requested authentication mechanism
Thanks for responding Mark! 587 for TLS, 465 for SSL...important stuff to know! Thanks! ~/postfix/master.cf Code: # ========================================================================== # ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # ========================================================================== smtp inet n - n - - smtpd -o content_filter=scan:127.0.0.1:10025 # ============================================================================================ [B]# SHOULD I LEAVE THESE SETTINGS AS-IS IF I WANT TO ALLOW # TLS OVER 587 FOR THE MOMENT?[/B] submission inet n - n - - smtpd # -o smtpd_tls_security_level=encrypt -o smtpd_tls_security_level=may -o smtpd_sasl_auth_enable=yes -o smtpd_sasl_type=dovecot -o smtpd_sasl_path=/var/spool/postfix/private/auth -o smtpd_sasl_security_options=noanonymous -o smtpd_sasl_local_domain=$myhostname # -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o smtpd_sender_login_maps=hash:/etc/postfix/virtual # -o smtpd_sender_login_maps=proxy:mysql:/etc/postfix/mysql_virtual_login_maps.cf # -o smtpd_sender_restrictions=permit # -o smtpd_sender_restrictions=reject_sender_login_mismatch # -o smtpd_sender_restrictions=permit_sasl_authenticated,reject # -o smtpd_sender_strictions= # -o smtpd_recipient_restrictions=reject_unknown_recipient_domain,reject_non_fqdn_recipient,permit_sasl_authenticated,reject # -o smtpd_recipient_restrictions=reject_unauth_destination # -o smtpd_recipient_restrictions=permit # # # -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING # ============================================================================================ [B]# I AM GUESSING I SHOULD UN-COMMENT SOME OF THE STUFF BELOW # AND COPY SOME OF THE STUFF FROM ABOVE TO ENABLE SSL # ENCRYPTION FOR 465 ?[/B] smtps inet n - n - - smtpd # -o smtpd_tls_wrappermode=yes # -o smtpd_sasl_auth_enable=yes # -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING # ============================================================================================ ### AV scan filter (used by content_filter) scan unix - - n - 16 smtp -o smtp_send_xforward_command=yes -o smtp_enforce_tls=no # ============================================================================================ #628 inet n - n - - qmqpd pickup fifo n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr fifo n - n 300 1 qmgr #qmgr fifo n - n 300 1 oqmgr tlsmgr unix - - n 1000? 1 tlsmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verify unix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - n - - smtp # When relaying mail as backup MX, disable fallback_relay to avoid MX loops relay unix - - n - - smtp -o smtp_fallback_relay= # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 showq unix n - n - - showq error unix - - n - - error retry unix - - n - - error discard unix - - n - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scache unix - - n - 1 scache # ============================================================================================ spamassassin unix - n n - - pipe user=spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient} # ============================================================================================ # For injecting mail back into postfix from the filter 127.0.0.1:10026 inet n - n - 16 smtpd -o content_filter=spamassassin -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks -o smtpd_helo_restrictions= -o smtpd_client_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks_style=host -o smtpd_authorized_xforward_hosts=127.0.0.0/8 # ============================================================================================ dovecot unix - n n - - pipe flags=DRhu user=dovecot:dovecot argv=/usr/libexec/dovecot/deliver -d ${recipient} # ============================================================================================ # ============================================================================================ ~/postfix/main.cf Code: myhostname = mail.MyDomain.com mail_name = mail.MyDomain.com smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) biff = no #debug_peer_list = XX.XX.XX.XX append_dot_mydomain = no #delay_warning_time = 4h myhostname = mail.MyDomain.com myorigin = MyDomain.com mydomain = MyDomain.com mailbox_command = /usr/bin/procmail mynetworks = /etc/postfix/mynetworks mailbox_size_limit = 0 message_size_limit = 104857600 #debugging debug_peer_level = 4 soft_bounce = yes disable_vrfy_command = yes transport_maps = proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf alias_maps = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf alias_database = proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf local_recipient_maps = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf #Virtual mailbox settings virtual_mailbox_base = /var/vmail virtual_minimum_uid = 202 virtual_uid_maps = static:202 virtual_gid_maps = static:202 virtual_transport = dovecot dovecot_destination_recipient_limit = 1 #does this allow for CC and BCC? sender_bcc_maps = hash:/etc/postfix/sender_bcc recipient_bcc_maps = hash:/etc/postfix/recipient_bcc virtual_alias_domains = proxy:mysql:/etc/postfix/mysql_virtual_alias_domains.cf virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql_virtual_domain_maps.cf virtual_login_maps = proxy:mysql:/etc/postfix/mysql_virtual_login_maps.cf virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf virtual_alias_maps = proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf mydestination = $myhostname, $mynetworks, localhost, localhost.localdomain, proxy_read_maps proxy_read_maps = $myhostname $mynetworks $alias_maps $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_domains $virtual_login_maps $virtual_mailbox_maps $local_recipient_maps relay_domains = $mynetworks #SASL Authentication smtp_sasl_security_options = noanonymous smtpd_sasl_tls_security_options = noanonymous smtpd_sasl_exceptions_networks = $mynetworks broken_sasl_auth_clients = yes smtpd_sasl_type = dovecot smtpd_sender_login_maps = $virtual_login_maps smtpd_sasl_path = /var/spool/postfix/private/auth smtpd_helo_required = yes smtpd_client_restrictions = smtpd_helo_restrictions = reject_invalid_hostname smtpd_sender_restrictions = reject_invalid_hostname reject_unknown_sender_domain reject_unauthenticated_sender_login_mismatch permit_sasl_authenticated permit_mynetworks permit smtpd_recipient_restrictions = reject_invalid_hostname, #reject_sender_login_mismatch, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_client_access hash:/etc/postfix/rbl_client_exceptions, reject_rbl_client zen.spamhaus.org, reject_rbl_client ix.dnsbl.manitu.net, reject_rbl_client multi.uribl.com, reject_rbl_client dsn.rfc-ignorant.org, reject_rbl_client abuse.rfc-ignorant.org, reject_rbl_client dul.dnsbl.sorbs.net, reject_rbl_client sbl-xbl.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_rbl_client dnsbl.sorbs.net, reject_rbl_client dyna.spamrats.com, reject_rbl_client cbl.abuseat.org, reject_rbl_client rabl.nuclearelephant.com, smtpd_error_sleep_time = 1s smtpd_soft_error_limit = 10 smtpd_hard_error_limit = 20 # check_relay_domains reject_unlisted_recipient permit_sasl_authenticated reject_unauth_destination permit # stops bulk mail senders # smtpd_data_restictions = reject_unauth_pipelining strict_rfc821_envelopes = no disable_vrfy_command = yes invalid_hostname_reject_code = 554 multi_recipient_bounce_reject_code = 554 non_fqdn_reject_code = 554 unknown_address_reject_code = 554 unknown_hostname_reject_code = 554 unknown_client_reject_code = 554 unknown_local_recipient_reject_code = 554 unknown_relay_recipient_reject_code = 554 unknown_sender_reject_code = 554 unknown_virtual_alias_reject_code = 554 unknown_virtual_mailbox_reject_code = 554 unverified_recipient_reject_code = 554 unverified_sender_reject_code = 554 #TSL Certs smtpd_tls_cert_file = /etc/postfix/certs/MyDomain.com.pem smtpd_tls_key_file = /etc/postfix/certs/MyDomain.com.pem smtpd_tls_CAfile = /etc/postfix/certs/gd_bundle.pem smtpd_tls_ask_ccert = no smtpd_tls_req_ccert = no # smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_session_cache smtpd_tls_security_level = may smtpd_tls_auth_only = yes smtpd_tls_received_header = no smtpd_tls_loglevel = 1 # tls_random_source = dev:/dev/urandom smtpd_sasl_auth_enable = yes smtpd_use_tls = yes header_checks = regexp:/etc/postfix/header_checks body_checks = regexp:/etc/postfix/body_checks
