search for: smtpd_client_restrict

All i have is : smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated   I disabled the unknown restriction due to lots of customers of me are missing PTR records, which needs to be set bij the internet provider. So they got blocked, i had to remove these.   The Helo check is often on the IT department can adj...

...re I'd really like to see in dovecot is the ability to point it at a database (with a configurable query) and have it allow or deny a connection based on looking up the source IP address in that database. I run Postfix, and I've got it configured to use a database server for its smtpd_client_restrictions checks. Ideally I'd like to point dovecot at the same database table. I have external tools that maintain that table. I was thinking of writing it myself, but I'm running 1.0.10; I'd assume that any such modifications would need to be rewritten for 1.1. Then I got to...

...few seconds to 1 in 30 minutes. And that was tagged by spamassassin as spam. 1. Not sure if this setup is perfect, but it is working quite well. Yes, the mail takes a few seconds longer and there is probably more I could do, but this ROCKS!!! smtpd_delay_reject = yes smtpd_helo_required = yes smtpd_client_restrictions = permit_mynetworks,permit smtpd_helo_restrictions = permit_mynetworks, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, permit smtpd_sender_restrictions = permit_mynetworks, reject_non_fqdn_sender, reject_unknown_sender_domain, permit smtp...

...      0       dnsblog tlsproxy  unix  -       -       -       -       0       tlsproxy submission inet n       -       -       -       -       smtpd   -o syslog_name=postfix/submission   -o smtpd_tls_security_level=encrypt   -o smtpd_sasl_auth_enable=yes   -o content_filter=spamassassin   -o smtpd_client_restrictions=permit_sasl_authenticated,reject   -o smtpd_relay_restrictions=permit_sasl_authenticated,reject   -o milter_macro_daemon_name=ORIGINATING smtps     inet  n       -       -       -       -       smtpd   -o syslog_name=postfix/smtps   -o smtpd_tls_wrappermode=yes   -o smtpd_sasl_auth_enable...

...to:samba-bounces at lists.samba.org] Namens Rowland penny > Verzonden: donderdag 7 januari 2016 15:00 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] Helo Checks not always working? > > On 07/01/16 13:50, L.P.H. van Belle wrote: > > All i have is : > > > > smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated > > > > > > > > I disabled the unknown restriction due to lots of customers of me are > missing PTR records, which needs to be set bij the internet provider. > > > > So they got blocked, i had to remove these....

...   -       0       tlsproxy > > submission inet n       -       -       -       -       smtpd > >   -o syslog_name=postfix/submission > >   -o smtpd_tls_security_level=encrypt > >   -o smtpd_sasl_auth_enable=yes > >   -o content_filter=spamassassin > >   -o smtpd_client_restrictions=permit_sasl_authenticated,reject > >   -o smtpd_relay_restrictions=permit_sasl_authenticated,reject > >   -o milter_macro_daemon_name=ORIGINATING > > smtps     inet  n       -       -       -       -       smtpd > >   -o syslog_name=postfix/smtps > >   -o smtp...

Hello to all members. I am using Dovecot for 5 years, but this is my first post here. I am aware of the various autoresponder scripts for vacation autoreplies (I am using Virtual Vacation 3.1 by Mischa Peters). I have an issue with auto-replies - it is vulnerable to spamming with forged email address. Forging can be prevented with several Postfix settings, which I did in the past - but was forced

...r which mostly does rate-limiting and also writes to a database. It's written in perl. If all you want to do is to write some records for every connection then the script would be rather simple. You just need to put "check_policy_service unix:...." in the right place, presumably in smtpd_client_restrictions, I guess if you put it before permit_sasl_authenticated it would still have the auth details, due to delayed evaluation.

...n.cf: smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/access, reject_invalid_hostname, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_client_restrictions = check_client_access hash:/etc/postfix/restricted_sender #smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/restricted_sender /etc/postfix/restricted_sender contains: testuser1 at mydomain.com REJECT I already try to use smtpd_client_restrictions and smtpd_sender_restrictions...

Helo hostname MUST have resolvable hostname. Crazy or not, but i use this. The _access-allow parts for server you really trust. smtpd_client_restrictions = permit_mynetworks, reject_unauth_destination, check_client_access cidr:/etc/postfix/check_client_access-allow.cidr, reject_unknown_hostname, reject_non_fqdn_hostname, reject_invalid_hostname, reject_unknown_reverse_client_hostname, check_client_access cidr:/etc...

...- n - - smtpd submission inet n - n - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o smtpd_sasl_type=dovecot -o smtpd_sasl_path=private/auth -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,permit_mynetworks,reject -o milter_macro_daemon_name=ORIGINATING smtps inet n - n - - smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_tls_security_level=encrypt -o smtpd_sasl_type=dov...

...ectory = /etc/postfix daemon_directory = /usr/lib/postfix mail_spool_directory = /var/mail/ message_size_limit = 10240000 myhostname = squeeze.test.ecp.fr mynetworks = 138.195.32.0/23, 127.0.0.1 recipient_delimiter = + setgid_group = postdrop smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) smtpd_client_restrictions = permit_mynetworks, reject smtpd_helo_required = yes smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination smtpd_sender_restrictions = reject_unknown_sender_domain, permit virtual_alias_maps = ldap:ldapxforward,ldap:ldapforward,ldap:ldapvalias virtual_mailbox_domains = te...

...t if i can use the system users for authentication I /etc/postfix/main.cf file looks like this smtpd_soft_error_limit = 10 smtpd_hard_error_limit = 20 masquerade_domains = mail.going-on.com mail.commundi.de masquerade_exceptions = root, papinhio relocated_maps = hash:/etc/postfix/relocated smtpd_client_restrictions = check_client_access hash:/etc/postfix/access virtual_mailbox_domains = mail.going-on.com mail.commundi.de virtual_mailbox_base = /var/spool/virtual_hosts virtual_mailbox_maps = hash:/etc/postfix/virtual virtual_uid_maps = static:0 virtual_gid_maps = static:0 mailbox_command = /usr/lib...

.../etc/ssl/domainepublic.net/domainepublic.net.crt smtp_tls_key_file = /etc/ssl/domainepublic.net/domainepublic.net.key smtp_tls_note_starttls_offer = yes smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtp_use_tls = yes smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) smtpd_client_restrictions = permit_mynetworks, check_client_access hash:/etc/postfix/access, permit_sasl_authenticated, smtpd_data_restrictions = reject_unauth_pipelining smtpd_delay_reject = yes smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks,...

...ot correctly forwarding mails to dovecat? "Here is my postfix master.cf: === MASTER.CF === smtp inet n - - - - smtpd #submission inet n - - - - smtpd # -o smtpd_tls_security_level=encrypt # -o smtpd_sasl_auth_enable=yes # -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING #smtps inet n - - - - smtpd # -o smtpd_tls_wrappermode=yes # -o smtpd_sasl_auth_enable=yes # -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_...

...postfix/virtual_alias_maps smtpd_helo_required = yes smtpd_delay_reject = yes strict_rfc821_envelopes = yes smtpd_helo_restrictions = permit_mynetworks, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, permit smtpd_sender_login_maps = hash:/etc/postfix/smtpd_sender_login_map smtpd_client_restrictions = check_client_access hash:/etc/postfix/access smtpd_recipient_restrictions = reject_unauth_pipelining, reject_non_fqdn_recipient, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unknown_recipient_domain, permit_mynetworks, permit_sasl_authenticated, reject_unauth...

One of my accounts was having login failures when trying to send mail, but was able to check mail. I tried everything I could think of to see what the issue might be, but eventually went in and reset the password in the sql database (I knew the password, so I reset it to the same password). {SHA256-CRYPT}$5$VuS? {SHA256-CRYPT}$5$VI7? So the password was updated properly. Clients can still

...---------- POSTFIX ----------------------------------------------------------------- master.cf > ----------------------------------------------------------------- smtps inet n - - - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject pickup fifo n - - 60 1 pickup cleanup unix n - - - 0 cleanup qmgr fifo n - n 300 1 qmgr tlsmgr unix - - - 1000? 1 tlsmgr rewrite u...

...fused Mar 16 09:52:12 magenta postfix/local[19064]: warning: connect #5 to subsystem private/dovecot: Connection refused I've the following on my /etc/postfix/main.cf ## deliver with dovecot dovecot_destination_recipient_limit = 1 mailbox_transport = dovecot smtpd_sasl_auth_enable = yes smtpd_client_restrictions = permit_sasl_authenticated I hope you can give me a hand on this :) If you need further information, please let me know (perhaps I forgot something) Best Regards Daniel -- Daniel Grilo Partner of Grupo PDM Av. Conde Valbom 30, 3o 1050-068 Lisboa (Portugal) web: http://www.pdmfc.com...

...ailbox_domains = $myhostname virtual_transport = dovecot ---- POSTFIX master.cf (just the important lines) smtp inet n - n - - smtpd smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/local/libexec/dovecot/deliver -f ${sender} -d ${recipient} THANKS, Jeremy