This discussion is locked
-
All replies
-
Helpful answers
Previous
Page
2
-
Nov 28, 2010 7:09 AM in response to Scott Howeby UptimeJeff,give me an email address I can try...
and repost results of this command run in terminal:
postconf -n -
Nov 28, 2010 8:22 AM in response to UptimeJeffby Scott Howe,Scotthowe@sapowe.com
Let me know when you've sent. -
Nov 28, 2010 8:26 AM in response to Scott Howeby UptimeJeff,OK. that helped....
please post the results of this command run from terminal:
postconf -n -
Nov 28, 2010 8:37 AM in response to UptimeJeffby Scott Howe,biff = no
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
debugpeerlevel = 2
enableserveroptions = yes
header_checks = pcre:/etc/postfix/customheaderchecks
html_directory = /usr/share/doc/postfix/html
inet_interfaces = all
mail_owner = _postfix
mailboxsizelimit = 0
mailbox_transport = dovecot
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
mapsrbldomains =
messagesizelimit = 0
mydestination = $myhostname, localhost.$mydomain, localhost, sapowe.com, $mydomain
mydomain = sapowe.com
mydomain_fallback = localhost
myhostname = mail.sapowe.com
mynetworks = 10.0.0.0/8,127.0.0.0/8
newaliases_path = /usr/bin/newaliases
queue_directory = /private/var/spool/postfix
readme_directory = /usr/share/doc/postfix
recipient_delimiter = +
relayhost =
sample_directory = /usr/share/doc/postfix/examples
sendmail_path = /usr/sbin/sendmail
setgid_group = _postdrop
smtpdclientrestrictions = permit_mynetworks permitsaslauthenticated rejectrblclient zen.spamhaus.org reject
smtpdenforcetls = no
smtpdhelorequired = yes
smtpdhelorestrictions = rejectinvalid_helohostname rejectnon_fqdn_helohostname
smtpdpw_server_securityoptions = gssapi,cram-md5
smtpdrecipientrestrictions = permitsaslauthenticated permit_mynetworks rejectunauthdestination checkpolicyservice unix:private/policy permit
smtpdsasl_authenable = yes
smtpdtlsCAfile = /etc/certificates/macserver.sapowe.com.F6CB094EA1F7F45E3C7EEE9E5CAAB3CF80D1739A .chain.pem
smtpdtls_certfile = /etc/certificates/macserver.sapowe.com.F6CB094EA1F7F45E3C7EEE9E5CAAB3CF80D1739A .cert.pem
smtpdtls_excludeciphers = SSLv2, aNULL, ADH, eNULL
smtpdtls_keyfile = /etc/certificates/macserver.sapowe.com.F6CB094EA1F7F45E3C7EEE9E5CAAB3CF80D1739A .key.pem
smtpduse_pwserver = yes
smtpdusetls = yes
tlsrandomsource = dev:/dev/urandom
unknownlocal_recipient_rejectcode = 550
virtualaliasmaps = $virtual_map -
Nov 28, 2010 8:48 AM in response to Scott Howeby UptimeJeff,edit the following lines in /etc/postfix/main.cf
Change from:
smtpdclientrestrictions = permit_mynetworks permitsaslauthenticated rejectrblclient zen.spamhaus.org reject
To this:smtpdclientrestrictions = permit_mynetworks permitsaslauthenticated rejectrblclient zen.spamhaus.org permit
then stop/start mail service and test again. -
-
Nov 28, 2010 8:56 AM in response to Scott Howeby UptimeJeff,you should be all set now...
because you have greylisting enabled, you may experience a short delay for some mail from new locations...
Jeff -
Nov 28, 2010 9:14 AM in response to UptimeJeffby MrHoffman,Wouldn't that open up non-authenticated access? -
Nov 28, 2010 9:24 AM in response to MrHoffmanby UptimeJeff,break it down....
smtpdclientrestrictions =permit_mynetworks
allows clients on your LAN to bypass restrictionspermitsaslauthenticated
allows authenticated smtp sessions to bypass restrictionsrejectrblclient zen.spamhaus.org
this is the meat of the line, it blocks any servers listed in this rblpermit
You need to permit smtp clients (other servers) to connect if they aren't listed in the rbl
If you change this to reject, then you allow mynetworks and sasl_auth but reject EVERYTHING else (like valid smtp servers) -
Nov 28, 2010 10:40 AM in response to UptimeJeffby Scott Howe,Thanks. Worked. Thanks for sticking with me on this guys.