Results 1 to 9 of 9

Thread: Hopefully an easy Postfix question....

  1. #1
    NoDoze is offline Elite Member
    Join Date
    Feb 2008
    Location
    San Francisco
    Posts
    360
    Rep Power
    7

    Default Hopefully an easy Postfix question....

    Code:
    smtp      inet  n       -       n       -       -       smtpd
    submission inet n      -       n       -       -       smtpd
    	-o smtpd_etrn_restrictions=reject
    	-o smtpd_client_restrictions=permit_sasl_authenticated,reject
    465    inet  n       -       n       -       -       smtpd
      -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
    In the code above from the master.cf file...
    Currently, anyone connecting via imap or pop for smtp requires user authentication, SSL, and port 465.

    What would I have to change here to turn off user authentication, SSL, but still allow on port 465?

    And what would I have to do to add port 587? So that ports 25, 465, and 587 can be used, Do I just add these lines again...so that it would look like this?
    Code:
    smtp      inet  n       -       n       -       -       smtpd
    submission inet n      -       n       -       -       smtpd
    	-o smtpd_etrn_restrictions=reject
    	-o smtpd_client_restrictions=permit_sasl_authenticated,reject
    465    inet  n       -       n       -       -       smtpd
    submission inet n      -       n       -       -       smtpd
    	-o smtpd_etrn_restrictions=reject
    	-o smtpd_client_restrictions=permit_sasl_authenticated,reject
    587    inet  n       -       n       -       -       smtpd
      -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
    Thanks for any clarification.

  2. #2
    NoDoze is offline Elite Member
    Join Date
    Feb 2008
    Location
    San Francisco
    Posts
    360
    Rep Power
    7

    Default

    I guess I just have to make the changes and go by trial and error...

  3. #3
    Baylink is offline Elite Member
    Join Date
    Aug 2008
    Location
    St Pete FL USA
    Posts
    392
    Rep Power
    7

    Default

    If you were suggesting that you're not going to require authentication on ports 465 and 587, *please* don't do that.

    That's a great way to become an open relay.
    Jay R. Ashworth - ZCS 6.0.9CE/CentOS5 - St Pete FL US - Music - Blog - Photography - IANAL - IAAMA
    Try to Ask Questions The Smart Way -- you'll get better answers.

    Put your product and version in your profile/signature - All opinions strictly my own, even though I have an employer these days.
    If you [SOLVE] something, please tell everyone how for the archives
    And, please... read what people write, and answer the questions they asked, not the ones they didn't.

  4. #4
    NoDoze is offline Elite Member
    Join Date
    Feb 2008
    Location
    San Francisco
    Posts
    360
    Rep Power
    7

    Default

    The reason being?
    And what's an open relay?

  5. #5
    NoDoze is offline Elite Member
    Join Date
    Feb 2008
    Location
    San Francisco
    Posts
    360
    Rep Power
    7

    Default

    ok, I've never heard it called an open relay before...
    But essentially you're talking about a public port on which spam can be sent via my smtp server....
    But how is it any different than port 25 being public? Is port 25 handled/treated differently by the server?

  6. #6
    NoDoze is offline Elite Member
    Join Date
    Feb 2008
    Location
    San Francisco
    Posts
    360
    Rep Power
    7

    Default

    Actually, I realized the second part of my question wasn't answered...

    As I showed above, is that what I would have to put for the code to have 25, 465, AND 587 active? Possible?

  7. #7
    Baylink is offline Elite Member
    Join Date
    Aug 2008
    Location
    St Pete FL USA
    Posts
    392
    Rep Power
    7

    Default

    Quote Originally Posted by NoDoze View Post
    ok, I've never heard it called an open relay before...
    But essentially you're talking about a public port on which spam can be sent via my smtp server....
    Nope.

    But how is it any different than port 25 being public? Is port 25 handled/treated differently by the server?
    You *can't* *require* authentication on port 25, because you can't guarantee that The General Public can do it.

    Therefore, you don't allow mail delivered to 25 for any domain you don't run.

    Port 587, on the other hand, you *can* require auth on, because no one tries to deliver mail there except your users, and since you can *prove* they're your users, you can allow unrestricted forwarding on that port without being an open relay.

    Clearer now? :-)
    Jay R. Ashworth - ZCS 6.0.9CE/CentOS5 - St Pete FL US - Music - Blog - Photography - IANAL - IAAMA
    Try to Ask Questions The Smart Way -- you'll get better answers.

    Put your product and version in your profile/signature - All opinions strictly my own, even though I have an employer these days.
    If you [SOLVE] something, please tell everyone how for the archives
    And, please... read what people write, and answer the questions they asked, not the ones they didn't.

  8. #8
    NoDoze is offline Elite Member
    Join Date
    Feb 2008
    Location
    San Francisco
    Posts
    360
    Rep Power
    7

    Default

    ok, if you read my last part, it wasn't about port authentication... it's about making the ports available reguardless of authentication...

    ...what would I have to do to add port 587? So that ports 25, 465, and 587 can be used...
    I understand that port 25 will be the only one "open" and the rest will have to use authentication, but is it possible and how would I enable the other ports to be used IN ADDITION to the default 25...?

    Thanks.

  9. #9
    Baylink is offline Elite Member
    Join Date
    Aug 2008
    Location
    St Pete FL USA
    Posts
    392
    Rep Power
    7

    Default

    Port 587 is the port listened to by the 'submission' daemon in Postfix; if you enable that in master.cf, that's the port that will get listened to.

    I believe the default config requires auth; the RFC didn't originally, but does now.
    Jay R. Ashworth - ZCS 6.0.9CE/CentOS5 - St Pete FL US - Music - Blog - Photography - IANAL - IAAMA
    Try to Ask Questions The Smart Way -- you'll get better answers.

    Put your product and version in your profile/signature - All opinions strictly my own, even though I have an employer these days.
    If you [SOLVE] something, please tell everyone how for the archives
    And, please... read what people write, and answer the questions they asked, not the ones they didn't.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. postdrop fail to create file after upgrade to 5.0.3
    By echoadisan in forum Installation
    Replies: 23
    Last Post: 07-15-2013, 03:02 PM
  2. [SOLVED] CentOS 5 zcs-NETWORK-5.0.8_GA_2462.RHEL5_64
    By dazedandconfused in forum Administrators
    Replies: 7
    Last Post: 07-28-2008, 12:15 PM
  3. 5.0 RC1: admin interface: no statistics, no mail queue
    By christian.kieft in forum Administrators
    Replies: 1
    Last Post: 11-13-2007, 09:22 AM
  4. Replies: 3
    Last Post: 11-03-2007, 10:55 PM
  5. Easy Postfix -> Zimbra Question
    By dlochart in forum Administrators
    Replies: 3
    Last Post: 06-05-2007, 11:38 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •