Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-security

From: Joe Strusz <jstrusz@×××××.com>
To: gentoo-security@l.g.o
Subject: [gentoo-security] postfix and SASL
Date: Tue, 04 Oct 2005 21:00:04
Message-Id: 6.2.3.4.0.20051004154429.01c13e68@op.oxpub.com
1 I have that line....
2
3
4
5
6 # Global Postfix configuration file. This file lists only a subset
7 # of all 300+ parameters. See the postconf(5) manual page for a
8 # complete list.
9 #
10 # The general format of each line is: parameter = value. Lines
11 # that begin with whitespace continue the previous line. A value can
12 # contain references to other $names or ${name}s.
13 #
14 # NOTE - CHANGE NO MORE THAN 2-3 PARAMETERS AT A TIME, AND TEST IF
15 # POSTFIX STILL WORKS AFTER EVERY CHANGE.
16
17 # SOFT BOUNCE
18 #
19 # The soft_bounce parameter provides a limited safety net for
20 # testing. When soft_bounce is enabled, mail will remain queued that
21 # would otherwise bounce. This parameter disables locally-generated
22 # bounces, and prevents the SMTP server from rejecting mail permanently
23 # (by changing 5xx replies into 4xx replies). However, soft_bounce
24 # is no cure for address rewriting mistakes or mail routing mistakes.
25 #
26 #soft_bounce = no
27
28 # LOCAL PATHNAME INFORMATION
29 #
30 # The queue_directory specifies the location of the Postfix queue.
31 # This is also the root directory of Postfix daemons that run chrooted.
32 # See the files in examples/chroot-setup for setting up Postfix chroot
33 # environments on different UNIX systems.
34 #
35 queue_directory = /var/spool/postfix
36
37 # The command_directory parameter specifies the location of all
38 # postXXX commands.
39 #
40 command_directory = /usr/sbin
41
42 # The daemon_directory parameter specifies the location of all Postfix
43 # daemon programs (i.e. programs listed in the master.cf file). This
44 # directory must be owned by root.
45 #
46 daemon_directory = /usr/lib/postfix
47
48 # QUEUE AND PROCESS OWNERSHIP
49 #
50 # The mail_owner parameter specifies the owner of the Postfix queue
51 # and of most Postfix daemon processes. Specify the name of a user
52 # account THAT DOES NOT SHARE ITS USER OR GROUP ID WITH OTHER ACCOUNTS
53 # AND THAT OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM. In
54 # particular, don't specify nobody or daemon. PLEASE USE A DEDICATED
55 # USER.
56 #
57 mail_owner = postfix
58
59 # The default_privs parameter specifies the default rights used by
60 # the local delivery agent for delivery to external file or command.
61 # These rights are used in the absence of a recipient user context.
62 # DO NOT SPECIFY A PRIVILEGED USER OR THE POSTFIX OWNER.
63 #
64 #default_privs = nobody
65
66
67 # INTERNET HOST AND DOMAIN NAMES
68 #
69 # The myhostname parameter specifies the internet hostname of this
70 # mail system. The default is to use the fully-qualified domain name
71 # from gethostname(). $myhostname is used as a default value for many
72 # other configuration parameters.
73 #
74 #myhostname = host.domain.tld
75 #myhostname = virtual.domain.tld
76 myhostname = op.oxpub.com
77
78 # The mydomain parameter specifies the local internet domain name.
79 # The default is to use $myhostname minus the first component.
80 # $mydomain is used as a default value for many other configuration
81 # parameters.
82 #
83 #mydomain = domain.tld
84 mydomain = *****
85
86 # SENDING MAIL
87 #
88 # The myorigin parameter specifies the domain that locally-posted
89 # mail appears to come from. The default is to append $myhostname,
90 # which is fine for small sites. If you run a domain with multiple
91 # machines, you should (1) change this to $mydomain and (2) set up
92 # a domain-wide alias database that aliases each user to
93 # user@××××××××××.mailhost.
94 #
95 # For the sake of consistency between sender and recipient addresses,
96 # myorigin also specifies the default domain name that is appended
97 # to recipient addresses that have no @domain part.
98 #
99 #myorigin = $myhostname
100 #myorigin = $mydomain
101
102 # RECEIVING MAIL
103
104 # The inet_interfaces parameter specifies the network interface
105 # addresses that this mail system receives mail on. By default,
106 # the software claims all active interfaces on the machine. The
107 # parameter also controls delivery of mail to user@[ip.address].
108 #
109 # See also the proxy_interfaces parameter, for network addresses that
110 # are forwarded to us via a proxy or network address translator.
111 #
112 # Note: you need to stop/start Postfix when this parameter changes.
113 #
114 inet_interfaces = all
115 #inet_interfaces = $myhostname
116 #inet_interfaces = $myhostname, localhost
117
118 # The proxy_interfaces parameter specifies the network interface
119 # addresses that this mail system receives mail on by way of a
120 # proxy or network address translation unit. This setting extends
121 # the address list specified with the inet_interfaces parameter.
122 #
123 # You must specify your proxy/NAT addresses when your system is a
124 # backup MX host for other domains, otherwise mail delivery loops
125 # will happen when the primary MX host is down.
126 #
127 #proxy_interfaces =
128 #proxy_interfaces = 1.2.3.4
129
130 # The mydestination parameter specifies the list of domains that this
131 # machine considers itself the final destination for.
132 #
133 # These domains are routed to the delivery agent specified with the
134 # local_transport parameter setting. By default, that is the UNIX
135 # compatible delivery agent that lookups all recipients in /etc/passwd
136 # and /etc/aliases or their equivalent.
137 #
138 # The default is $myhostname + localhost.$mydomain. On a mail domain
139 # gateway, you should also include $mydomain.
140 #
141 # Do not specify the names of virtual domains - those domains are
142 # specified elsewhere (see VIRTUAL_README).
143 #
144 # Do not specify the names of domains that this machine is backup MX
145 # host for. Specify those names via the relay_domains settings for
146 # the SMTP server, or use permit_mx_backup if you are lazy (see
147 # STANDARD_CONFIGURATION_README).
148 #
149 # The local machine is always the final destination for mail addressed
150 # to user@[the.net.work.address] of an interface that the mail system
151 # receives mail on (see the inet_interfaces parameter).
152 #
153 # Specify a list of host or domain names, /file/name or type:table
154 # patterns, separated by commas and/or whitespace. A /file/name
155 # pattern is replaced by its contents; a type:table is matched when
156 # a name matches a lookup key (the right-hand side is ignored).
157 # Continue long lines by starting the next line with whitespace.
158 #
159 # See also below, section "REJECTING MAIL FOR UNKNOWN LOCAL USERS".
160 #
161 #mydestination = $myhostname, localhost.$mydomain, localhost
162 mydestination = op, op.$mydomain, $mydomain
163 #mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
164 # mail.$mydomain, www.$mydomain, ftp.$mydomain
165
166 # REJECTING MAIL FOR UNKNOWN LOCAL USERS
167 #
168 # The local_recipient_maps parameter specifies optional lookup tables
169 # with all names or addresses of users that are local with respect
170 # to $mydestination, $inet_interfaces or $proxy_interfaces.
171 #
172 # If this parameter is defined, then the SMTP server will reject
173 # mail for unknown local users. This parameter is defined by default.
174 #
175 # To turn off local recipient checking in the SMTP server, specify
176 # local_recipient_maps = (i.e. empty).
177 #
178 # The default setting assumes that you use the default Postfix local
179 # delivery agent for local delivery. You need to update the
180 # local_recipient_maps setting if:
181 #
182 # - You define $mydestination domain recipients in files other than
183 # /etc/passwd, /etc/aliases, or the $virtual_alias_maps files.
184 # For example, you define $mydestination domain recipients in
185 # the $virtual_mailbox_maps files.
186 #
187 # - You redefine the local delivery agent in master.cf.
188 #
189 # - You redefine the "local_transport" setting in main.cf.
190 #
191 # - You use the "luser_relay", "mailbox_transport", or "fallback_transport"
192 # feature of the Postfix local delivery agent (see local(8)).
193 #
194 # Details are described in the LOCAL_RECIPIENT_README file.
195 #
196 # Beware: if the Postfix SMTP server runs chrooted, you probably have
197 # to access the passwd file via the proxymap service, in order to
198 # overcome chroot restrictions. The alternative, having a copy of
199 # the system passwd file in the chroot jail is just not practical.
200 #
201 # The right-hand side of the lookup tables is conveniently ignored.
202 # In the left-hand side, specify a bare username, an @domain.tld
203 # wild-card, or specify a user@××××××.tld address.
204 #
205 #local_recipient_maps = unix:passwd.byname $alias_maps
206 #local_recipient_maps = proxy:unix:passwd.byname $alias_maps
207 #local_recipient_maps =
208
209 # The unknown_local_recipient_reject_code specifies the SMTP server
210 # response code when a recipient domain matches $mydestination or
211 # ${proxy,inet}_interfaces, while $local_recipient_maps is non-empty
212 # and the recipient address or address local-part is not found.
213 #
214 # The default setting is 550 (reject mail) but it is safer to start
215 # with 450 (try again later) until you are certain that your
216 # local_recipient_maps settings are OK.
217 #
218 unknown_local_recipient_reject_code = 450
219
220 # TRUST AND RELAY CONTROL
221
222 # The mynetworks parameter specifies the list of "trusted" SMTP
223 # clients that have more privileges than "strangers".
224 #
225 # In particular, "trusted" SMTP clients are allowed to relay mail
226 # through Postfix. See the smtpd_recipient_restrictions parameter
227 # in postconf(5).
228 #
229 # You can specify the list of "trusted" network addresses by hand
230 # or you can let Postfix do it for you (which is the default).
231 #
232 # By default (mynetworks_style = subnet), Postfix "trusts" SMTP
233 # clients in the same IP subnetworks as the local machine.
234 # On Linux, this does works correctly only with interfaces specified
235 # with the "ifconfig" command.
236 #
237 # Specify "mynetworks_style = class" when Postfix should "trust" SMTP
238 # clients in the same IP class A/B/C networks as the local machine.
239 # Don't do this with a dialup site - it would cause Postfix to "trust"
240 # your entire provider's network. Instead, specify an explicit
241 # mynetworks list by hand, as described below.
242 #
243 # Specify "mynetworks_style = host" when Postfix should "trust"
244 # only the local machine.
245 #
246 #mynetworks_style = class
247 #mynetworks_style = subnet
248 #mynetworks_style = host
249
250 # Alternatively, you can specify the mynetworks list by hand, in
251 # which case Postfix ignores the mynetworks_style setting.
252 #
253 # Specify an explicit list of network/netmask patterns, where the
254 # mask specifies the number of bits in the network part of a host
255 # address.
256 #
257 # You can also specify the absolute pathname of a pattern file instead
258 # of listing the patterns here. Specify type:table for table-based lookups
259 # (the value on the table right-hand side is not used).
260 #
261 mynetworks = 192.168.1.0/24, 127.0.0.0/8, 64.89.173.226, 64.89.173.227
262 #mynetworks = $config_directory/mynetworks
263 #mynetworks = hash:/etc/postfix/network_table
264
265 # The relay_domains parameter restricts what destinations this system will
266 # relay mail to. See the smtpd_recipient_restrictions description in
267 # postconf(5) for detailed information.
268 #
269 # By default, Postfix relays mail
270 # - from "trusted" clients (IP address matches $mynetworks) to any destination,
271 # - from "untrusted" clients to destinations that match $relay_domains or
272 # subdomains thereof, except addresses with sender-specified routing.
273 # The default relay_domains value is $mydestination.
274 #
275 # In addition to the above, the Postfix SMTP server by default accepts mail
276 # that Postfix is final destination for:
277 # - destinations that match $inet_interfaces or $proxy_interfaces,
278 # - destinations that match $mydestination
279 # - destinations that match $virtual_alias_domains,
280 # - destinations that match $virtual_mailbox_domains.
281 # These destinations do not need to be listed in $relay_domains.
282 #
283 # Specify a list of hosts or domains, /file/name patterns or type:name
284 # lookup tables, separated by commas and/or whitespace. Continue
285 # long lines by starting the next line with whitespace. A file name
286 # is replaced by its contents; a type:name table is matched when a
287 # (parent) domain appears as lookup key.
288 #
289 # NOTE: Postfix will not automatically forward mail for domains that
290 # list this system as their primary or backup MX host. See the
291 # permit_mx_backup restriction description in postconf(5).
292 #
293 #relay_domains = $mydestination
294
295 # INTERNET OR INTRANET
296
297 # The relayhost parameter specifies the default host to send mail to
298 # when no entry is matched in the optional transport(5) table. When
299 # no relayhost is given, mail is routed directly to the destination.
300 #
301 # On an intranet, specify the organizational domain name. If your
302 # internal DNS uses no MX records, specify the name of the intranet
303 # gateway host instead.
304 #
305 # In the case of SMTP, specify a domain, host, host:port, [host]:port,
306 # [address] or [address]:port; the form [host] turns off MX lookups.
307 #
308 # If you're connected via UUCP, see also the default_transport parameter.
309 #
310 #relayhost = $mydomain
311 #relayhost = [gateway.my.domain]
312 #relayhost = [mailserver.isp.tld]
313 #relayhost = uucphost
314 #relayhost = [an.ip.add.ress]
315
316 # REJECTING UNKNOWN RELAY USERS
317 #
318 # The relay_recipient_maps parameter specifies optional lookup tables
319 # with all addresses in the domains that match $relay_domains.
320 #
321 # If this parameter is defined, then the SMTP server will reject
322 # mail for unknown relay users. This feature is off by default.
323 #
324 # The right-hand side of the lookup tables is conveniently ignored.
325 # In the left-hand side, specify an @domain.tld wild-card, or specify
326 # a user@××××××.tld address.
327 #
328 #relay_recipient_maps = hash:/etc/postfix/relay_recipients
329
330 # INPUT RATE CONTROL
331 #
332 # The in_flow_delay configuration parameter implements mail input
333 # flow control. This feature is turned on by default, although it
334 # still needs further development (it's disabled on SCO UNIX due
335 # to an SCO bug).
336 #
337 # A Postfix process will pause for $in_flow_delay seconds before
338 # accepting a new message, when the message arrival rate exceeds the
339 # message delivery rate. With the default 100 SMTP server process
340 # limit, this limits the mail inflow to 100 messages a second more
341 # than the number of messages delivered per second.
342 #
343 # Specify 0 to disable the feature. Valid delays are 0..10.
344 #
345 #in_flow_delay = 1s
346
347 # ADDRESS REWRITING
348 #
349 # The ADDRESS_REWRITING_README document gives information about
350 # address masquerading or other forms of address rewriting including
351 # username->Firstname.Lastname mapping.
352
353 # ADDRESS REDIRECTION (VIRTUAL DOMAIN)
354 #
355 # The VIRTUAL_README document gives information about the many forms
356 # of domain hosting that Postfix supports.
357
358 # "USER HAS MOVED" BOUNCE MESSAGES
359 #
360 # See the discussion in the ADDRESS_REWRITING_README document.
361
362 # TRANSPORT MAP
363 #
364 # See the discussion in the ADDRESS_REWRITING_README document.
365
366 # ALIAS DATABASE
367 #
368 # The alias_maps parameter specifies the list of alias databases used
369 # by the local delivery agent. The default list is system dependent.
370 #
371 # On systems with NIS, the default is to search the local alias
372 # database, then the NIS alias database. See aliases(5) for syntax
373 # details.
374 #
375 # If you change the alias database, run "postalias /etc/aliases" (or
376 # wherever your system stores the mail alias file), or simply run
377 # "newaliases" to build the necessary DBM or DB file.
378 #
379 # It will take a minute or so before changes become visible. Use
380 # "postfix reload" to eliminate the delay.
381 #
382 #alias_maps = dbm:/etc/aliases
383 #alias_maps = hash:/etc/aliases
384 #alias_maps = hash:/etc/aliases, nis:mail.aliases
385 #alias_maps = netinfo:/aliases
386
387 # The alias_database parameter specifies the alias database(s) that
388 # are built with "newaliases" or "sendmail -bi". This is a separate
389 # configuration parameter, because alias_maps (see above) may specify
390 # tables that are not necessarily all under control by Postfix.
391 #
392 #alias_database = dbm:/etc/aliases
393 #alias_database = dbm:/etc/mail/aliases
394 #alias_database = hash:/etc/aliases
395 #alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases
396
397 # ADDRESS EXTENSIONS (e.g., user+foo)
398 #
399 # The recipient_delimiter parameter specifies the separator between
400 # user names and address extensions (user+foo). See canonical(5),
401 # local(8), relocated(5) and virtual(5) for the effects this has on
402 # aliases, canonical, virtual, relocated and .forward file lookups.
403 # Basically, the software tries user+foo and .forward+foo before
404 # trying user and .forward.
405 #
406 #recipient_delimiter = +
407
408 # DELIVERY TO MAILBOX
409 #
410 # The home_mailbox parameter specifies the optional pathname of a
411 # mailbox file relative to a user's home directory. The default
412 # mailbox file is /var/spool/mail/user or /var/mail/user. Specify
413 # "Maildir/" for qmail-style delivery (the / is required).
414 #
415 #home_mailbox = Mailbox
416 home_mailbox = .maildir/
417
418 # The mail_spool_directory parameter specifies the directory where
419 # UNIX-style mailboxes are kept. The default setting depends on the
420 # system type.
421 #
422 #mail_spool_directory = /var/mail
423 #mail_spool_directory = /var/spool/mail
424
425 # The mailbox_command parameter specifies the optional external
426 # command to use instead of mailbox delivery. The command is run as
427 # the recipient with proper HOME, SHELL and LOGNAME environment settings.
428 # Exception: delivery for root is done as $default_user.
429 #
430 # Other environment variables of interest: USER (recipient username),
431 # EXTENSION (address extension), DOMAIN (domain part of address),
432 # and LOCAL (the address localpart).
433 #
434 # Unlike other Postfix configuration parameters, the mailbox_command
435 # parameter is not subjected to $parameter substitutions. This is to
436 # make it easier to specify shell syntax (see example below).
437 #
438 # Avoid shell meta characters because they will force Postfix to run
439 # an expensive shell process. Procmail alone is expensive enough.
440 #
441 # IF YOU USE THIS TO DELIVER MAIL SYSTEM-WIDE, YOU MUST SET UP AN
442 # ALIAS THAT FORWARDS MAIL FOR ROOT TO A REAL USER.
443 #
444 #mailbox_command = /some/where/procmail
445 #mailbox_command = /some/where/procmail -a "$EXTENSION"
446
447 # The mailbox_transport specifies the optional transport in master.cf
448 # to use after processing aliases and .forward files. This parameter
449 # has precedence over the mailbox_command, fallback_transport and
450 # luser_relay parameters.
451 #
452 # Specify a string of the form transport:nexthop, where transport is
453 # the name of a mail delivery transport defined in master.cf. The
454 # :nexthop part is optional. For more details see the sample transport
455 # configuration file.
456 #
457 # NOTE: if you use this feature for accounts not in the UNIX password
458 # file, then you must update the "local_recipient_maps" setting in
459 # the main.cf file, otherwise the SMTP server will reject mail for
460 # non-UNIX accounts with "User unknown in local recipient table".
461 #
462 #mailbox_transport = lmtp:unix:/file/name
463 #mailbox_transport = cyrus
464
465 # The fallback_transport specifies the optional transport in master.cf
466 # to use for recipients that are not found in the UNIX passwd database.
467 # This parameter has precedence over the luser_relay parameter.
468 #
469 # Specify a string of the form transport:nexthop, where transport is
470 # the name of a mail delivery transport defined in master.cf. The
471 # :nexthop part is optional. For more details see the sample transport
472 # configuration file.
473 #
474 # NOTE: if you use this feature for accounts not in the UNIX password
475 # file, then you must update the "local_recipient_maps" setting in
476 # the main.cf file, otherwise the SMTP server will reject mail for
477 # non-UNIX accounts with "User unknown in local recipient table".
478 #
479 #fallback_transport = lmtp:unix:/file/name
480 #fallback_transport = cyrus
481 #fallback_transport =
482
483 # The luser_relay parameter specifies an optional destination address
484 # for unknown recipients. By default, mail for unknown@$mydestination,
485 # unknown@[$inet_interfaces] or unknown@[$proxy_interfaces] is returned
486 # as undeliverable.
487 #
488 # The following expansions are done on luser_relay: $user (recipient
489 # username), $shell (recipient shell), $home (recipient home directory),
490 # $recipient (full recipient address), $extension (recipient address
491 # extension), $domain (recipient domain), $local (entire recipient
492 # localpart), $recipient_delimiter. Specify ${name?value} or
493 # ${name:value} to expand value only when $name does (does not) exist.
494 #
495 # luser_relay works only for the default Postfix local delivery agent.
496 #
497 # NOTE: if you use this feature for accounts not in the UNIX password
498 # file, then you must specify "local_recipient_maps =" (i.e. empty) in
499 # the main.cf file, otherwise the SMTP server will reject mail for
500 # non-UNIX accounts with "User unknown in local recipient table".
501 #
502 #luser_relay = $user@×××××.host
503 #luser_relay = $local@×××××.host
504 #luser_relay = admin+$local
505
506 # JUNK MAIL CONTROLS
507 #
508 # The controls listed here are only a very small subset. The file
509 # SMTPD_ACCESS_README provides an overview.
510
511 # The header_checks parameter specifies an optional table with patterns
512 # that each logical message header is matched against, including
513 # headers that span multiple physical lines.
514 #
515 # By default, these patterns also apply to MIME headers and to the
516 # headers of attached messages. With older Postfix versions, MIME and
517 # attached message headers were treated as body text.
518 #
519 # For details, see "man header_checks".
520 #
521 #header_checks = regexp:/etc/postfix/header_checks
522
523 # FAST ETRN SERVICE
524 #
525 # Postfix maintains per-destination logfiles with information about
526 # deferred mail, so that mail can be flushed quickly with the SMTP
527 # "ETRN domain.tld" command, or by executing "sendmail -qRdomain.tld".
528 # See the ETRN_README document for a detailed description.
529 #
530 # The fast_flush_domains parameter controls what destinations are
531 # eligible for this service. By default, they are all domains that
532 # this server is willing to relay mail to.
533 #
534 #fast_flush_domains = $relay_domains
535
536 # SHOW SOFTWARE VERSION OR NOT
537 #
538 # The smtpd_banner parameter specifies the text that follows the 220
539 # code in the SMTP server's greeting banner. Some people like to see
540 # the mail version advertised. By default, Postfix shows no version.
541 #
542 # You MUST specify $myhostname at the start of the text. That is an
543 # RFC requirement. Postfix itself does not care.
544 #
545 #smtpd_banner = $myhostname ESMTP $mail_name
546 #smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
547
548 # PARALLEL DELIVERY TO THE SAME DESTINATION
549 #
550 # How many parallel deliveries to the same user or domain? With local
551 # delivery, it does not make sense to do massively parallel delivery
552 # to the same user, because mailbox updates must happen sequentially,
553 # and expensive pipelines in .forward files can cause disasters when
554 # too many are run at the same time. With SMTP deliveries, 10
555 # simultaneous connections to the same domain could be sufficient to
556 # raise eyebrows.
557 #
558 # Each message delivery transport has its XXX_destination_concurrency_limit
559 # parameter. The default is $default_destination_concurrency_limit for
560 # most delivery transports. For the local delivery agent the default is 2.
561
562 #local_destination_concurrency_limit = 2
563 #default_destination_concurrency_limit = 20
564
565 # DEBUGGING CONTROL
566 #
567 # The debug_peer_level parameter specifies the increment in verbose
568 # logging level when an SMTP client or server host name or address
569 # matches a pattern in the debug_peer_list parameter.
570 #
571 debug_peer_level = 2
572
573 # The debug_peer_list parameter specifies an optional list of domain
574 # or network patterns, /file/name patterns or type:name tables. When
575 # an SMTP client or server host name or address matches a pattern,
576 # increase the verbose logging level by the amount specified in the
577 # debug_peer_level parameter.
578 #
579 #debug_peer_list = 127.0.0.1
580 #debug_peer_list = some.domain
581
582 # The debugger_command specifies the external command that is executed
583 # when a Postfix daemon program is run with the -D option.
584 #
585 # Use "command .. & sleep 5" so that the debugger can attach before
586 # the process marches on. If you use an X-based debugger, be sure to
587 # set up your XAUTHORITY environment variable before starting Postfix.
588 #
589 debugger_command =
590 PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
591 xxgdb $daemon_directory/$process_name $process_id & sleep 5
592
593 # If you don't have X installed on the Postfix machine, try:
594 # debugger_command =
595 # PATH=/bin:/usr/bin:/usr/local/bin; export PATH; (echo cont;
596 # echo where) | gdb $daemon_directory/$process_name $process_id 2>&1
597 # >$config_directory/$process_name.$process_id.log & sleep 5
598
599 # INSTALL-TIME CONFIGURATION INFORMATION
600 #
601 # The following parameters are used when installing a new Postfix version.
602 #
603 # sendmail_path: The full pathname of the Postfix sendmail command.
604 # This is the Sendmail-compatible mail posting interface.
605 #
606 sendmail_path = /usr/sbin/sendmail
607
608 # newaliases_path: The full pathname of the Postfix newaliases command.
609 # This is the Sendmail-compatible command to build alias databases.
610 #
611 newaliases_path = /usr/bin/newaliases
612
613 # mailq_path: The full pathname of the Postfix mailq command. This
614 # is the Sendmail-compatible mail queue listing command.
615 #
616 mailq_path = /usr/bin/mailq
617
618 # setgid_group: The group for mail submission and queue management
619 # commands. This must be a group name with a numerical group ID that
620 # is not shared with other accounts, not even with the Postfix account.
621 #
622 setgid_group = postdrop
623
624 # html_directory: The location of the Postfix HTML documentation.
625 #
626 html_directory = no
627
628 # manpage_directory: The location of the Postfix on-line manual pages.
629 #
630 manpage_directory = /usr/share/man
631
632 # sample_directory: The location of the Postfix sample configuration files.
633 # This parameter is obsolete as of Postfix 2.1.
634 #
635 sample_directory = /etc/postfix
636
637 # readme_directory: The location of the Postfix README files.
638 #
639 readme_directory = /usr/share/doc/postfix-2.1.5-r2/readme
640 default_destination_concurrency_limit = 2
641 alias_database = hash:/etc/mail/aliases
642 local_destination_concurrency_limit = 2
643 alias_maps = hash:/etc/mail/aliases
644 home_mailbox = .maildir/
645
646 #smtpd_client_restrictions = permit_sasl_authenticated, reject
647 smptd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks
648 smtp_use_tls = yes
649 smtpd_use_tls = yes
650 smtpd_tls_auth_only = yes
651 smtpd_tls_key_file = /etc/ssl/postfix/server.key
652 smtpd_tls_cert_file = /etc/ssl/postfix/server.crt
653 smtpd_tls_CAfile = /etc/ssl/postfix/server.pem
654 smtpd_tls_loglevel = 3
655 smtpd_tls_received_header = yes
656 smtpd_tls_session_cache_timeout = 3600s
657 tls_random_source = dev:/dev/urandom
658
659 virtual_alias_domains = saludmagazine.com
660 virtual_alias_maps = hash:/etc/postfix/virtual
661
662 #Gentoo gateway guide
663 biff = no
664 empty_address_recipient = MAILER-DAEMON
665 queue_minfree = 120000000
666
667 content_filter = smtp-amavis:[127.0.0.1]:10024
668
669
670 # TRANSPORT MAP
671 #
672 # Insert text from sample-transport.cf if you need explicit routing.
673 #transport_maps = hash:/etc/postfix/transport
674 smtpd_sasl_auth_enable = yes
675 smtpd_sasl_security_options = noanonymous
676 smtpd_sasl_local_domain = $myhostname
677 broken_sasl_auth_clients = yes
678 relay_domains = $mydestination
679 smtpd_recipient_restrictions =
680 permit_sasl_authenticated,
681 permit_mynetworks,
682 check_relay_domains
683 #smtpd_recipient_restrictions =
684 # permit_sasl_authenticated,
685 # permit_mynetworks,
686 # check_relay_domains
687
688
689
690
691 >X-Original-To: jstrusz@×××××.com
692 >Delivered-To: jstrusz@×××××.com
693 >Delivered-To: <gentoo-security@l.g.o>
694 >X-Qmail-Scanner-Mail-From: scook@×××××.net via schroeder.kinex.net
695 >X-Qmail-Scanner: 1.25 (Clear:RC:1(12.155.103.158):. Processed in
696 >0.045317 secs)
697 >From: "Sean Cook" <scook@×××××.net>
698 >To: <gentoo-security@l.g.o>
699 >Subject: RE: [gentoo-security] postfix and SASL
700 >Date: Tue, 4 Oct 2005 16:37:27 -0400
701 >List-Post: <mailto:gentoo-security@l.g.o>
702 >List-Help: <mailto:gentoo-security+help@g.o>
703 >List-Unsubscribe: <mailto:gentoo-security+unsubscribe@g.o>
704 >List-Subscribe: <mailto:gentoo-security+subscribe@g.o>
705 >List-Id: Gentoo Linux mail <gentoo-security.gentoo.org>
706 >X-BeenThere: gentoo-security@g.o
707 >Reply-To: gentoo-security@l.g.o
708 >X-Mailer: Microsoft Office Outlook, Build 11.0.5510
709 >thread-index: AcXJIv/xXt93E14eS1a0LsJEk1yZQQAABY6A
710 >X-Qmail-Scanner-Message-ID: <112845824768623995@×××××××××××××××.net>
711 >X-Virus-Scanned: amavisd-new at kinex.net
712 >X-Virus-Scanned: This message was scanned for viruses by ClamAV.
713 >X-Spam-Status: No, hits=-2.599 tagged_above=-100 required=6.5 tests=BAYES_00
714 >X-Spam-Level:
715 >
716 >You have to enable tls support in the main.cf
717 >
718 ># this line alone should cause that EHLO to respond with appropriate detail
719 >smtpd_sasl_auth_enable = yes
720 >
721 >
722 >smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks,
723 >
724 > reject_unauth_destination
725 >smtpd_sasl_security_options = noanonymous
726 >smtpd_sasl_local_domain = $myhostname
727 >broken_sasl_auth_clients = yes
728 >
729 >
730 >-----Original Message-----
731 >From: Joe Strusz [mailto:jstrusz@×××××.com]
732 >Sent: Tuesday, October 04, 2005 4:31 PM
733 >To: gentoo-security@l.g.o
734 >Subject: [gentoo-security] postfix and SASL
735 >
736 >I have confirmed postfix is indeed compiled with SASL support. And i
737 >have TLS working great. However when i telnet to port 25 and
738 >issuethe ehlo command, i do receive the starttls etc... yet no AUTH
739 >PLAIN lines...
740 >
741 >I have been through every gentoo forum on this subject over and over
742 >again... same result. Ive googled, and googled, and even resorted to
743 >the postfix handbook..
744 >
745 >Could someone shed some light on this for me?
746 >
747 >
748 >Joe Strusz
749 >
750 >IT Assistant
751 >Oxford Publishing, Inc.
752 >307 West Jackson Avenue
753 >Oxford, MS 38655-2154
754 >800-247-3881
755 >662-236-5510x40
756 >jstrusz@×××××.com
757 >http://www.nightclub.com
758 >
759 >
760 >--
761 >gentoo-security@g.o mailing list
762 >
763 >
764 >--
765 >gentoo-security@g.o mailing list
766
767
768 Joe Strusz
769
770 IT Assistant
771 Oxford Publishing, Inc.
772 307 West Jackson Avenue
773 Oxford, MS 38655-2154
774 800-247-3881
775 662-236-5510x40
776 jstrusz@×××××.com
777 http://www.nightclub.com
778
779
780 --
781 gentoo-security@g.o mailing list
Report Message
Find on MARC Find on Google Groups