| 1 |
On Dec 7, 2011 2:22 AM, "Paul Hartman" <paul.hartman+gentoo@×××××.com> |
| 2 |
wrote: |
| 3 |
> |
| 4 |
> On Tue, Dec 6, 2011 at 11:11 AM, Michael Orlitzky <michael@××××××××.com> |
| 5 |
wrote: |
| 6 |
> > On 12/06/11 11:32, Grant wrote: |
| 7 |
> >> |
| 8 |
> >> Got it. Your explanations are positively lucid. |
| 9 |
> >> |
| 10 |
> >> I added this to /etc/postifx/main.cf: |
| 11 |
> >> |
| 12 |
> >> postscreen_greet_action = enforce |
| 13 |
> >> postscreen_pipelining_enable = yes |
| 14 |
> >> postscreen_pipelining_action = enforce |
| 15 |
> >> postscreen_non_smtp_command_enable = yes |
| 16 |
> >> postscreen_non_smtp_command_action = enforce |
| 17 |
> >> postscreen_bare_newline_enable = yes |
| 18 |
> >> postscreen_bare_newline_action = enforce |
| 19 |
> >> |
| 20 |
> >> and I commented this and restarted postfix: |
| 21 |
> >> |
| 22 |
> >> #check_policy_service inet:127.0.0.1:10030 |
| 23 |
> >> |
| 24 |
> >> Should this effectively disable postgrey and enable postscreen? |
| 25 |
> >> |
| 26 |
> > |
| 27 |
> > That will disable postgrey, but isn't enough to enable postscreen. There |
| 28 |
> > are a couple of daemons you have to enable in master.cf (steps 2 |
| 29 |
through 6): |
| 30 |
> > |
| 31 |
> > http://www.postfix.org/POSTSCREEN_README.html#enable |
| 32 |
> > |
| 33 |
> > That README refers to lines that are commented-out in master.cf; of |
| 34 |
> > course, if you've upgraded from an earlier of postfix, you won't have |
| 35 |
them. |
| 36 |
> > |
| 37 |
> > What I did was to untar the latest postfix release under my home |
| 38 |
> > directory, and find the master.cf that ships with it. Then, I |
| 39 |
> > copy/pasted the lines mentioned in the README over to my real master.cf. |
| 40 |
> > |
| 41 |
> > After a restart, you should see lines like this in your mail log: |
| 42 |
> > |
| 43 |
> > Dec 6 03:13:46 mx1 postfix/postscreen[2810]: CONNECT from ... |
| 44 |
> > |
| 45 |
> > that let you know its' working. |
| 46 |
> |
| 47 |
> Thanks for bringing up postscreen and the rest of your responses to |
| 48 |
> Grant in this thread, I wasn't aware of it either. None of the HOWTOs |
| 49 |
> I read ever mentioned it. :) I'm going to give it a try and see how it |
| 50 |
> goes. |
| 51 |
> |
| 52 |
|
| 53 |
Indeed. They are also unclear on how to configure SASL (but that's a |
| 54 |
different story). |
| 55 |
|
| 56 |
Luckily, I'm building my mailfiltering gateway from scratch, and have been |
| 57 |
logging everything I do. When everything's finished and the mfgw works |
| 58 |
well, I'll distill my log into yet-another-wiki-article. |
| 59 |
|
| 60 |
Rgds, |
Archives