| 1 |
>> Got it. Your explanations are positively lucid. |
| 2 |
>> |
| 3 |
>> I added this to /etc/postifx/main.cf: |
| 4 |
>> |
| 5 |
>> postscreen_greet_action = enforce |
| 6 |
>> postscreen_pipelining_enable = yes |
| 7 |
>> postscreen_pipelining_action = enforce |
| 8 |
>> postscreen_non_smtp_command_enable = yes |
| 9 |
>> postscreen_non_smtp_command_action = enforce |
| 10 |
>> postscreen_bare_newline_enable = yes |
| 11 |
>> postscreen_bare_newline_action = enforce |
| 12 |
>> |
| 13 |
>> and I commented this and restarted postfix: |
| 14 |
>> |
| 15 |
>> #check_policy_service inet:127.0.0.1:10030 |
| 16 |
>> |
| 17 |
>> Should this effectively disable postgrey and enable postscreen? |
| 18 |
>> |
| 19 |
> |
| 20 |
> That will disable postgrey, but isn't enough to enable postscreen. There |
| 21 |
> are a couple of daemons you have to enable in master.cf (steps 2 through 6): |
| 22 |
> |
| 23 |
> http://www.postfix.org/POSTSCREEN_README.html#enable |
| 24 |
> |
| 25 |
> That README refers to lines that are commented-out in master.cf; of |
| 26 |
> course, if you've upgraded from an earlier of postfix, you won't have them. |
| 27 |
> |
| 28 |
> What I did was to untar the latest postfix release under my home |
| 29 |
> directory, and find the master.cf that ships with it. Then, I |
| 30 |
> copy/pasted the lines mentioned in the README over to my real master.cf. |
| 31 |
> |
| 32 |
> After a restart, you should see lines like this in your mail log: |
| 33 |
> |
| 34 |
> Dec 6 03:13:46 mx1 postfix/postscreen[2810]: CONNECT from ... |
| 35 |
> |
| 36 |
> that let you know its' working. |
| 37 |
|
| 38 |
Do you know how smtps comes into play? Right now I've got the |
| 39 |
following uncommented in master.cf: |
| 40 |
|
| 41 |
smtp inet n - n - - smtpd |
| 42 |
smtps inet n - n - - smtpd |
| 43 |
-o smtpd_tls_wrappermode=yes |
| 44 |
|
| 45 |
Should I write an smtpsd line or does tlsproxy make that unnecessary? |
| 46 |
|
| 47 |
- Grant |
Archives