1 |
>> Got it. Your explanations are positively lucid. |
2 |
>> |
3 |
>> I added this to /etc/postifx/main.cf: |
4 |
>> |
5 |
>> postscreen_greet_action = enforce |
6 |
>> postscreen_pipelining_enable = yes |
7 |
>> postscreen_pipelining_action = enforce |
8 |
>> postscreen_non_smtp_command_enable = yes |
9 |
>> postscreen_non_smtp_command_action = enforce |
10 |
>> postscreen_bare_newline_enable = yes |
11 |
>> postscreen_bare_newline_action = enforce |
12 |
>> |
13 |
>> and I commented this and restarted postfix: |
14 |
>> |
15 |
>> #check_policy_service inet:127.0.0.1:10030 |
16 |
>> |
17 |
>> Should this effectively disable postgrey and enable postscreen? |
18 |
>> |
19 |
> |
20 |
> That will disable postgrey, but isn't enough to enable postscreen. There |
21 |
> are a couple of daemons you have to enable in master.cf (steps 2 through 6): |
22 |
> |
23 |
> http://www.postfix.org/POSTSCREEN_README.html#enable |
24 |
> |
25 |
> That README refers to lines that are commented-out in master.cf; of |
26 |
> course, if you've upgraded from an earlier of postfix, you won't have them. |
27 |
> |
28 |
> What I did was to untar the latest postfix release under my home |
29 |
> directory, and find the master.cf that ships with it. Then, I |
30 |
> copy/pasted the lines mentioned in the README over to my real master.cf. |
31 |
> |
32 |
> After a restart, you should see lines like this in your mail log: |
33 |
> |
34 |
> Dec 6 03:13:46 mx1 postfix/postscreen[2810]: CONNECT from ... |
35 |
> |
36 |
> that let you know its' working. |
37 |
|
38 |
Do you know how smtps comes into play? Right now I've got the |
39 |
following uncommented in master.cf: |
40 |
|
41 |
smtp inet n - n - - smtpd |
42 |
smtps inet n - n - - smtpd |
43 |
-o smtpd_tls_wrappermode=yes |
44 |
|
45 |
Should I write an smtpsd line or does tlsproxy make that unnecessary? |
46 |
|
47 |
- Grant |