Prev-20 Home Next-20 2 msg 2 postfix server on the same domain in differen... 3 msg mailer-deamon sends error messages to: question 3 msg Procmail 15 msg MAIL FROM timeout with ciphers=high 2 msg milter, broken pipe How to listen on 587 as well as 25? \ Leo Ofenstein (30 Nov 2007) . \ Matt Hayes (30 Nov 2007) . . \ Victor Duchovni (30 Nov 2007) . . . \ Leo Ofenstein (30 Nov 2007) . . . . \ mouss (30 Nov 2007) . . . \ Matt Hayes (30 Nov 2007) . . . \ Charles Marcus (15 Dec 2007) . . . . \ Victor Duchovni (16 Dec 2007) . . . . . \ Charles Marcus (16 Dec 2007) . . . . . . \ Sahil Tandon (16 Dec 2007) . . . . . . . \ Charles Marcus (16 Dec 2007) . . \ Charles Marcus (30 Nov 2007) . . . \ Victor Duchovni (30 Nov 2007) . . . . \ Charles Marcus (30 Nov 2007) . . . . . \ Victor Duchovni (30 Nov 2007) . \ Brian Mathis (30 Nov 2007) . . \ mouss (30 Nov 2007) 6 msg reject_sender_login_mismatch doesnt work 2 msg smtp auth 4 msg Postfix with MYSQL compile error 8 msg mynetworks=<empty> vs mynetworks=<defa... 3 msg message_size_limit with ldap search parameter 2 msg Pipe debugging 12 msg destination_concurrency_limit not respected ? 13 msg Virtual spam forwarding issues 2 msg cleaning up deferred queue 2 msg static nexthop per domain 2 msg Simple postmap question 9 msg Issues with Recipient_Canonical mapping 3 msg Mail server reboot after got flood 3 msg can't create a virtual domain Prev-20 Home Next-20

Prev-Msg Prev-Thread Postfix-users Nov-2007 Next-Thread Next-Msg Subject: Re: How to listen on 587 as well as 25? Group: Postfix-users From: Victor Duchovni Date: 30 Nov 2007 On Fri, Nov 30, 2007 at 02:34:27PM -0500, Charles Marcus wrote: > Victor Duchovni, on 11/30/2007 1:35 PM, said the following: > >>>This is an example of port 587 (submission port) that I use: > >>> > >>>submission inet n - n - - smtpd > >>> -o smtpd_enforce_tls=yes > >>> -o smtpd_sasl_auth_enable=yes > >>> -o smtpd_client_restrictions=permit_sasl_authenticated,reject > > >>Yikes... if I didn't have these explicitly set in master.cf (I didn't > >>uncomment them when I uncommented the submission port), does that mean > >>my server was wide open? > > > >No, it means your server was not relaying for anyone. The submission > >service was just like the port 25 service. If the port 25 service allowed > >relaying for authenticated users, then so did 587. The only thing missing > >was mandatory TLS. > > Ahhh... ok, that makes sense... I recommented the other two, leaving > only the first one (smtpd_enforce_tls-yes) uncommented. No harm leaving the other options in place, they prevent having your submission abused as an inbound MX service. There is however no signficant risk from offering essentially the same service on both ports. So do tune the submission service for submission, but it is not critical to do so. > To confirm... > > I had thought that's what smtpd_tls_auth_only = yes did... but I see now > that it only enforces tls for auth traffic, is that right? It only allows AUTH over TLS. Which is different from requiring TLS, but of course TLS is required if one wants to AUTH. -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the "Reply-To" header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: <mailto:majordomo?body=unsubscribe%20postfix-users> If my response solves your problem, the best way to thank me is to not send an "it worked, thanks" follow-up. If you must respond, please put "It worked, thanks" in the "Subject" so I can delete these quickly. Prev-Msg Prev-Thread Postfix-users Nov-2007 Next-Thread Next-Msg

© 2004-2008 readlist.com