Malcolm J Harwood on 18 Dec 2008 18:01:31 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Need help with Postfix config

On Thursday 18 December 2008, JP Vossen wrote:

> My Covad/Speakeasy went down Monday and isn't back yet, so I've moved my
> server to a colo, but I'm a little stuck getting some parts working.
> Basically, since it was on a LAN DMZ before, I need to lock it down a bit.

> Port 25 was always wide open to the world, so I have Postfix locked down
> pretty well for relaying & spam.  Which is the problem.  Now my clients
> can't use that server to send outgoing (which I want to do).

> I have worked around the problem for now (since you are reading this) by
> adding my FiOS IPA to my Postfix 'mynetworks' in /etc/postfix/,
> but that's not an ideal solution for various reasons.  Also, I got
> IMAP/SSL working on 993, but have nothing for SMTP yet.  What I *think*
> I want to do is leave 25/TCP alone (for incoming mail from Internet
> servers) and run SMTP/SSL on 465/TCP, and authenticate users on that
> port via PAM for outgoing mail.
> Can anyone a) suggest something better or b) provide Postfix config clues?

That's pretty much the setup I have (except a VM slice instead of a colo), and 
I have auth requiring username/password from the shell accounts but only if 
encrypted (using ssl/tls in my case). It works fine for my few users.

postfix config clues:
	smtpd_sender_restrictions = permit_sasl_authenticated, ...

If that doesn't help, I could send you a sanitised copy of my config offlist.
Philadelphia Linux Users Group         --
Announcements -
General Discussion  --