|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] Need help with Postfix config
|
On Thursday 18 December 2008, JP Vossen wrote:
> My Covad/Speakeasy went down Monday and isn't back yet, so I've moved my
> server to a colo, but I'm a little stuck getting some parts working.
> Basically, since it was on a LAN DMZ before, I need to lock it down a bit.
> Port 25 was always wide open to the world, so I have Postfix locked down
> pretty well for relaying & spam. Which is the problem. Now my clients
> can't use that server to send outgoing (which I want to do).
> I have worked around the problem for now (since you are reading this) by
> adding my FiOS IPA to my Postfix 'mynetworks' in /etc/postfix/main.cf,
> but that's not an ideal solution for various reasons. Also, I got
> IMAP/SSL working on 993, but have nothing for SMTP yet. What I *think*
> I want to do is leave 25/TCP alone (for incoming mail from Internet
> servers) and run SMTP/SSL on 465/TCP, and authenticate users on that
> port via PAM for outgoing mail.
>
> Can anyone a) suggest something better or b) provide Postfix config clues?
That's pretty much the setup I have (except a VM slice instead of a colo), and
I have auth requiring username/password from the shell accounts but only if
encrypted (using ssl/tls in my case). It works fine for my few users.
postfix config clues:
smtpd_sender_restrictions = permit_sasl_authenticated, ...
smtpd_sasl_auth_enable
smtp_sasl_auth_enable
smtp_sasl_password_maps
smtp_use_tls
smtp_tls_*
smtpd_tls_*
If that doesn't help, I could send you a sanitised copy of my config offlist.
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|