On Tuesday 23 November 2010, Christopher Howard elucidated thus:
> I actually already had these settings in my main.cf, which were not
> working, so I was hoping to get a bare-bones example from somebody on
> the list. But I'll go over the docs again today and try to figure out
> where I have gone wrong.
Here's what I have in my config. No, I haven't included all the
settings. Just what appears relevent.
main.cf:
# TLS parameters
smtpd_tls_cert_file=/etc/ssl/pem/eei.pem
smtpd_tls_key_file=/etc/ssl/private/eei.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package
for
# information on enabling SSL in the smtp client.
# SASL Auth stuff
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_application_name = smtpd
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_non_fqdn_recipient
# This is used in master.cf
eei_smtpd_client_restrictions = permit_mynetworks
reject_unauth_pipelining
permit_sasl_authenticated
check_client_access cidr:/etc/postfix/whitelist.cidr
reject
Make sure you have this in master.cf:
submission inet n - - - - smtpd
-o smtpd_etrn_restrictions=reject
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
Submission is port 587. Sometimes needed because hotels (or other
networks) will not allow outgoing port 25.
j
-- Joshua Kugler Part-Time System Admin/Programmer http://www.eeinternet.com - Fairbanks, AK PGP Key: http://pgp.mit.edu/ ID 0x73B13B6A --------- To unsubscribe, send email to <aklug-request@aklug.org> with 'unsubscribe' in the message body.Received on Tue Nov 23 16:34:59 2010
This archive was generated by hypermail 2.1.8 : Tue Nov 23 2010 - 16:34:59 AKST