Loading ...
Sorry, an error occurred while loading the content.

275964Re: Configuring TLS with sender login maps

Expand Messages
  • Alex
    Apr 2 12:00 PM
      Hi,

      >> I have a fedora14 box that I'm trying to configure for use with
      >> postfix with dovecot and TLS, permitting only TLS connections after
      >> authenticating with sasl.
      >
      > What do you mean, *after* ?

      Oops. I'm still learning this, and think I got confused writing this
      so late last night.

      >> Apr  2 01:03:55 fc14 postfix/smtpd[10284]: NOQUEUE: reject: RCPT from
      >> unknown[184.XXX.XX.223]: 553 5.7.1<myuser@...>: Sender
      >> address rejected: not owned by user alex; from=<myuser@...>
      >> to=<remoteluser@...>  proto=ESMTP
      >> helo=<184-XXX-XXX-223.pools.mycellphone.net>
      >>
      >
      > You're not authenticated.
      >
      >> smtpd_sender_login_maps = hash:/etc/postfix/controlled_envelope_senders
      >> smtpd_sender_restrictions = reject_sender_login_mismatch
      >>
      >
      > This rejects mail from SASL'ed clients who are not in the map AND
      > non-SASL'ed clients who ARE in the map.
      > The above log line matches the latter condition, hence why it says that.
      >
      >> smtpd_tls_auth_only = yes
      >>
      >
      > SASL is not offered before a secure connection is established.
      >
      >> smtpd_tls_security_level = encrypt
      >>
      >
      > However, TLS is mandatory.
      >
      >> Are there any other options I should be concerned about with regards
      >> to security, and ensuring I don't become a relay or risk of
      >> unauthorized access?
      >>
      >
      > Fix your client to properly use TLS AND THEN SASL.

      I'm using the K9 client for Android. Using this method with TLS and
      SASL I need port 25 open for SMTP and TLS, and 587 for submission and
      SASL, correct?

      Thanks,
      Alex
    • Show all 12 messages in this topic