Loading ...
Sorry, an error occurred while loading the content.

291484Re: setting up postscreen on a system with multiple external interfaces

Expand Messages
  • Erik Slagter
    Feb 21, 2013
    • 0 Attachment
      Another variation I tried ("pass" and "postscreen" the other way
      around). This works, but gives the original problem, the smtpd options
      are not honoured (especially banner and starttls="may"), even though I
      set both:

      -o smtpd_tls_security_level=may
      -o postscreen_tls_security_level=may

      Output of postfinger, diff to first non-postscreen config:

      --- a 2013-02-21 17:35:41.568369098 +0100
      +++ c 2013-02-21 17:38:58.274633686 +0100
      @@ -1,4 +1,4 @@
      -Postfinger - postfix configuration on do feb 21 16:32:28 CET 2013
      +postfinger - postfix configuration on do feb 21 17:38:58 CET 2013
      version: 1.30

      Warning: postfinger output may show private configuration information,
      @@ -83,7 +83,10 @@
      virtual_alias_maps = hash:/etc/postfix/virtual

      --master.cf--
      -mx1.ipv4.slagter.name:smtp inet n - n - 2 smtpd
      +smtpd pass - - n - - smtpd
      +dnsblog unix - - n - 0 dnsblog
      +tlsproxy unix - - n - 0 tlsproxy
      +mx1.ipv4.slagter.name:smtp inet n - n - 2 postscreen
      -o myhostname=eriks.xs4all.nl
      -o smtpd_banner=mx1.slagter.name-ESMTP-$mail_name-mx1-ppp0-ipv4-25
      -o smtpd_tls_security_level=may
      @@ -92,7 +95,7 @@
      -o smtpd_proxy_filter=nemesis.ipv4:10025
      -o soft_bounce=no
      -o postscreen_cache_map=btree:$data_directory/postscreen_cache-ipv4
      -mx1.ipv6.slagter.name:smtp inet n - n - 2 smtpd
      +mx1.ipv6.slagter.name:smtp pass n - n - 2 postscreen
      -o myhostname=mx1.ipv6.slagter.name
      -o smtpd_banner=mx1.slagter.name-ESMTP-$mail_name-mx1-ppp0-ipv6-25
      -o smtpd_tls_security_level=may

      * Log output

      Feb 21 17:42:40 nemesis-vlan1 postfix/master[4547]: daemon started --
      version 2.9.4, configuration /etc/postfix
      Feb 21 17:42:42 nemesis-vlan1 postfix/postscreen[4553]: CONNECT from
      [10.1.1.5]:49309 to [83.163.214.71]:25
      Feb 21 17:42:42 nemesis-vlan1 postfix/postscreen[4553]: WHITELISTED
      [10.1.1.5]:49309
      Feb 21 17:42:42 nemesis-vlan1 postfix/postscreen[4553]: cache
      btree:/var/lib/postfix/postscreen_cache-ipv4 full cleanup: retained=5
      dropped=0 entries
      Feb 21 17:42:42 nemesis-vlan1 postfix/smtpd[4554]: connect from
      eos.ipv4.slagter.name[10.1.1.5]
      Feb 21 17:42:50 nemesis-vlan1 postfix/smtpd[4554]: disconnect from
      eos.ipv4.slagter.name[10.1.1.5]
    • Show all 25 messages in this topic