Loading ...
Sorry, an error occurred while loading the content.

299008Re: Reject client from domains without MX records

Expand Messages
  • Pau Peris
    Mar 28, 2014
      Just in case someone is interested, finally i disabled sasl auth globally and fixed the previous error by adding/modifying the following lines at master.cf

      smtp                  inet  n       -       -       -       -       smtpd
         -o smtpd_sasl_auth_enable=yes

      As you can see i forgot to enable sasl on smtp.

      I also added the following restriction next to reject_authenticated_sender_login_mismatch:

                                      reject_authenticated_sender_login_mismatch,
                                      reject_known_sender_login_mismatch,

      Maybe it helps someone.


      On Sat, Mar 29, 2014 at 1:02 AM, Pau Peris <pau@...> wrote:
      >
      > Thanks a lot!
      > --
      >
      >
      > Sent from my Android mobile, excuse the brevity.
      >
      > On Mar 29, 2014 12:55 AM, "lists@..." <lists@...> wrote:
      >>
      >>
      >>
      >> Am 29.03.2014 00:43, schrieb Pau Peris:
      >> > I don't think that's about reading but about experise. Which takes time after reading
      >>
      >> no, it's a matter of read, try and try again, been there done that
      >>
      >> > I will reenable sasl globally again while i try to understand it all
      >> > I'm unsure if login sender mismatch can have any side effect for incoming email once global sasl auth is activated
      >>
      >> as said: read the documentation, especially for params you are usinf
      >>
      >> "reject_authenticated_sender_login_mismatch" contains the word "authenticated"
      >> http://www.postfix.org/postconf.5.html#reject_authenticated_sender_login_mismatch
      >>
      >> > Sent from my Android mobile, excuse the brevity.
      >> >
      >> > On Mar 29, 2014 12:30 AM, "lists@... <mailto:lists@...>" <lists@... <mailto:lists@...>>
      >> > wrote:
      >> >
      >> >     sorry, you need to read manuals and try some things at your own
      >> >     if you can't handle it why do you remove auth globally?
      >> >     in general don't change defaults for no good reason
      >> >
      >> >     Am 29.03.2014 00:21, schrieb Pau Peris:
      >> >     > Could you be more explicit or place an example on how should main.cf <http://main.cf> <http://main.cf> should
      >> >     stay after removing
      >> >     > the sasl params and how should master.cf <http://master.cf> <http://master.cf> look please?
      >> >     >
      >> >     > Thank u so much!!
      >> >     >
      >> >     > Sent from my Android mobile, excuse the brevity.
      >> >     >
      >> >     > On Mar 28, 2014 10:21 PM, "lists@... <mailto:lists@...> <mailto:lists@...
      >> >     <mailto:lists@...>>" <lists@... <mailto:lists@...> <mailto:lists@...
      >> >     <mailto:lists@...>>>
      >> >     > wrote:
      >> >     >
      >> >     >
      >> >     >     Am 28.03.2014 20:33, schrieb Pau Peris:
      >> >     >     > I think everything was working fine but after update main.cf <http://main.cf> <http://main.cf>
      >> >     <http://main.cf> file i'm
      >> >     >     seeing the following warning
      >> >     >     > for emails incoming outside the box, postfix/smtpd[15455]: warning: restriction
      >> >     >     > `reject_authenticated_sender_login_mismatch' ignored: no SASL support
      >> >     >     >
      >> >     >     > The previous warning is show when i send an email from GMail to a domain whose email is managed by me.
      >> >     >     >
      >> >     >     > Basically what i did is:
      >> >     >     > * Remove permit_mynetworks where i think it shouldn't be.
      >> >     >     > * Disable smtp auth globally and enable it at submission 587 and smtps 465.
      >> >     >     > * Remove the deprecated smtp_use_tls/smtpd_use_tls statements
      >> >     >
      >> >     >     `reject_authenticated_sender_login_mismatch' has a clear context to SASL auth
      >> >     >     just don't list SASL related params in main.cf <http://main.cf> <http://main.cf> if "disable smtp auth
      >> >     globally"
    • Show all 30 messages in this topic