LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 08-06-2005, 11:07 PM   #1
fortezza
Member
 
Registered: Mar 2003
Location: Colorado
Distribution: Fedora Core 4
Posts: 297

Rep: Reputation: 30
Postfix,Enforce_TLS, and Receiving Email


After spending the entired day getting Postfix and QPopper to behave pretty well with TLS, I did one final test by sending email from an external mailbox to my domain that is hosted at home. The mail bounced back with the error:

Status: 5.1.0 MAIL FROM: <joesmith@someisp.net> 530 REPLY: 530_Must_issue_a_STARTTLS_command_first


I discovered if I change the main.cf file line "smtpd_enforce_tls = yes " to "smtpd_enforce_tls = no ", I can recieve email to my domain, but then sending email no longed requires it. What I want is to receive email to my domain, but for any sends with a destination that is not in my domain to require TLS and SASL. The SASL requirement is working, but TLS is not working the way I would like.

Below is my main.cf file. Is there a way I can force email with a destination outside my domain to require TLS/SASL, while email with a destination to my domain to have no special requirements?




Code:
#Set the top level domain name
mydomain = fortezzazone.org

#set the MTA's FQDN host name
myhostname = devastator.fortezzazone.org

#Set the 'local' network masks
#mynetworks = 10.0.0.0/24 127.0.0.0/8
mynetworks = 127.0.0.0/8 #smtp auth testing

#Listening Interfaces
#inet_interfaces = $myhostname, localhost

#inet_interfaces = all

#This is the domain email from here comes from.
myorigin = $mydomain

#These are the domains this MTA will accept mail for.
mydestination = $myhostname, localhost.$mydomain, $mydomain, fortezza.dyndns.org

#This sets the error for rejected local recipients
unknown_local_recipient_reject_code = 550


#relay host

#relayhost = outbound.mailhop.org
#smtp_use_tls = yes

#Alias Mapping Files
alias_maps = hash:/etc/postfix/aliases
alias_database = hash:/etc/postfix/aliases

#HELO Restrictions
smtpd_helo_required = yes
#these settings don't work ( not valid commands )
#smtpd_helo_restrictions = 
#	reject_invalid_helo_hostname,
#	reject_non_fqdn_helo_hostname,
#	reject_unknown_helo_hostname

smtpd_sender_restrictions = reject_unknown_sender_domain,permit_sasl_authenticated


# Enable TLS
smtp_use_tls = yes
smtpd_use_tls = yes 
smtp_tls_note_starttls_offer = yes 
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.pem
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.pem
smtpd_tls_CAfile = /etc/postfix/ssl/smtpd.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_enforce_tls = yes
tls_random_source = dev:/dev/urandom

#Enable SASL Support
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
smtp_sasl_password_maps = hash:/etc/postfix/sasl_password
#End TLS Support


smtpd_recipient_restrictions =
   permit_sasl_authenticated,
   permit_mynetworks,
   reject_unauth_destination
   
soft_bounce = no
smtpd_banner = $myhostname NO UCE ESMPT Open Relay Spammers Sux0r!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Postfix - Receiving Mail mmondok Linux - Software 3 10-21-2005 09:17 AM
Problems receiving email via postfix ryedunn Linux - General 5 01-01-2005 07:55 PM
problem receiving email King4lex Slackware 1 09-20-2004 03:52 PM
Postfix Error: Not receiving mail ckenshol Linux - Newbie 16 05-15-2004 07:04 PM
Problem receiving email from email server sharon Linux - Newbie 3 07-11-2003 03:57 AM


All times are GMT -5. The time now is 07:47 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration