From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1OJssm-0006lK-6p for garchives@archives.gentoo.org; Wed, 02 Jun 2010 18:41:40 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id D5CEDE090F; Wed, 2 Jun 2010 18:41:28 +0000 (UTC) Received: from blingymail-a1.g.dreamhost.com (caibbdcaaaaf.dreamhost.com [208.113.200.5]) by pigeon.gentoo.org (Postfix) with ESMTP id B6859E090F for ; Wed, 2 Jun 2010 18:41:28 +0000 (UTC) Received: from [192.168.1.110] (smtp.media-brokers.com [70.43.81.99]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by blingymail-a1.g.dreamhost.com (Postfix) with ESMTP id 30369904AF for ; Wed, 2 Jun 2010 11:41:28 -0700 (PDT) Message-ID: <4C06A5D6.7020706@libertytrek.org> Date: Wed, 02 Jun 2010 14:41:26 -0400 From: Tanstaafl User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.19) Gecko/20081209 Lightning/0.9 Thunderbird/2.0.0.19 Mnenhy/0.7.6.666 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Postfix question about auth and blocklists... References: <4BFD32C5.9050306@shic.co.uk> <1274902364.11900.92.camel@bvargo2.homeip.net> <4BFE9CDA.3080807@shic.co.uk> <1274979987.11900.142.camel@bvargo2.homeip.net> In-Reply-To: <1274979987.11900.142.camel@bvargo2.homeip.net> X-Enigmail-Version: 1.0.1 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Archives-Salt: d51b7b57-9454-4a24-a3ab-8c7e926cee09 X-Archives-Hash: fac4cd121dccb7bcf5af08ccaa1ecccc On 2010-05-27 1:06 PM, Brandon Vargo wrote: > You mentioned in your first mail that you use Dovecot. The easiest > way to setup SASL for Postfix is to have Postfix authenticate > against Dovecot, +1, with one caveat - it doesn't work in client mode, only server mode... > I also recommend adding the following option to main.cf if your > clients support TLS encryption, which will not allow authentication > over unencrypted connections: > > smtpd_tls_auth_only = yes This is deprecated... Ror the submission port you should use: smtpd_tls_security_level = encrypt and for opportunistic TLS on port 25: smtpd_tls_security_level = may