Accept all mail on separate port

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Accept all mail on separate port

Andrea Gozzi-5
Hi all.

Due to the demise of the Sixxs project, which I was using to bypass the
ISP’s filtering of port 25 (in/out), I would like to open a "private" port
on postfix.
It’s a non-standard port and I will be filtering the src range at firewall
level so I’m pretty confident there will be no abuse.
I also want to avoid adding the subnet to mynetworks since I find it
easier to work on the firewall rather than the mail server.

I was able to have postfix listen on the new port but I realized all
sender and client restrictions are still being enforced despite passing a
<permit> directive:

XXXXX     inet  n       -       -       -       250       smtpd
  -o smtpd_client_restrictions=permit


Furthermore, the server advertises a whole bunch of stuff I don’t really
need (at least not on that port):

250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN



What is the correct configuration to provide a bare smtpd process that
will accept all mail on that specific port and treat it as if it was
coming from a mynetworks host?

Thanks!


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Accept all mail on separate port

Noel Jones-2
On 6/6/2017 3:21 PM, Andrea wrote:

> Hi all.
>
> Due to the demise of the Sixxs project, which I was using to bypass the
> ISP’s filtering of port 25 (in/out), I would like to open a "private" port
> on postfix.
> It’s a non-standard port and I will be filtering the src range at firewall
> level so I’m pretty confident there will be no abuse.
> I also want to avoid adding the subnet to mynetworks since I find it
> easier to work on the firewall rather than the mail server.
>
> I was able to have postfix listen on the new port but I realized all
> sender and client restrictions are still being enforced despite passing a
> <permit> directive:
>
> XXXXX     inet  n       -       -       -       250       smtpd
>   -o smtpd_client_restrictions=permit
>
>
> Furthermore, the server advertises a whole bunch of stuff I don’t really
> need (at least not on that port):
>
> 250-VRFY
> 250-ETRN
> 250-STARTTLS
> 250-AUTH PLAIN LOGIN
> 250-AUTH=PLAIN LOGIN
>
>
>
> What is the correct configuration to provide a bare smtpd process that
> will accept all mail on that specific port

The alternate port inherits all the setting from main.cf, such as
smtpd_recipient_restrictions and sasl options.  A client must pass
each of the smtpd_*_restrictions sections to successfully send mail.
 You'll need to either adjust the settings in main.cf or provide
additional -o overrides.


> and treat it as if it was
> coming from a mynetworks host?

Either adjust the main.cf mynetworks, or provide an alternate -o
mynetworks=xxxx on the secondary listener.





  -- Noel Jones
Loading...