Postscreen, DNSBL, and Windows Phone

classic Classic list List threaded Threaded
11 messages Options
Reply | Threaded
Open this post in threaded view
|

Postscreen, DNSBL, and Windows Phone

asai
Greetings,

I am having some issues which I don't understand fully, and I'm hoping
you can point out to me what I'm doing wrong here.

I have a client who's using Windows 7 phone, and she's unable to send
mail due to Spamhaus blocking her 'direct-to-mx' IP range. SMTP
authentication is turned on for the phone.  Dovecot is able to fetch
mail for the phone no problem.

I'm sure I'm missing something, but I don't know what at this point.

[root@triata ~]# postconf -n
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = amavisfeed:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 1
html_directory = no
mail_owner = postfix
mailbox_size_limit = 0
mailq_path = /usr/bin/mailq
manpage_directory = /usr/local/man
maximal_backoff_time = 600s
maximal_queue_lifetime = 1d
message_size_limit = 0
minimal_backoff_time = 300s
mydomain = globalchangemultimedia.net
myhostname = triata.globalchangemultimedia.net
mynetworks = 127.0.0.1, 192.168.1.93
newaliases_path = /usr/bin/newaliases
postscreen_access_list = permit_mynetworks
postscreen_dnsbl_action = enforce
postscreen_dnsbl_sites = zen.spamhaus.org*2 bl.spamcop.net*1
b.barracudecentral.org*1
postscreen_dnsbl_threshold = 2
postscreen_greet_action = drop
queue_directory = /var/spool/postfix
queue_run_delay = 300s
readme_directory = no
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
show_user_unknown_table_name = no
smtp_sasl_mechanism_filter = plain, login
smtpd_client_restrictions = check_client_access
mysql:/etc/postfix/mysql_blacklist, permit
smtpd_data_restrictions = reject_unauth_pipelining, permit
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, check_helo_access
mysql:/etc/postfix/mysql_helo_restrictions.cf,
permit_sasl_authenticated, reject_invalid_hostname,permit
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated,reject_invalid_hostname,
reject_non_fqdn_sender,  reject_non_fqdn_recipient,
reject_unknown_sender_domain, reject_unauth_destination,
check_recipient_access
mysql:/etc/postfix/mysql_restricted_recipients.cf, permit
smtpd_restriction_classes = webdev_only, local_only, unrestricted
smtpd_sasl_auth_enable = yes
smtpd_sasl_exceptions_networks = $mynetworks
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = check_sender_access
mysql:/etc/postfix/mysql_restricted_senders.cf,
permit_sasl_authenticated,        reject_non_fqdn_sender,
reject_unknown_sender_domain,permit_mynetworks, permit
smtpd_tls_cert_file = /etc/pki/dovecot/certs/smtpd.pem
smtpd_tls_key_file = /etc/pki/dovecot/certs/smtpd.pem
smtpd_tls_loglevel = 0
smtpd_tls_received_header = no
smtpd_tls_security_level = may
smtpd_tls_session_cache_database =
btree:/var/spool/postfix/smtpd_tls_session_cache
soft_bounce = yes
unknown_local_recipient_reject_code = 550
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_gid_maps = static:1001
virtual_mailbox_base = /vmail
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_limit = 0
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_minimum_uid = 1001
virtual_transport = dovecot
virtual_uid_maps = static:1001

--

Asai
Reply | Threaded
Open this post in threaded view
|

Re: Postscreen, DNSBL, and Windows Phone

Ralf Hildebrandt
* Asai <[hidden email]>:

> Greetings,
>
> I am having some issues which I don't understand fully, and I'm
> hoping you can point out to me what I'm doing wrong here.
>
> I have a client who's using Windows 7 phone, and she's unable to send
> mail due to Spamhaus blocking her 'direct-to-mx' IP range. SMTP
> authentication is turned on for the phone.  Dovecot is able to fetch
> mail for the phone no problem.
>
> I'm sure I'm missing something, but I don't know what at this point.

Since her dialup is listed im Spamhaus, she cannot connect to port 25,
since that's forbidden by postscreen.

That's about it.

Fro: http://www.postfix.org/POSTSCREEN_README.html

postscreen(8) should not be used on SMTP ports that receive mail from
end-user clients (MUAs). In a typical deployment, postscreen(8) is
used on the "port 25" service, while MUA clients submit mail via the
submission service (port 587) which normally requires client
authentication, or via a "port 25" server that provides no MX service
(i.e. a dedicated server that provides submission service on port 25).

--
Ralf Hildebrandt
  Geschäftsbereich IT | Abteilung Netzwerk
  Charité - Universitätsmedizin Berlin
  Campus Benjamin Franklin
  Hindenburgdamm 30 | D-12203 Berlin
  Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
  [hidden email] | http://www.charite.de
           
Reply | Threaded
Open this post in threaded view
|

Re: Postscreen, DNSBL, and Windows Phone

asai
> * Asai <[hidden email]>:
>> Greetings,
>>
>> I am having some issues which I don't understand fully, and I'm
>> hoping you can point out to me what I'm doing wrong here.
>>
>> I have a client who's using Windows 7 phone, and she's unable to send
>> mail due to Spamhaus blocking her 'direct-to-mx' IP range. SMTP
>> authentication is turned on for the phone.  Dovecot is able to fetch
>> mail for the phone no problem.
>>
>> I'm sure I'm missing something, but I don't know what at this point.
> Since her dialup is listed im Spamhaus, she cannot connect to port 25,
> since that's forbidden by postscreen.
>
> That's about it.
>
> Fro: http://www.postfix.org/POSTSCREEN_README.html
>
> postscreen(8) should not be used on SMTP ports that receive mail from
> end-user clients (MUAs). In a typical deployment, postscreen(8) is
> used on the "port 25" service, while MUA clients submit mail via the
> submission service (port 587) which normally requires client
> authentication, or via a "port 25" server that provides no MX service
> (i.e. a dedicated server that provides submission service on port 25).
>
Thanks, I thought that may be that case, and unfortunately there doesn't
seem to be any way in the Windows 7 phone configuration to manually set
the port it's connecting to.  Although I do have it set to use SSL (TLS
isn't an option), so I'd think that it would connect to 993 at least.
Reply | Threaded
Open this post in threaded view
|

Re: Postscreen, DNSBL, and Windows Phone

Ralf Hildebrandt
* Asai <[hidden email]>:

> Thanks, I thought that may be that case, and unfortunately there
> doesn't seem to be any way in the Windows 7 phone configuration to
> manually set the port it's connecting to.  Although I do have it set
> to use SSL (TLS isn't an option), so I'd think that it would connect
> to 993 at least.

993 is IMAPS. So check if it is actually connecting to port 465 or 587.

--
Ralf Hildebrandt
  Geschäftsbereich IT | Abteilung Netzwerk
  Charité - Universitätsmedizin Berlin
  Campus Benjamin Franklin
  Hindenburgdamm 30 | D-12203 Berlin
  Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
  [hidden email] | http://www.charite.de
           
Reply | Threaded
Open this post in threaded view
|

Re: Postscreen, DNSBL, and Windows Phone

Reindl Harald-2
In reply to this post by asai


Am 20.08.2012 22:41, schrieb Asai:
> Thanks, I thought that may be that case, and unfortunately there doesn't seem to be any way in the Windows 7 phone
> configuration to manually set the port it's connecting to.  Although I do have it set to use SSL (TLS isn't an
> option), so I'd think that it would connect to 993 at least.

not true

5 seconds google:
http://answers.microsoft.com/en-us/winphone/forum/wp7-wppeople/changing-imap-and-smtp-ports-is-not-possible/20f325e7-d9ce-4bff-ae93-4ee51756c2bb

You can specify your smtp server as "my.DOMAIN.com:587", without the quotes

this is a absolutely common way to specify host:port for all sort
of service-types and clients



signature.asc (270 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Postscreen, DNSBL, and Windows Phone

asai
On 8/20/2012 1:49 PM, Reindl Harald wrote:

>
> Am 20.08.2012 22:41, schrieb Asai:
>> Thanks, I thought that may be that case, and unfortunately there doesn't seem to be any way in the Windows 7 phone
>> configuration to manually set the port it's connecting to.  Although I do have it set to use SSL (TLS isn't an
>> option), so I'd think that it would connect to 993 at least.
> not true
>
> 5 seconds google:
> http://answers.microsoft.com/en-us/winphone/forum/wp7-wppeople/changing-imap-and-smtp-ports-is-not-possible/20f325e7-d9ce-4bff-ae93-4ee51756c2bb
>
> You can specify your smtp server as "my.DOMAIN.com:587", without the quotes
>
> this is a absolutely common way to specify host:port for all sort
> of service-types and clients
>
>
brilliance

cheers
Reply | Threaded
Open this post in threaded view
|

Re: Postscreen, DNSBL, and Windows Phone

Benny Pedersen
In reply to this post by asai
Den 2012-08-20 22:22, Asai skrev:

> I'm sure I'm missing something, but I don't know what at this point.

is smtp auth enabled in the phone ?

show postfix logs

postfix -n seems to have it all ok from here, so only the phone is left



Reply | Threaded
Open this post in threaded view
|

Re: Postscreen, DNSBL, and Windows Phone

Benny Pedersen
In reply to this post by asai
Den 2012-08-20 22:41, Asai skrev:

> Thanks, I thought that may be that case, and unfortunately there
> doesn't seem to be any way in the Windows 7 phone configuration to
> manually set the port it's connecting to.  Although I do have it set
> to use SSL (TLS isn't an option), so I'd think that it would connect
> to 993 at least.

i have a nabohood that have problems with vista enterprise that changes
settings randomly lead to me have the problem explaining its vistas
normal stabality problems that continues to change the old lady of smtp
auth, it have a test connection that always fails when it changed config
from whats works, and shure there is no tls there on port 465 but ssl
works, else it try to use default port 25 where it expect smtp auth to
work via starttls

silly windows :)

but 993 is imaps, and it cant send mail that way

Reply | Threaded
Open this post in threaded view
|

Re: Postscreen, DNSBL, and Windows Phone

Benny Pedersen
In reply to this post by Reindl Harald-2
Den 2012-08-20 22:49, Reindl Harald skrev:

> this is a absolutely common way to specify host:port for all sort
> of service-types and clients

microsoft try to sell better manuels as a thing that cost more :=)



Reply | Threaded
Open this post in threaded view
|

Re: Postscreen, DNSBL, and Windows Phone

Postfix User-2
On Tue, 21 Aug 2012 03:07:47 +0200
Benny Pedersen articulated:

> Den 2012-08-20 22:49, Reindl Harald skrev:
>
> > this is a absolutely common way to specify host:port for all sort
> > of service-types and clients
>
> microsoft try to sell better manuels as a thing that cost more :=)
                               ^^^^^^^
You mean that they are engaging in human trafficking? I think you are
referring to "manuals". In any case, over the years I have found that I
can get virtually any info I want about a Microsoft product by using
either their "technet"
<http://technet.microsoft.com/en-us/default.aspx> or "MSDN" services
<http://msdn.microsoft.com/en-us/library/ms123401.aspx>. Google is your
friend. The answer to this problem, as I believe was previously
published here, can be located at:
<http://www.microsoft.com/windowsphone/en-us/howto/wp7/people/set-up-an-email-account.aspx>
and
<http://answers.microsoft.com/en-us/winphone/forum/wp7-wppeople/changing-imap-and-smtp-ports-is-not-possible/20f325e7-d9ce-4bff-ae93-4ee51756c2bb>.

--
Jerry ✌
[hidden email]
_____________________________________________________________________
TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail
TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html
Reply | Threaded
Open this post in threaded view
|

Re: Postscreen, DNSBL, and Windows Phone

Benny Pedersen
Den 2012-08-21 11:57, Jerry skrev:

but i dont need this to setup smtp auth in nokia, only windows needs
it, i keep my symbian os