[GTALUG] Connection Refused

Randy Jonasz rjonasz at gmail.com
Fri Feb 20 16:57:33 UTC 2015


On 15-02-19 11:34 PM, William Park wrote:
> Port 25 is matched by 'fail2ban-dovecot' and 'fail2ban-postfix' which do
> nothing.  So, check postfix main config.
Alas I can telnet to port 25 from outside of my lan.  What would 
restrict my lan address?  The server is in Germany.  I can telnet from 
work at McMaster University but nothing from my home.

Here's my main.config

# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file = /etc/ssl/certs/server.crt
smtpd_tls_key_file = /etc/ssl/private/server.key
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_tls_req_ccert = no
smtpd_tls_ask_ccert = yes

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = foucault.rjonasz.ca
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = foucault.rjonasz.ca, localhost.rjonasz.ca, localhost
relayhost =
mynetworks = 127.0.0.0/8 80.241.217.178/32 [::ffff:127.0.0.0]/104 
[::1]/128 207.210.30.47/32 198.7.63.205/32
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
home_mailbox = Maildir/
#smtpd_sasl_type = dovecot
#smtpd_sasl_path = private/auth-client
#smtpd_sasl_local_domain =
#smtpd_sasl_security_options = noplaintext,noanonymous
#broken_sasl_auth_clients = yes
#smtpd_sasl_auth_enable = yes
#smtp_sasl_password_maps = hash:/etc/postfix/sasl/passwd
smtpd_recipient_restrictions = permit_sasl_authenticated 
permit_mynetworks reject_unauth_destination
smtp_tls_security_level = may
smtpd_tls_security_level = may
smtp_tls_note_starttls_offer = yes
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
tls_random_source = dev:/dev/urandom
#smtp_connection_cache_destinations = smtp.gmail.com
default_transport = smtp
default_destination_concurrency_limit = 5
virtual_alias_domains = rjonasz.ca rjonasz.com rjonasz.net rjonasz.org
virtual_alias_maps = hash:/etc/postfix/virtual
smtpd_relay_restrictions = permit_mynetworks reject_unauth_destination



Cheers,

Randy


More information about the talk mailing list