API tools faq
paste
Guest User

Untitled

a guest
Mar 10th, 2018
366
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 16.26 KB | None | 0 0
raw download clone embed print report
  1. Jun 23 19:45:43 mail postfix/submission/smtpd[3665]: initializing the server-side TLS engine
  2. Jun 23 19:45:43 mail postfix/submission/smtpd[3665]: connect from 79-76-219-7.dynamic.dsl.as9105.com[79.76.219.7]
  3. Jun 23 19:45:43 mail postfix/submission/smtpd[3665]: setting up TLS connection from 79-76-219-7.dynamic.dsl.as9105.com[79.76.219.7]
  4. Jun 23 19:45:43 mail postfix/submission/smtpd[3665]: 79-76-219-7.dynamic.dsl.as9105.com[79.76.219.7]: TLS cipher list "aNULL:-aNULL:HIGH:MEDIUM:+RC4:@STRENGTH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CDC3-SHA:!KRB5-DE5:!CBC3-SHA"
  5. Jun 23 19:45:43 mail postfix/submission/smtpd[3665]: SSL_accept:before/accept initialization
  6. Jun 23 19:45:43 mail postfix/submission/smtpd[3665]: SSL_accept:unknown state
  7. Jun 23 19:45:43 mail postfix/submission/smtpd[3665]: message repeated 9 times: [ SSL_accept:unknown state]
  8. Jun 23 19:45:43 mail postfix/submission/smtpd[3665]: 79-76-219-7.dynamic.dsl.as9105.com[79.76.219.7]: Issuing session ticket, key expiration: 1498248942
  9. Jun 23 19:45:43 mail postfix/submission/smtpd[3665]: SSL_accept:unknown state
  10. Jun 23 19:45:43 mail postfix/submission/smtpd[3665]: message repeated 3 times: [ SSL_accept:unknown state]
  11. Jun 23 19:45:43 mail postfix/submission/smtpd[3665]: Anonymous TLS connection established from 79-76-219-7.dynamic.dsl.as9105.com[79.76.219.7]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
  12. Jun 23 19:45:43 mail postfix/submission/smtpd[3665]: B7AD8416BA: client=79-76-219-7.dynamic.dsl.as9105.com[79.76.219.7], sasl_method=LOGIN, sasl_username=hello@mydomain.com
  13. Jun 23 19:45:43 mail postfix/cleanup[3673]: B7AD8416BA: message-id=<00b201d2ec59$4d566dc0$e8034940$@mydomain.com>
  14. Jun 23 19:45:43 mail postfix/qmgr[3655]: B7AD8416BA: from=<hello@mydomain.com>, size=2807, nrcpt=1 (queue active)
  15. Jun 23 19:45:43 mail postfix/smtp[3678]: initializing the client-side TLS engine
  16. Jun 23 19:45:43 mail postfix/smtp[3678]: setting up TLS connection to email-smtp.eu-west-1.amazonaws.com[54.154.210.139]:25
  17. Jun 23 19:45:43 mail postfix/smtp[3678]: email-smtp.eu-west-1.amazonaws.com[54.154.210.139]:25: TLS cipher list "aNULL:-aNULL:HIGH:MEDIUM:+RC4:@STRENGTH"
  18. Jun 23 19:45:43 mail postfix/smtp[3678]: SSL_connect:before/connect initialization
  19. Jun 23 19:45:43 mail postfix/smtp[3678]: SSL_connect:SSLv2/v3 write client hello A
  20. Jun 23 19:45:43 mail postfix/smtp[3678]: SSL_connect:unknown state
  21. Jun 23 19:45:43 mail postfix/smtp[3678]: email-smtp.eu-west-1.amazonaws.com[54.154.210.139]:25: depth=2 verify=1 subject=/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
  22. Jun 23 19:45:43 mail postfix/smtp[3678]: email-smtp.eu-west-1.amazonaws.com[54.154.210.139]:25: depth=1 verify=1 subject=/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 Secure Server CA - G4
  23. Jun 23 19:45:43 mail postfix/smtp[3678]: email-smtp.eu-west-1.amazonaws.com[54.154.210.139]:25: depth=0 verify=1 subject=/C=US/ST=Washington/L=Seattle/O=Amazon.com, Inc./CN=email-smtp.eu-west-1.amazonaws.com
  24. Jun 23 19:45:43 mail postfix/smtp[3678]: SSL_connect:unknown state
  25. Jun 23 19:45:43 mail postfix/smtp[3678]: message repeated 7 times: [ SSL_connect:unknown state]
  26. Jun 23 19:45:43 mail postfix/smtp[3678]: email-smtp.eu-west-1.amazonaws.com[54.154.210.139]:25: subject_CN=email-smtp.eu-west-1.amazonaws.com, issuer_CN=Symantec Class 3 Secure Server CA - G4, fingerprint=6E:5D:0D:26:7E:24:81:87:5E:41:8B:98:2C:FC:9E:AD, pkey_fingerprint=ED:7C:27:CE:7E:AB:FF:76:C0:3C:86:F3:3D:85:78:0F
  27. Jun 23 19:45:43 mail postfix/smtp[3678]: Trusted TLS connection established to email-smtp.eu-west-1.amazonaws.com[54.154.210.139]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
  28. Jun 23 19:45:43 mail postfix/smtp[3678]: B7AD8416BA: to=<myemail@gmail.com>, relay=email-smtp.eu-west-1.amazonaws.com[54.154.210.139]:25, delay=0.28, delays=0.16/0.02/0.09/0, dsn=5.0.0, status=bounced (host email-smtp.eu-west-1.amazonaws.com[54.154.210.139] said: 530 Authentication required (in reply to MAIL FROM command))
  29. Jun 23 19:45:43 mail postfix/cleanup[3673]: EEF71416BE: message-id=<20170623194543.EEF71416BE@mail.mydomain.com>
  30. Jun 23 19:45:43 mail postfix/qmgr[3655]: EEF71416BE: from=<>, size=4904, nrcpt=1 (queue active)
  31. Jun 23 19:45:43 mail postfix/bounce[3679]: B7AD8416BA: sender non-delivery notification: EEF71416BE
  32. Jun 23 19:45:43 mail postfix/qmgr[3655]: B7AD8416BA: removed
  33. Jun 23 19:45:44 mail postfix/pipe[3680]: EEF71416BE: to=<hello@mydomain.com>, relay=dovecot, delay=0.07, delays=0/0.01/0/0.06, dsn=2.0.0, status=sent (delivered via dovecot service)
  34. Jun 23 19:45:44 mail postfix/qmgr[3655]: EEF71416BE: removed
  35. Jun 23 19:45:46 mail postfix/submission/smtpd[3665]: disconnect from 79-76-219-7.dynamic.dsl.as9105.com[79.76.219.7] ehlo=2 starttls=1 auth=1 mail=1 rcpt=1 data=1 quit=1 commands=8
  36.  
  37. # --------------------
  38. # INSTALL-TIME CONFIGURATION INFORMATION
  39. #
  40. # location of the Postfix queue. Default is /var/spool/postfix.
  41. queue_directory = /var/spool/postfix
  42.  
  43. # location of all postXXX commands. Default is /usr/sbin.
  44. command_directory = /usr/sbin
  45.  
  46. # location of all Postfix daemon programs (i.e. programs listed in the
  47. # master.cf file). This directory must be owned by root.
  48. # Default is /usr/libexec/postfix
  49. daemon_directory = /usr/lib/postfix/sbin
  50.  
  51. # location of Postfix-writable data files (caches, random numbers).
  52. # This directory must be owned by the mail_owner account (see below).
  53. # Default is /var/lib/postfix.
  54. data_directory = /var/lib/postfix
  55.  
  56. # owner of the Postfix queue and of most Postfix daemon processes.
  57. # Specify the name of a user account THAT DOES NOT SHARE ITS USER OR GROUP ID
  58. # WITH OTHER ACCOUNTS AND THAT OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM.
  59. # In particular, don't specify nobody or daemon. PLEASE USE A DEDICATED USER.
  60. # Default is postfix.
  61. mail_owner = postfix
  62.  
  63. # The following parameters are used when installing a new Postfix version.
  64. #
  65. # sendmail_path: The full pathname of the Postfix sendmail command.
  66. # This is the Sendmail-compatible mail posting interface.
  67. #
  68. sendmail_path = /usr/sbin/sendmail
  69.  
  70. # newaliases_path: The full pathname of the Postfix newaliases command.
  71. # This is the Sendmail-compatible command to build alias databases.
  72. #
  73. newaliases_path = /usr/bin/newaliases
  74.  
  75. # full pathname of the Postfix mailq command. This is the Sendmail-compatible
  76. # mail queue listing command.
  77. mailq_path = /usr/bin/mailq
  78.  
  79. # group for mail submission and queue management commands.
  80. # This must be a group name with a numerical group ID that is not shared with
  81. # other accounts, not even with the Postfix account.
  82. setgid_group = postdrop
  83.  
  84. # external command that is executed when a Postfix daemon program is run with
  85. # the -D option.
  86. #
  87. # Use "command .. & sleep 5" so that the debugger can attach before
  88. # the process marches on. If you use an X-based debugger, be sure to
  89. # set up your XAUTHORITY environment variable before starting Postfix.
  90. #
  91. debugger_command =
  92. PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
  93. ddd $daemon_directory/$process_name $process_id & sleep 5
  94.  
  95. debug_peer_level = 10
  96.  
  97. # --------------------
  98. # CUSTOM SETTINGS
  99. #
  100.  
  101. # SMTP server response code when recipient or domain not found.
  102. unknown_local_recipient_reject_code = 550
  103.  
  104. # Do not notify local user.
  105. biff = no
  106.  
  107. # Disable the rewriting of "site!user" into "user@site".
  108. swap_bangpath = no
  109.  
  110. # Disable the rewriting of the form "user%domain" to "user@domain".
  111. allow_percent_hack = no
  112.  
  113. # Allow recipient address start with '-'.
  114. allow_min_user = no
  115.  
  116. # Disable the SMTP VRFY command. This stops some techniques used to
  117. # harvest email addresses.
  118. disable_vrfy_command = yes
  119.  
  120. # Enable both IPv4 and/or IPv6: ipv4, ipv6, all.
  121. inet_protocols = all
  122.  
  123. # Enable all network interfaces.
  124. inet_interfaces = all
  125.  
  126. #
  127. # TLS settings.
  128. #
  129. # SSL key, certificate, CA
  130. #
  131. smtpd_tls_key_file = /etc/ssl/lec/mydomain.com/mydomain.com.key
  132. smtpd_tls_cert_file = /etc/ssl/lec/mydomain.com/mydomain.com.cer
  133. smtpd_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
  134.  
  135. #
  136. # Disable SSLv2, SSLv3
  137. #
  138. smtpd_tls_protocols = !SSLv2 !SSLv3
  139. smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3
  140. smtp_tls_protocols = !SSLv2 !SSLv3
  141. smtp_tls_mandatory_protocols = !SSLv2 !SSLv3
  142. lmtp_tls_protocols = !SSLv2 !SSLv3
  143. lmtp_tls_mandatory_protocols = !SSLv2 !SSLv3
  144.  
  145. #
  146. # Fix 'The Logjam Attack'.
  147. #
  148. smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA
  149. smtpd_tls_dh512_param_file = /etc/ssl/dh512_param.pem
  150. smtpd_tls_dh1024_param_file = /etc/ssl/dh2048_param.pem
  151.  
  152. tls_random_source = dev:/dev/urandom
  153.  
  154. # Log only a summary message on TLS handshake completion — no logging of client
  155. # certificate trust-chain verification errors if client certificate
  156. # verification is not required. With Postfix 2.8 and earlier, log the summary
  157. # message, peer certificate summary information and unconditionally log
  158. # trust-chain verification errors.
  159. smtp_tls_loglevel = 2
  160. smtpd_tls_loglevel = 2
  161.  
  162. # Opportunistic TLS: announce STARTTLS support to remote SMTP clients, but do
  163. # not require that clients use TLS encryption.
  164. smtpd_tls_security_level = may
  165.  
  166. # Produce `Received:` message headers that include information about the
  167. # protocol and cipher used, as well as the remote SMTP client CommonName and
  168. # client certificate issuer CommonName.
  169. # This is disabled by default, as the information may be modified in transit
  170. # through other mail servers. Only information that was recorded by the final
  171. # destination can be trusted.
  172. #smtpd_tls_received_header = yes
  173.  
  174. # Opportunistic TLS, used when Postfix sends email to remote SMTP server.
  175. # Use TLS if this is supported by the remote SMTP server, otherwise use
  176. # plaintext.
  177. # References:
  178. # - http://www.postfix.org/TLS_README.html#client_tls_may
  179. # - http://www.postfix.org/postconf.5.html#smtp_tls_security_level
  180.  
  181. # Use the same CA file as smtpd.
  182. smtp_tls_CAfile = $smtpd_tls_CAfile
  183. smtp_tls_note_starttls_offer = yes
  184.  
  185. # Enable long, non-repeating, queue IDs (queue file names).
  186. # The benefit of non-repeating names is simpler logfile analysis and easier
  187. # queue migration (there is no need to run "postsuper" to change queue file
  188. # names that don't match their message file inode number).
  189. #enable_long_queue_ids = yes
  190.  
  191. # Reject unlisted sender and recipient
  192. smtpd_reject_unlisted_recipient = yes
  193. smtpd_reject_unlisted_sender = yes
  194.  
  195. # Header and body checks with PCRE table
  196. header_checks = pcre:/etc/postfix/header_checks
  197. body_checks = pcre:/etc/postfix/body_checks.pcre
  198.  
  199. # A mechanism to transform commands from remote SMTP clients.
  200. # This is a last-resort tool to work around client commands that break
  201. # interoperability with the Postfix SMTP server. Other uses involve fault
  202. # injection to test Postfix's handling of invalid commands.
  203. # Requires Postfix-2.7+.
  204. #smtpd_command_filter = pcre:/etc/postfix/command_filter.pcre
  205.  
  206. # HELO restriction
  207. smtpd_helo_required = yes
  208. smtpd_helo_restrictions =
  209. permit_mynetworks
  210. permit_sasl_authenticated
  211. reject_non_fqdn_helo_hostname
  212. reject_unknown_helo_hostname
  213. check_helo_access pcre:/etc/postfix/helo_access.pcre
  214.  
  215. # Sender restrictions
  216. smtpd_sender_restrictions =
  217. reject_unknown_sender_domain
  218. reject_non_fqdn_sender
  219. reject_unlisted_sender
  220. permit_mynetworks
  221. permit_sasl_authenticated
  222. check_sender_access pcre:/etc/postfix/sender_access.pcre
  223.  
  224. # Recipient restrictions
  225. smtpd_recipient_restrictions =
  226. reject_unknown_recipient_domain
  227. reject_non_fqdn_recipient
  228. reject_unlisted_recipient
  229. check_policy_service inet:127.0.0.1:7777
  230. permit_mynetworks
  231. permit_sasl_authenticated
  232. reject_unauth_destination
  233.  
  234. # END-OF-MESSAGE restrictions
  235. smtpd_end_of_data_restrictions =
  236. check_policy_service inet:127.0.0.1:7777
  237.  
  238. # Data restrictions
  239. smtpd_data_restrictions = reject_unauth_pipelining
  240.  
  241. proxy_read_maps = $canonical_maps $lmtp_generic_maps $local_recipient_maps $mydestination $mynetworks $recipient_bcc_maps $recipient_canonical_maps $relay_domains $relay_recipient_maps $relocated_maps $sender_bcc_maps $sender_canonical_maps $smtp_generic_maps $smtpd_sender_login_maps $transport_maps $virtual_alias_domains $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps $smtpd_sender_restrictions $sender_dependent_relayhost_maps
  242.  
  243. # Avoid duplicate recipient messages. Default is 'yes'.
  244. enable_original_recipient = no
  245.  
  246. # Virtual support.
  247. virtual_minimum_uid = 2000
  248. virtual_uid_maps = static:2000
  249. virtual_gid_maps = static:2000
  250. virtual_mailbox_base = /var/vmail
  251.  
  252. # Do not set virtual_alias_domains.
  253. virtual_alias_domains =
  254.  
  255. #
  256. # Enable SASL authentication on port 25 and force TLS-encrypted SASL authentication.
  257. # WARNING: NOT RECOMMENDED to enable smtp auth on port 25, all end users should
  258. # be forced to submit email through port 587 instead.
  259. #
  260. #smtpd_sasl_auth_enable = yes
  261. #smtpd_sasl_security_options = noanonymous
  262. #smtpd_tls_auth_only = yes
  263.  
  264. # hostname
  265. myhostname = mail.mydomain.com
  266. myorigin = mail.mydomain.com
  267. mydomain = mail.mydomain.com
  268.  
  269. # trusted SMTP clients which are allowed to relay mail through Postfix.
  270. #
  271. # Note: additional IP addresses/networks listed in mynetworks should be listed
  272. # in iRedAPD setting 'MYNETWORKS' (in `/opt/iredapd/settings.py`) too.
  273. # for example:
  274. #
  275. # MYNETWORKS = ['xx.xx.xx.xx', 'xx.xx.xx.0/24', ...]
  276. #
  277. mynetworks = 127.0.0.1
  278.  
  279. # Accepted local emails
  280. mydestination = $myhostname, localhost, localhost.localdomain
  281.  
  282. alias_maps = hash:/etc/postfix/aliases
  283. alias_database = hash:/etc/postfix/aliases
  284.  
  285. # Default message_size_limit.
  286. message_size_limit = 15728640
  287.  
  288. # The set of characters that can separate a user name from its extension
  289. # (example: user+foo), or a .forward file name from its extension (example:
  290. # .forward+foo).
  291. # Postfix 2.11 and later supports multiple characters.
  292. recipient_delimiter = +
  293.  
  294. # The time after which the sender receives a copy of the message headers of
  295. # mail that is still queued. Default setting is disabled (0h) by Postfix.
  296. #delay_warning_time = 1h
  297. compatibility_level = 2
  298. #
  299. # Lookup virtual mail accounts
  300. #
  301. transport_maps =
  302. proxy:mysql:/etc/postfix/mysql/transport_maps_user.cf
  303. proxy:mysql:/etc/postfix/mysql/transport_maps_domain.cf
  304.  
  305. sender_dependent_relayhost_maps =
  306. proxy:mysql:/etc/postfix/mysql/sender_dependent_relayhost_maps.cf
  307.  
  308. # Lookup table with the SASL login names that own the sender (MAIL FROM) addresses.
  309. smtpd_sender_login_maps =
  310. proxy:mysql:/etc/postfix/mysql/sender_login_maps.cf
  311.  
  312. virtual_mailbox_domains =
  313. proxy:mysql:/etc/postfix/mysql/virtual_mailbox_domains.cf
  314.  
  315. relay_domains =
  316. $mydestination
  317. proxy:mysql:/etc/postfix/mysql/relay_domains.cf
  318.  
  319. virtual_mailbox_maps =
  320. proxy:mysql:/etc/postfix/mysql/virtual_mailbox_maps.cf
  321.  
  322. virtual_alias_maps =
  323. proxy:mysql:/etc/postfix/mysql/virtual_alias_maps.cf
  324. proxy:mysql:/etc/postfix/mysql/domain_alias_maps.cf
  325. proxy:mysql:/etc/postfix/mysql/catchall_maps.cf
  326. proxy:mysql:/etc/postfix/mysql/domain_alias_catchall_maps.cf
  327.  
  328. sender_bcc_maps =
  329. proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_user.cf
  330. proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_domain.cf
  331.  
  332. recipient_bcc_maps =
  333. proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_user.cf
  334. proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_domain.cf
  335.  
  336. #
  337. # Postscreen
  338. #
  339. postscreen_greet_action = enforce
  340. postscreen_blacklist_action = enforce
  341. postscreen_dnsbl_action = enforce
  342. postscreen_dnsbl_threshold = 2
  343. postscreen_dnsbl_sites =
  344. zen.spamhaus.org=127.0.0.[2..11]*3
  345. b.barracudacentral.org=127.0.0.[2..11]*2
  346.  
  347. postscreen_dnsbl_reply_map = texthash:/etc/postfix/postscreen_dnsbl_reply
  348. postscreen_access_list = permit_mynetworks cidr:/etc/postfix/postscreen_access.cidr
  349.  
  350. # Require Postfix-2.11+
  351. postscreen_dnsbl_whitelist_threshold = -2
  352. #
  353. # Dovecot SASL support.
  354. #
  355. smtpd_sasl_type = dovecot
  356. smtpd_sasl_path = private/dovecot-auth
  357. virtual_transport = dovecot
  358. dovecot_destination_recipient_limit = 1
  359.  
  360. #
  361. # Amavisd + SpamAssassin + ClamAV
  362. #
  363. #content_filter = smtp-amavis:[127.0.0.1]:10024
  364.  
  365. # Concurrency per recipient limit.
  366. #smtp-amavis_destination_recipient_limit = 1
  367.  
  368. relayhost = [email-smtp.eu-west-1.amazonaws.com]:25
  369. smtp_sasl_auth_enable = yes
  370. smtpd_sasl_auth_enable = yes
  371. smtp_sasl_security_options = noanonymous
  372. smtp_sasl_tls_security_options = noanonymous
  373. smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
  374. smtp_use_tls = yes
  375. smtp_tls_note_starttls_offer = yes
  376. smtp_sasl_mechanism_filter = login, plain
  377.  
  378. [email.eu-west-1.amazonaws.com]:25 USER:PASSWORD
  379. ses-smtp-eu-west-1-prod-345515633.eu-west-1.elb.amazonaws.com:25 USER:PASSWORD
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!