diff --git a/en_US/howto/1-enable.insecure.smtp.md b/en_US/howto/1-enable.smtp.auth.on.port.25.md similarity index 85% rename from en_US/howto/1-enable.insecure.smtp.md rename to en_US/howto/1-enable.smtp.auth.on.port.25.md index 5c685c74..3c033b33 100644 --- a/en_US/howto/1-enable.insecure.smtp.md +++ b/en_US/howto/1-enable.smtp.auth.on.port.25.md @@ -1,4 +1,4 @@ -# Enable insecure SMTP service on port 25 +# Enable SMTP SASL AUTH on port 25 Since iRedMail-0.9.5, SMTP auth on port 25 is disabled by default, all end users are forced to send email through port 587 (SMTP over TLS). If you need @@ -38,4 +38,10 @@ smtpd_tls_security_level = may * Restart or reload Postfix service. +!!! warning + + With `smtpd_tls_auth_only = yes`, it requires clients to enable STARTTLS + for secure connection, if you don't want this for some reason, please + comment it out. + That's all. diff --git a/en_US/upgrade/0-upgrade.iredmail.0.9.4-0.9.5.md b/en_US/upgrade/0-upgrade.iredmail.0.9.4-0.9.5.md index aab5d2e6..41e3e8f3 100644 --- a/en_US/upgrade/0-upgrade.iredmail.0.9.4-0.9.5.md +++ b/en_US/upgrade/0-upgrade.iredmail.0.9.4-0.9.5.md @@ -332,55 +332,9 @@ Open Amavisd config file `amavisd.conf`, add below lines in BEFORE the last line * on OpenBSD: it's `/etc/amavisd.conf`. ``` -# Custom short log template (at log_level 0), add SpamAssassin testing result (Tests: [xxx]) -# -# Note: You can find the original log template at the bottom of -# /usr/sbin/amavisd-new. -$log_templ = ' -[?%#D|#|Passed # -[? [:ccat|major] |# -OTHER|CLEAN|MTA-BLOCKED|OVERSIZED|BAD-HEADER-[:ccat|minor]|SPAMMY|SPAM|\ -UNCHECKED[?[:ccat|minor]||-ENCRYPTED|]|BANNED (%F)|INFECTED (%V)]# - {[:actions_performed]}# -,[?%p|| %p][?%a||[?%l|| LOCAL] [:client_addr_port]][?%e|| \[%e\]] [:mail_addr_decode_octets|%s] -> [%D|[:mail_addr_decode_octets|%D]|,]# -[? %q ||, quarantine: %q]# -[? %Q ||, Queue-ID: %Q]# -[? %m ||, Message-ID: [:mail_addr_decode_octets|%m]]# -[? %r ||, Resent-Message-ID: [:mail_addr_decode_octets|%r]]# -[? %i ||, mail_id: %i]# -, Hits: [:SCORE]# -, size: %z# -[? [:partition_tag] ||, pt: [:partition_tag]]# -[~[:remote_mta_smtp_response]|["^$"]||[", queued_as: "]]\ -[remote_mta_smtp_response|[~%x|["queued as ([0-9A-Za-z]+)$"]|["%1"]|["%0"]]|/]# -#, Subject: [:dquote|[:mime2utf8|[:header_field_octets|Subject]|100|1]]# -#, From: [:uquote|[:mail_addr_decode_octets|[:rfc2822_from]]]# -[? [:dkim|sig_sd] ||, dkim_sd=[:dkim|sig_sd]]# -[? [:dkim|newsig_sd] ||, dkim_new=[:dkim|newsig_sd]]# -, %y ms# -[? %#T ||, Tests: \[[%T|,]\]]# -] -[?%#O|#|Blocked # -[? [:ccat|major|blocking] |# -OTHER|CLEAN|MTA-BLOCKED|OVERSIZED|BAD-HEADER-[:ccat|minor]|SPAMMY|SPAM|\ -UNCHECKED[?[:ccat|minor]||-ENCRYPTED|]|BANNED (%F)|INFECTED (%V)]# - {[:actions_performed]}# -,[?%p|| %p][?%a||[?%l|| LOCAL] [:client_addr_port]][?%e|| \[%e\]] [:mail_addr_decode_octets|%s] -> [%O|[:mail_addr_decode_octets|%O]|,]# -[? %q ||, quarantine: %q]# -[? %Q ||, Queue-ID: %Q]# -[? %m ||, Message-ID: [:mail_addr_decode_octets|%m]]# -[? %r ||, Resent-Message-ID: [:mail_addr_decode_octets|%r]]# -[? %i ||, mail_id: %i]# -, Hits: [:SCORE]# -, size: %z# -[? [:partition_tag] ||, pt: [:partition_tag]]# -#, Subject: [:dquote|[:mime2utf8|[:header_field_octets|Subject]|100|1]]# -#, From: [:uquote|[:mail_addr_decode_octets|[:rfc2822_from]]]# -[? [:dkim|sig_sd] ||, dkim_sd=[:dkim|sig_sd]]# -[? [:dkim|newsig_sd] ||, dkim_new=[:dkim|newsig_sd]]# -, %y ms# -[? %#T ||, Tests: \[[%T|,]\]]# -]'; +# Always log verbose info of processed mail, including subject, SpamAssassin +# testing results, etc, useful for troubleshooting.. +$log_templ = $log_verbose_templ; ``` Restarting Amavisd service is required. diff --git a/html/enable.insecure.smtp-it_IT.html b/html/enable.insecure.smtp-it_IT.html index aa9b4d4f..518bfc58 100644 --- a/html/enable.insecure.smtp-it_IT.html +++ b/html/enable.insecure.smtp-it_IT.html @@ -15,11 +15,7 @@ />  iRedMail -   //  Document Index
-

This tutorial is available in other languages

-

English /

-
-

Abilitare servizio non protetto SMTP su porta 25

+   //  Document Index

Abilitare servizio non protetto SMTP su porta 25

Sin dalla versione 0.9.5 di iRedMail, l'autenticazione su porta 25 è disabilitata per default, tutti gli utenti sono costretti a mandare email attraverso la posta 587 (SMTP over TLS). Se avete la necessità di abilitare l'autenticazione insicura sulla porta 25, per qualsivoglia motivo, seguite i passi sotto elencati per abilitarla.

Nota

diff --git a/html/enable.insecure.smtp.html b/html/enable.insecure.smtp.html index 56b6c418..f244d1fe 100644 --- a/html/enable.insecure.smtp.html +++ b/html/enable.insecure.smtp.html @@ -2,7 +2,7 @@ - Enable insecure SMTP service on port 25 + Enable SMTP SASL AUTH on port 25 @@ -19,7 +19,7 @@

This tutorial is available in other languages

Italiano /

-

Enable insecure SMTP service on port 25

+

Enable SMTP SASL AUTH on port 25

Since iRedMail-0.9.5, SMTP auth on port 25 is disabled by default, all end users are forced to send email through port 587 (SMTP over TLS). If you need to allow insecure SMTP auth on port 25 for some reason, please follow steps @@ -58,6 +58,12 @@ smtpd_tls_security_level = may

+
+

Warning

+

With smtpd_tls_auth_only = yes, it requires clients to enable STARTTLS +for secure connection, if you don't want this for some reason, please +comment it out.

+

That's all.

All documents are available in BitBucket repository, and published under Creative Commons license. You can download the latest version for offline reading. If you found something wrong, please do contact us to fix it.

diff --git a/html/enable.smtp.auth.on.port.25-it_IT.html b/html/enable.smtp.auth.on.port.25-it_IT.html new file mode 100644 index 00000000..11e7cd40 --- /dev/null +++ b/html/enable.smtp.auth.on.port.25-it_IT.html @@ -0,0 +1,66 @@ + + + + + Abilitare servizio non protetto SMTP su porta 25 + + + + +
+

This tutorial is available in other languages

+

English /

+
+

Abilitare servizio non protetto SMTP su porta 25

+

Sin dalla versione 0.9.5 di iRedMail, l'autenticazione su porta 25 è disabilitata per default, tutti gli utenti sono costretti a mandare email attraverso la posta 587 (SMTP over TLS). Se avete la necessità di abilitare l'autenticazione insicura sulla porta 25, per qualsivoglia motivo, seguite i passi sotto elencati per abilitarla.

+
+

Nota

+
+

Se avete la necessita di far usare solo ad un piccolo numero di utenti la porta 25m per esempio una stampante di rete o vecchi apparati di rete che non sopportano connessioni sicure, potete invece provare questo altro tutorial: Abilitare apparati interni di rete a mandare mail su connessione insicura

+ +
#
+# Enable SASL authentication on port 25 and force TLS-encrypted SASL authentication.
+# WARNING: NOT RECOMMENDED to enable smtp auth on port 25, all end users should
+#          be forced to submit email through port 587 instead.
+#
+#smtpd_sasl_auth_enable = yes
+#smtpd_tls_auth_only = yes
+#smtpd_sasl_security_options = noanonymous
+#smtpd_tls_security_level = may
+
+ + +
smtpd_sasl_auth_enable = yes
+smtpd_tls_auth_only = yes
+smtpd_sasl_security_options = noanonymous
+smtpd_tls_security_level = may
+
+ + +

Questo è tutto.

+

All documents are available in BitBucket repository, and published under Creative Commons license. You can download the latest version for offline reading. If you found something wrong, please do contact us to fix it.

+
+ + \ No newline at end of file diff --git a/html/enable.smtp.auth.on.port.25.html b/html/enable.smtp.auth.on.port.25.html new file mode 100644 index 00000000..780b08f2 --- /dev/null +++ b/html/enable.smtp.auth.on.port.25.html @@ -0,0 +1,79 @@ + + + + + Enable SMTP SASL AUTH on port 25 + + + + +
+

This tutorial is available in other languages

+

Italiano /

+
+

Enable SMTP SASL AUTH on port 25

+

Since iRedMail-0.9.5, SMTP auth on port 25 is disabled by default, all end +users are forced to send email through port 587 (SMTP over TLS). If you need +to allow insecure SMTP auth on port 25 for some reason, please follow steps +below to enable it.

+
+

Note

+

If you have just few clients need to send email through port 25, e.g. +network printer, old network devices which don't support secure +connection, you may try another tutorial instead: +Allow internal network devices to send email with insecure connection

+
+ +
#
+# Enable SASL authentication on port 25 and force TLS-encrypted SASL authentication.
+# WARNING: NOT RECOMMENDED to enable smtp auth on port 25, all end users should
+#          be forced to submit email through port 587 instead.
+#
+#smtpd_sasl_auth_enable = yes
+#smtpd_tls_auth_only = yes
+#smtpd_sasl_security_options = noanonymous
+#smtpd_tls_security_level = may
+
+ + +
smtpd_sasl_auth_enable = yes
+smtpd_tls_auth_only = yes
+smtpd_sasl_security_options = noanonymous
+smtpd_tls_security_level = may
+
+ + +
+

Warning

+

With smtpd_tls_auth_only = yes, it requires clients to enable STARTTLS +for secure connection, if you don't want this for some reason, please +comment it out.

+
+

That's all.

+

All documents are available in BitBucket repository, and published under Creative Commons license. You can download the latest version for offline reading. If you found something wrong, please do contact us to fix it.

+
+ + \ No newline at end of file diff --git a/html/index.html b/html/index.html index e7654a53..15d65406 100644 --- a/html/index.html +++ b/html/index.html @@ -85,7 +85,7 @@
  • Allow certain users to send email as another user
  • Change mail attachment size
  • Completely disable Amavisd + ClamAV + SpamAssassin
    • -
  • Enable insecure SMTP service on port 25
    • +
  • Enable SMTP SASL AUTH on port 25
  • Enable SMTPS service (SMTP over SSL, port 465)
  • Disable spam virus scanning for outgoing mails
  • Amavisd + SpamAssassin not working? no mail header (X-Spam-*) inserted
    • diff --git a/html/upgrade.iredmail.0.9.4-0.9.5.html b/html/upgrade.iredmail.0.9.4-0.9.5.html index dae9ed54..dd2f9ff1 100644 --- a/html/upgrade.iredmail.0.9.4-0.9.5.html +++ b/html/upgrade.iredmail.0.9.4-0.9.5.html @@ -376,55 +376,9 @@ log_level 0.

  • on FreeBSD: it's /usr/local/etc/amavisd.conf.
  • on OpenBSD: it's /etc/amavisd.conf.
    • -
    # Custom short log template (at log_level 0), add SpamAssassin testing result (Tests: [xxx])
-#
-# Note: You can find the original log template at the bottom of
-#       /usr/sbin/amavisd-new.
-$log_templ = '
-[?%#D|#|Passed #
-[? [:ccat|major] |#
-OTHER|CLEAN|MTA-BLOCKED|OVERSIZED|BAD-HEADER-[:ccat|minor]|SPAMMY|SPAM|\
-UNCHECKED[?[:ccat|minor]||-ENCRYPTED|]|BANNED (%F)|INFECTED (%V)]#
- {[:actions_performed]}#
-,[?%p|| %p][?%a||[?%l|| LOCAL] [:client_addr_port]][?%e|| \[%e\]] [:mail_addr_decode_octets|%s] -> [%D|[:mail_addr_decode_octets|%D]|,]#
-[? %q ||, quarantine: %q]#
-[? %Q ||, Queue-ID: %Q]#
-[? %m ||, Message-ID: [:mail_addr_decode_octets|%m]]#
-[? %r ||, Resent-Message-ID: [:mail_addr_decode_octets|%r]]#
-[? %i ||, mail_id: %i]#
-, Hits: [:SCORE]#
-, size: %z#
-[? [:partition_tag] ||, pt: [:partition_tag]]#
-[~[:remote_mta_smtp_response]|["^$"]||[", queued_as: "]]\
-[remote_mta_smtp_response|[~%x|["queued as ([0-9A-Za-z]+)$"]|["%1"]|["%0"]]|/]#
-#, Subject: [:dquote|[:mime2utf8|[:header_field_octets|Subject]|100|1]]#
-#, From: [:uquote|[:mail_addr_decode_octets|[:rfc2822_from]]]#
-[? [:dkim|sig_sd]    ||, dkim_sd=[:dkim|sig_sd]]#
-[? [:dkim|newsig_sd] ||, dkim_new=[:dkim|newsig_sd]]#
-, %y ms#
-[? %#T ||, Tests: \[[%T|,]\]]#
-]
-[?%#O|#|Blocked #
-[? [:ccat|major|blocking] |#
-OTHER|CLEAN|MTA-BLOCKED|OVERSIZED|BAD-HEADER-[:ccat|minor]|SPAMMY|SPAM|\
-UNCHECKED[?[:ccat|minor]||-ENCRYPTED|]|BANNED (%F)|INFECTED (%V)]#
- {[:actions_performed]}#
-,[?%p|| %p][?%a||[?%l|| LOCAL] [:client_addr_port]][?%e|| \[%e\]] [:mail_addr_decode_octets|%s] -> [%O|[:mail_addr_decode_octets|%O]|,]#
-[? %q ||, quarantine: %q]#
-[? %Q ||, Queue-ID: %Q]#
-[? %m ||, Message-ID: [:mail_addr_decode_octets|%m]]#
-[? %r ||, Resent-Message-ID: [:mail_addr_decode_octets|%r]]#
-[? %i ||, mail_id: %i]#
-, Hits: [:SCORE]#
-, size: %z#
-[? [:partition_tag] ||, pt: [:partition_tag]]#
-#, Subject: [:dquote|[:mime2utf8|[:header_field_octets|Subject]|100|1]]#
-#, From: [:uquote|[:mail_addr_decode_octets|[:rfc2822_from]]]#
-[? [:dkim|sig_sd]    ||, dkim_sd=[:dkim|sig_sd]]#
-[? [:dkim|newsig_sd] ||, dkim_new=[:dkim|newsig_sd]]#
-, %y ms#
-[? %#T ||, Tests: \[[%T|,]\]]#
-]';
+
    # Always log verbose info of processed mail, including subject, SpamAssassin
+# testing results, etc, useful for troubleshooting..
+$log_templ = $log_verbose_templ;
 
    
 
 
    Restarting Amavisd service is required.
    
diff --git a/it_IT/howto/1-enable.insecure.smtp.md b/it_IT/howto/1-enable.smtp.auth.on.port.25.md
similarity index 100%
rename from it_IT/howto/1-enable.insecure.smtp.md
rename to it_IT/howto/1-enable.smtp.auth.on.port.25.md