On Sat, Aug 24, 2013 at 10:01:08AM -0400, David Hulsebus wrote: ... This means any command after EHLO and before STARTTLS will be rejected. TLS encryption is
Message 1 of 6
, Aug 24
On Sat, Aug 24, 2013 at 10:01:08AM -0400, David Hulsebus wrote:
> > Probably better is to only offer AUTH on submission port 587
> > with required encryption, and not offer AUTH at all on port 25.
> That is exactly what I want to do. If I uncomment this in the
> master.cf does it force TLS encryption on port 587 before
> authentication? If not, how would I do that?
> submission inet n - - - - smtpd
> -o smtpd_tls_security_level=encrypt
This means any command after EHLO and before STARTTLS will be
rejected. TLS encryption is mandatory. See smtpd_tls_auth_only as
well; that would mean that AUTH is not even offered in the initial
unencrypted EHLO response. The client must STARTTLS first.
If you're not allowing relay on port 25, you would remove permit_*
restrictions from smtpd_recipient_restrictions in main.cf and change
this from client to recipient.
> -o milter_macro_daemon_name=ORIGINATING
A non-standard smtpd instance should also have syslog_name set, to
distinguish it in logs from other smtpd instances.
> Further, how do I not allow AUTH on port 25. I can't glean it
> from the docs.
By default AUTH is not offered. You enabled that with this in
smtpd_sasl_auth_enable = yes
If you remove that, you do not offer AUTH. You already have the
override set for submission.
-- http://rob0.nodns4.us/ -- system administration and consulting
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
Your message has been successfully submitted and would be delivered to recipients shortly.
Changes have not been saved
Press OK to abandon changes or Cancel to continue editing
Your browser is not supported
Kindly note that Groups does not support 7.0 or earlier versions of Internet Explorer.
We recommend upgrading to the latest Internet Explorer, Google Chrome, or Firefox. If you are using IE 9 or later, make sure you turn off Compatibility View.