Loading ...
Sorry, an error occurred while loading the content.

246557Re: permit_sasl_authenticated ONLY from one interface

Expand Messages
  • Noel Jones
    Dec 1, 2008
      mouss wrote:
      > Simone Felici a écrit :
      >> mouss ha scritto:
      >>> Simone Felici a écrit :
      >>>> Why? Uhm, dunno...
      >>>> It seems certain mailclients has Autenticated smtp enabled as default
      >>>> and if the client found the smtp server support it, then it try to send
      >>>> in auth. This return an error, due inappropriate settings of the client.
      >>> if you know their IPs, you can use
      >>> smtpd_discard_ehlo_keyword_address_maps
      >>>
      >>
      >> Mouss,
      >> this could be a solution... but haven't find any example or documation
      >> to try it.
      >> Could you pount me at any example?
      >
      > make sure to read:
      >
      > http://www.postfix.org/postconf.5.html#smtpd_discard_ehlo_keyword_address_maps
      >
      >
      >
      > smtpd_discard_ehlo_keyword_address_maps
      > hash:/etc/postfix/discard_ehlo
      >
      > == discard_ehlo
      > 10.1.2.3 starttls, auth, silent-discard
      >
      > (silent-discard prevents postfix from logging this "keyword discard"
      > action).
      >
      >


      (discarding starttls may be too much, but OP can decide for
      himself)


      I think this is even easier:
      http://www.postfix.org/postconf.5.html#smtpd_sasl_exceptions_networks

      The simplest form of this is:
      # main.cf
      smtpd_sasl_exceptions_networks = $mynetworks


      >> The initial problem was:
      >> I've an SMTP server for customers, with standard smtp open only from a
      >> range of IPs.
      >> Could I provide normal smtp service for customers of a range of known IP
      >> (like now) and open my server to all the world for smtp service but ONLY
      >> if autenthicated smtp i sused?
      >>
      >> Is the MUA with an IP of my customers?
      >> YES: It can send without any authentication.
      >> NO: It can send ONLY it a user/pass is provided.
      >>
      >

      The behavior you describe is the standard settings:

      smtpd_recipient_restrictions =
      permit_mynetworks
      permit_sasl_authenticated
      reject_unauth_destination
      ... other restrictions ...

      You only need to make special arrangements such as mouss and I
      describe when you don't want to ever offer AUTH to local
      clients. Offering AUTH to everyone does not present a problem
      to the vast majority of clients.

      --
      Noel Jones
    • Show all 11 messages in this topic