275959Re: Configuring TLS with sender login maps
- Apr 2 2:59 AMOn 04/02/2011 07:17 AM, Alex wrote:
> Hi,What do you mean, *after* ?
> I have a fedora14 box that I'm trying to configure for use with
> postfix with dovecot and TLS, permitting only TLS connections after
> authenticating with sasl.
> It appears to mostly be working now, butYou're not authenticated.
> mail is rejected due to "not owned by user" errors.
> Apr 2 01:03:54 fc14 postfix/smtpd: Anonymous TLS connection
> established from unknown[184.XXX.XX.223]: TLSv1 with cipher
> DHE-RSA-AES256-SHA (256/256 bits)
> Apr 2 01:03:55 fc14 postfix/smtpd: NOQUEUE: reject: RCPT from
> unknown[184.XXX.XX.223]: 553 5.7.1<myuser@...>: Sender
> address rejected: not owned by user alex; from=<myuser@...>
> to=<remoteluser@...> proto=ESMTP
> smtpd_sender_login_maps = hash:/etc/postfix/controlled_envelope_sendersThis rejects mail from SASL'ed clients who are not in the map AND
> smtpd_sender_restrictions = reject_sender_login_mismatch
non-SASL'ed clients who ARE in the map.
The above log line matches the latter condition, hence why it says that.
> smtpd_tls_auth_only = yesSASL is not offered before a secure connection is established.
> smtpd_tls_security_level = encryptHowever, TLS is mandatory.
> Are there any other options I should be concerned about with regardsFix your client to properly use TLS AND THEN SASL.
> to security, and ensuring I don't become a relay or risk of
> unauthorized access?
- << Previous post in topic Next post in topic >>