275964Re: Configuring TLS with sender login maps
- Apr 2 12:00 PMHi,
>> I have a fedora14 box that I'm trying to configure for use withOops. I'm still learning this, and think I got confused writing this
>> postfix with dovecot and TLS, permitting only TLS connections after
>> authenticating with sasl.
> What do you mean, *after* ?
so late last night.
>> Apr 2 01:03:55 fc14 postfix/smtpd: NOQUEUE: reject: RCPT fromI'm using the K9 client for Android. Using this method with TLS and
>> unknown[184.XXX.XX.223]: 553 5.7.1<myuser@...>: Sender
>> address rejected: not owned by user alex; from=<myuser@...>
>> to=<remoteluser@...> proto=ESMTP
> You're not authenticated.
>> smtpd_sender_login_maps = hash:/etc/postfix/controlled_envelope_senders
>> smtpd_sender_restrictions = reject_sender_login_mismatch
> This rejects mail from SASL'ed clients who are not in the map AND
> non-SASL'ed clients who ARE in the map.
> The above log line matches the latter condition, hence why it says that.
>> smtpd_tls_auth_only = yes
> SASL is not offered before a secure connection is established.
>> smtpd_tls_security_level = encrypt
> However, TLS is mandatory.
>> Are there any other options I should be concerned about with regards
>> to security, and ensuring I don't become a relay or risk of
>> unauthorized access?
> Fix your client to properly use TLS AND THEN SASL.
SASL I need port 25 open for SMTP and TLS, and 587 for submission and
- << Previous post in topic Next post in topic >>