Loading ...
Sorry, an error occurred while loading the content.

295004Re: Disabling user submission on port 25

Expand Messages
  • John Allen
    Aug 26, 2013
    • 0 Attachment
      On 26/08/2013 9:00 PM, Noel Jones wrote:
      > On 8/26/2013 7:49 PM, LuKreme wrote:
      >> OK, now that port 587 is working, I would like to disable user submission via port 25. Not right now, but in a bit once people have a chance to change their settings.
      >>
      >> What do I do to prevent users sending via port25?
      >>
      >
      >
      > Super easy...
      >
      > # main.cf
      > smtpd_sasl_auth_enable = no
      >
      > Your master.cf submission entry probably already includes
      > -o smtpd_sasl_auth_enable=yes
      >
      > If not, go ahead and add it to submission now so things don't break
      > unexpectedly later.
      >
      > This won't prevent users from sending local mail to port 25, but
      > they won't be able to authenticate and won't be able to relay. This
      > usually isn't considered a problem, and changing it often causes
      > other issues.
      >
      >
      > -- Noel Jones
      >
      I based it something that Noel Jones wrote way back in 2008.

      Create a file of the networks you wish to deny access to eg.
      “Deny_Mynetworks_Access” the content of which will be the same networks
      as those found in the mynetworks parameter of the main.cf file for example:

      192.168.0.0/16 REJECT local access not permitted
      n.n.n.n/28 REJECT local access not permitted
      [nnnn:nnnn:nnnn::]/64 REJECT local access not permitted


      remove the permit_mynetworks from all the various
      smtpd_xxxx_restrictions stanzas of main.cf. Then modify the master.cf by
      adding
      -o smtpd_client_restrictions=hash:Deny_Mynetworks_Access,.....
      to the smtp service, and add
      -o smtpd_client_restrictions=permit_mynetworks,.....
      to the submission service.

      This should deny access to the smtp port (25) from the local networks
      while allowing access to the submission port (587).
    • Show all 13 messages in this topic