295004Re: Disabling user submission on port 25
- Aug 26, 2013On 26/08/2013 9:00 PM, Noel Jones wrote:
> On 8/26/2013 7:49 PM, LuKreme wrote:I based it something that Noel Jones wrote way back in 2008.
>> OK, now that port 587 is working, I would like to disable user submission via port 25. Not right now, but in a bit once people have a chance to change their settings.
>> What do I do to prevent users sending via port25?
> Super easy...
> # main.cf
> smtpd_sasl_auth_enable = no
> Your master.cf submission entry probably already includes
> -o smtpd_sasl_auth_enable=yes
> If not, go ahead and add it to submission now so things don't break
> unexpectedly later.
> This won't prevent users from sending local mail to port 25, but
> they won't be able to authenticate and won't be able to relay. This
> usually isn't considered a problem, and changing it often causes
> other issues.
> -- Noel Jones
Create a file of the networks you wish to deny access to eg.
“Deny_Mynetworks_Access” the content of which will be the same networks
as those found in the mynetworks parameter of the main.cf file for example:
192.168.0.0/16 REJECT local access not permitted
n.n.n.n/28 REJECT local access not permitted
[nnnn:nnnn:nnnn::]/64 REJECT local access not permitted
remove the permit_mynetworks from all the various
smtpd_xxxx_restrictions stanzas of main.cf. Then modify the master.cf by
to the smtp service, and add
to the submission service.
This should deny access to the smtp port (25) from the local networks
while allowing access to the submission port (587).
- << Previous post in topic Next post in topic >>