295025Re: Disabling user submission on port 25
- Aug 27, 2013On 08/27/2013 05:24 AM, John Allen wrote:
>This is entirely unnecessary, since moving reject_unauth_destination in
> On 26/08/2013 9:00 PM, Noel Jones wrote:
>> On 8/26/2013 7:49 PM, LuKreme wrote:
>>> OK, now that port 587 is working, I would like to disable user
>>> submission via port 25. Not right now, but in a bit once people have
>>> a chance to change their settings.
>>> What do I do to prevent users sending via port25?
>> Super easy...
>> # main.cf
>> smtpd_sasl_auth_enable = no
>> Your master.cf submission entry probably already includes
>> -o smtpd_sasl_auth_enable=yes
>> If not, go ahead and add it to submission now so things don't break
>> unexpectedly later.
>> This won't prevent users from sending local mail to port 25, but
>> they won't be able to authenticate and won't be able to relay. This
>> usually isn't considered a problem, and changing it often causes
>> other issues.
>> -- Noel Jones
> I based it something that Noel Jones wrote way back in 2008.
> Create a file of the networks you wish to deny access to eg.
> “Deny_Mynetworks_Access” the content of which will be the same
> networks as those found in the mynetworks parameter of the main.cf
> file for example:
front of permit_mynetworks takes care of that.
Everything after reject_unauth_destination is impervious to relay
attempts, because it explicitly blocks all such attempts.
Yes, relay_domains would be an exception to this - but think why domains
are in relay_domains to begin with.
>So what you're saying is basically "to deny access from the networks in
> This should deny access to the smtp port (25) from the local networks
> while allowing access to the submission port (587).
mynetworks, do this complicated thing" ?
A simpler way to do that would be to not put these networks in mynetworks.
- << Previous post in topic Next post in topic >>