Loading ...
Sorry, an error occurred while loading the content.

Re: permit_sasl_authenticated ONLY from one interface

Expand Messages
  • mouss
    ... yes. I only cited it to show that multiple keywords can be discarded. ... It s unclear whether he actually found misbehaving MUAs or if he is just fearing
    Message 1 of 11 , Dec 1, 2008
    • 0 Attachment
      Noel Jones a écrit :
      > mouss wrote:
      >> Simone Felici a écrit :
      >>> mouss ha scritto:
      >>>> Simone Felici a écrit :
      >>>>> Why? Uhm, dunno...
      >>>>> It seems certain mailclients has Autenticated smtp enabled as default
      >>>>> and if the client found the smtp server support it, then it try to
      >>>>> send
      >>>>> in auth. This return an error, due inappropriate settings of the
      >>>>> client.
      >>>> if you know their IPs, you can use
      >>>> smtpd_discard_ehlo_keyword_address_maps
      >>>>
      >>>
      >>> Mouss,
      >>> this could be a solution... but haven't find any example or documation
      >>> to try it.
      >>> Could you pount me at any example?
      >>
      >> make sure to read:
      >>
      >> http://www.postfix.org/postconf.5.html#smtpd_discard_ehlo_keyword_address_maps
      >>
      >>
      >>
      >>
      >> smtpd_discard_ehlo_keyword_address_maps
      >> hash:/etc/postfix/discard_ehlo
      >>
      >> == discard_ehlo
      >> 10.1.2.3 starttls, auth, silent-discard
      >>
      >> (silent-discard prevents postfix from logging this "keyword discard"
      >> action).
      >>
      >>
      >
      >
      > (discarding starttls may be too much, but OP can decide for himself)
      >

      yes. I only cited it to show that multiple keywords can be discarded.

      >
      > I think this is even easier:
      > http://www.postfix.org/postconf.5.html#smtpd_sasl_exceptions_networks
      >
      > The simplest form of this is:
      > # main.cf
      > smtpd_sasl_exceptions_networks = $mynetworks
      >
      >
      >>> The initial problem was:
      >>> I've an SMTP server for customers, with standard smtp open only from a
      >>> range of IPs.
      >>> Could I provide normal smtp service for customers of a range of known IP
      >>> (like now) and open my server to all the world for smtp service but ONLY
      >>> if autenthicated smtp i sused?
      >>>
      >>> Is the MUA with an IP of my customers?
      >>> YES: It can send without any authentication.
      >>> NO: It can send ONLY it a user/pass is provided.
      >>>
      >>
      >
      > The behavior you describe is the standard settings:
      >
      > smtpd_recipient_restrictions =
      > permit_mynetworks
      > permit_sasl_authenticated
      > reject_unauth_destination
      > ... other restrictions ...
      >
      > You only need to make special arrangements such as mouss and I describe
      > when you don't want to ever offer AUTH to local clients. Offering AUTH
      > to everyone does not present a problem to the vast majority of clients.
      >

      It's unclear whether he actually found misbehaving MUAs or if he is just
      fearing the unknown ;-p
    • Simone Felici
      ... Both are good solutions, I ll try these! Thank s a lot!!! Simon
      Message 2 of 11 , Dec 1, 2008
      • 0 Attachment
        Noel Jones ha scritto:
        > mouss wrote:

        >>> Mouss,
        >>> this could be a solution... but haven't find any example or documation
        >>> to try it.
        >>> Could you pount me at any example?
        >>
        >> make sure to read:
        >>
        >> http://www.postfix.org/postconf.5.html#smtpd_discard_ehlo_keyword_address_maps
        >>
        >>
        >>
        >>
        >> smtpd_discard_ehlo_keyword_address_maps
        >> hash:/etc/postfix/discard_ehlo
        >>
        >> == discard_ehlo
        >> 10.1.2.3 starttls, auth, silent-discard
        >>
        >> (silent-discard prevents postfix from logging this "keyword discard"
        >> action).
        >>
        >>

        Both are good solutions, I'll try these!

        Thank's a lot!!!

        Simon
      Your message has been successfully submitted and would be delivered to recipients shortly.