Re: SMTP authentication
- Il 19/03/2013 19:30, Viktor Dukhovni ha scritto:
> On Tue, Mar 19, 2013 at 06:47:42PM +0100, Matteo Marescotti wrote:I was sure there was a very good reason for that. Thank you very much to
>> Il 19/03/2013 17:41, Viktor Dukhovni wrote:
>>> On Tue, Mar 19, 2013 at 02:18:51PM +0000, Matteo Marescotti wrote:
>>>> submission inet n - - - - smtpd
>>>> -o smtpd_tls_security_level=encrypt
>>>> -o smtpd_sasl_auth_enable=yes
>>>> -o smtpd_client_restrictions=permit_sasl_authenticated,reject
>>>> -o milter_macro_daemon_name=ORIGINATING
>>> With "smtpd_tls_security_level=encrypt" only EHLO, NOOP and QUIT
>>> are allowed before STARTTLS. The other commands will be rejected,
>>> but of course we can't prevent the client from sending them.
>> I said Postfix accepts the MAIL FROM command before user
>> authentication, not before STARTTLS.
> Sorry, I misread your post, I am too focused on TLS lately, yes
> rejection of transactions is deliberately delayed to RCPT TO, this
> makes it possible to later figure out what was being rejected.
> A good MTA produces a good audit trail.
everybody. I learned something I could not figure out by myself.