Hello Selmeci, It seems to me that you need to specify auth in the listen directive for requiring authentication for incoming connections.
>From what I can tell you are authenticating with the smarthost, but not for incoming connections. Example from man smtpd.conf: listen on $lan_addr tls auth Hope it helps! On Wed, Aug 21, 2019 at 07:39:42AM +0200, Selmeci Tamás wrote: > Hello! > > In brief: STARTTLS is enabled, there is a self-signed certificate for > encryption (better than nothing), smarthost is used to send mails from > my domain. My problem is that it still accepts SMTP connections (over > TLS) without authentication. What I want: > - anybody can send email to my email address in my domain (now it's > working); > - relaying through my SMTP server is allowed only after successful > authentication (now anybody can relay through my server without > authentication, e.g. to send spams). Authentication should be based on > regular /etc/passwd file (local users of the computer). In order to > hide the passwords, STARTTLS should be used; > > It's a rather simple configuration, but I wasn't able to set it up. If > I put 'auth' into the 'listen on' line, it needs authentication to any > access of the SMTP server, so other machines (e.g. from google.com) > can't send me mails. Using 'authenticated' in 'accept from' directives > also didn't do the trick appropriately (it wasn't able to receive any > mails at all). > > Could you please help me out with this? > > Thanks, regards, > ----------------------------------------------- > ----------------------------------------------- > pki mail.486.hu certificate "/etc/smtpd/mail.486.hu.crt" > pki mail.486.hu key "/etc/smtpd/mail.486.hu.key" > > table cred file:/etc/smtpd/cred > > listen on eth0 port 25 hostname mail.486.hu tls-require > listen on localhost port 25 hostname mail.486.hu tls-require > > # Storing mails arriving at the domain '486.hu'. > accept from any for domain 486.hu deliver to mbox > > # If the recipient is out of domain '486.hu', the mail is relayed through the > # smarthost using TLS and authentication, see 'cred' file. > accept from any for ! domain 486.hu relay via > tls+auth://t-onl...@mail.t-online.hu auth <cred> >