Hello Selmeci,
It seems to me that you need to specify auth in the listen directive for
requiring authentication for incoming connections.
>From what I can tell you are authenticating with the smarthost, but not for
incoming connections.
Example from man smtpd.conf:
listen on $lan_addr tls auth
Hope it helps!
On Wed, Aug 21, 2019 at 07:39:42AM +0200, Selmeci Tamás wrote:
> Hello!
>
> In brief: STARTTLS is enabled, there is a self-signed certificate for
> encryption (better than nothing), smarthost is used to send mails from
> my domain. My problem is that it still accepts SMTP connections (over
> TLS) without authentication. What I want:
> - anybody can send email to my email address in my domain (now it's
> working);
> - relaying through my SMTP server is allowed only after successful
> authentication (now anybody can relay through my server without
> authentication, e.g. to send spams). Authentication should be based on
> regular /etc/passwd file (local users of the computer). In order to
> hide the passwords, STARTTLS should be used;
>
> It's a rather simple configuration, but I wasn't able to set it up. If
> I put 'auth' into the 'listen on' line, it needs authentication to any
> access of the SMTP server, so other machines (e.g. from google.com)
> can't send me mails. Using 'authenticated' in 'accept from' directives
> also didn't do the trick appropriately (it wasn't able to receive any
> mails at all).
>
> Could you please help me out with this?
>
> Thanks, regards,
> -----------------------------------------------
> -----------------------------------------------
> pki mail.486.hu certificate "/etc/smtpd/mail.486.hu.crt"
> pki mail.486.hu key "/etc/smtpd/mail.486.hu.key"
>
> table cred file:/etc/smtpd/cred
>
> listen on eth0 port 25 hostname mail.486.hu tls-require
> listen on localhost port 25 hostname mail.486.hu tls-require
>
> # Storing mails arriving at the domain '486.hu'.
> accept from any for domain 486.hu deliver to mbox
>
> # If the recipient is out of domain '486.hu', the mail is relayed through the
> # smarthost using TLS and authentication, see 'cred' file.
> accept from any for ! domain 486.hu relay via
> tls+auth://t-onl...@mail.t-online.hu auth <cred>
>
