mouss wrote:
Simone Felici a écrit :
mouss ha scritto:
Simone Felici a écrit :
Why? Uhm, dunno...
It seems certain mailclients has Autenticated smtp enabled as default
and if the client found the smtp server support it, then it try to send
in auth. This return an error, due inappropriate settings of the client.
if you know their IPs, you can use
smtpd_discard_ehlo_keyword_address_maps
Mouss,
this could be a solution... but haven't find any example or documation
to try it.
Could you pount me at any example?
make sure to read:
http://www.postfix.org/postconf.5.html#smtpd_discard_ehlo_keyword_address_maps
smtpd_discard_ehlo_keyword_address_maps
hash:/etc/postfix/discard_ehlo
== discard_ehlo
10.1.2.3 starttls, auth, silent-discard
(silent-discard prevents postfix from logging this "keyword discard"
action).
(discarding starttls may be too much, but OP can decide for
himself)
I think this is even easier:
http://www.postfix.org/postconf.5.html#smtpd_sasl_exceptions_networks
The simplest form of this is:
# main.cf
smtpd_sasl_exceptions_networks = $mynetworks
The initial problem was:
I've an SMTP server for customers, with standard smtp open only from a
range of IPs.
Could I provide normal smtp service for customers of a range of known IP
(like now) and open my server to all the world for smtp service but ONLY
if autenthicated smtp i sused?
Is the MUA with an IP of my customers?
YES: It can send without any authentication.
NO: It can send ONLY it a user/pass is provided.
The behavior you describe is the standard settings:
smtpd_recipient_restrictions =
permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination
... other restrictions ...
You only need to make special arrangements such as mouss and I
describe when you don't want to ever offer AUTH to local
clients. Offering AUTH to everyone does not present a problem
to the vast majority of clients.
--
Noel Jones