Noel Jones a écrit : > mouss wrote: >> Simone Felici a écrit : >>> mouss ha scritto: >>>> Simone Felici a écrit : >>>>> Why? Uhm, dunno... >>>>> It seems certain mailclients has Autenticated smtp enabled as default >>>>> and if the client found the smtp server support it, then it try to >>>>> send >>>>> in auth. This return an error, due inappropriate settings of the >>>>> client. >>>> if you know their IPs, you can use >>>> smtpd_discard_ehlo_keyword_address_maps >>>> >>> >>> Mouss, >>> this could be a solution... but haven't find any example or documation >>> to try it. >>> Could you pount me at any example? >> >> make sure to read: >> >> http://www.postfix.org/postconf.5.html#smtpd_discard_ehlo_keyword_address_maps >> >> >> >> >> smtpd_discard_ehlo_keyword_address_maps >> hash:/etc/postfix/discard_ehlo >> >> == discard_ehlo >> 10.1.2.3 starttls, auth, silent-discard >> >> (silent-discard prevents postfix from logging this "keyword discard" >> action). >> >> > > > (discarding starttls may be too much, but OP can decide for himself) >
yes. I only cited it to show that multiple keywords can be discarded. > > I think this is even easier: > http://www.postfix.org/postconf.5.html#smtpd_sasl_exceptions_networks > > The simplest form of this is: > # main.cf > smtpd_sasl_exceptions_networks = $mynetworks > > >>> The initial problem was: >>> I've an SMTP server for customers, with standard smtp open only from a >>> range of IPs. >>> Could I provide normal smtp service for customers of a range of known IP >>> (like now) and open my server to all the world for smtp service but ONLY >>> if autenthicated smtp i sused? >>> >>> Is the MUA with an IP of my customers? >>> YES: It can send without any authentication. >>> NO: It can send ONLY it a user/pass is provided. >>> >> > > The behavior you describe is the standard settings: > > smtpd_recipient_restrictions = > permit_mynetworks > permit_sasl_authenticated > reject_unauth_destination > ... other restrictions ... > > You only need to make special arrangements such as mouss and I describe > when you don't want to ever offer AUTH to local clients. Offering AUTH > to everyone does not present a problem to the vast majority of clients. > It's unclear whether he actually found misbehaving MUAs or if he is just fearing the unknown ;-p
