On Thu, 08 Jan 2009 09:53:45 -0500, Jorey Bump <l...@joreybump.com> wrote: > Jeff Weinberger wrote, at 01/08/2009 09:27 AM: > >> Setting smtpd_sasl_auth_enable = no would mean that no authentication is >> required on port 25, but if I understand it correctly, it wouldn't >> actually stop an authenticated user from sending mail through port 25. >> If they tried to authenticate on port 25 with smtpd_sasl_auth_enable = >> no, would postfix refuse the connection? > > Actually, smtpd_sasl_auth_enable = no means that authentication is not > enabled. IOW, Postfix won't offer 250-AUTH [mech list] after HELO/EHLO. > Attempts to authenticate will generate an error. Most modern clients are > intelligent enough to detect the absence of AUTH and will not attempt to > authenticate. Good ones will abort and notify the user. Bad ones might > attempt to continue, in case the server will still accept the message. > If the domain is a destination your server handles, it will probably > accept the message, otherwise it will reject it. > >> In the final step of my scenario, that's the behavior I want to achieve. >> Will that simple step work? > > Yes. You can completely disable submission on port 25 and prevent > relaying to destinations you don't accept by hosts outside of mynetworks.
Jory: Thanks again! So it looks like it's as simple as smtpd_sasl_auth_enable = no for port 25, and then making sure everything else is set so that mail coming in on port 25 has to be for one of my domains or it's rejected. Thanks! I appreciate the help!
