On Fri, Jun 21, 2024 at 07:54:40AM +0800, Jeff Peng via Postfix-users wrote:
> Hello
>
> for these options for submission in master.cf:
>
> submission inet n - y - - smtpd
> # -o syslog_name=postfix/submission
> # -o smtpd_tls_security_level=encrypt
> -o smtpd_sasl_auth_enable=yes
> # -o smtpd_tls_auth_only=yes
> # -o smtpd_reject_unlisted_recipient=no
> # -o smtpd_client_restrictions=$mua_client_restrictions
> # -o smtpd_helo_restrictions=$mua_helo_restrictions
> # -o smtpd_sender_restrictions=$mua_sender_restrictions
> # -o smtpd_recipient_restrictions=
> # -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
> # -o milter_macro_daemon_name=ORIGINATING
>
> Since "-o smtpd_sasl_auth_enable=yes" specify smtpd_sasl_auth_enable default
> enabled. Why I have to uncomment it out to make it become alive?
The default value is "no", as expected.
$ postconf -d smtpd_sasl_auth_enable
smtpd_sasl_auth_enable = no
Best practice is to enable SASL auth only on the submission ports and
NOT on port 25.
--
Viktor.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
