>
> A sample submission entry in master.cf:
>
> submission inet n - n - - smtpd
> -o smtpd_tls_security_level=encrypt
> -o smtpd_tls_auth_only=yes
> -o smtpd_sasl_auth_enable=yes
> -o broken_sasl_auth_clients=yes
> -o
> receive_override_options=no_header_body_checks,no_address_mappings
> -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
> -o content_filter=lmtp-amavis:[127.0.0.1]:10026
>
> The key is the smtpd_recipient_restrictions' permit_sasl_authenticated
> coming first or early. Thus, port 587 users who authenticate pass the
> green light.
>
Just tried this configuration and moved client restrictions to master.cf
under smtp;
smtp inet n - - - 50 smtpd
-o cleanup_service_name=pre-cleanup
-o content_filter=procmail:filter
-o smtpd_client_restrictions=$master_client_restrictions
submission inet n - n - - smtpd
-o smtpd_tls_security_level=encrypt
-o smtpd_tls_auth_only=yes
-o smtpd_sasl_auth_enable=yes
-o broken_sasl_auth_clients=yes
-o
receive_override_options=no_header_body_checks,no_address_mappings
-o
smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
main.cf changes;
master_client_restrictions=permit_sasl_authenticated,permit_mynetworks
reject_rbl_client blackholes.easynet.nl,
<big list of rbls>
#smtpd_client_restrictions =
and I still get Client Host: Access denied in the logs from everywhere
without permit_mynetworks in the submission smtpd_client_restrictions, that
just makes it work from our networks, but not from the wireless broadband.
So I am concluding that it is not acknowledging sasl_authentication for some
reason? (I am now not seeing any rbl failed requests though.. probably since
its not asked to check anymore.
Any ideas? I am a little stumped, so any suggestions are welcomed with open
arms (and 10 minutes to test them :)
postconf -n
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
content_filter = amavis:[127.0.0.1]:10024
delay_warning_time = 4h
disable_vrfy_command = yes
inet_interfaces = all
mailbox_size_limit = 0
message_size_limit = 26214400
mydestination =
myhostname = <hostname>
mynetworks = <network>
myorigin = /etc/mailname
recipient_delimiter = +
relay_domains = mysql:/etc/postfix/mysql_relay_domains.cf
relayhost =
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_delay_reject = no
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname, permit
smtpd_recipient_restrictions = permit_sasl_authenticated,
reject_unauth_pipelining, permit_mynetworks,
reject_non_fqdn_recipient, reject_unauth_destination,
permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_path = smtpd
smtpd_sasl_security_options = noanonymous
smtpd_sender_restrictions = permit_sasl_authenticated,
permit_mynetworks, reject_non_fqdn_sender,
reject_unauth_pipelining, check_sender_access
hash:/etc/postfix/spoofprotection, permit
smtpd_timeout = 60s
smtpd_tls_cert_file = /etc/apache2/ssl/_.valex.com.au.crt
smtpd_tls_key_file = /etc/apache2/ssl/valexnew.key
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtpd_use_tls = yes
transport_maps = mysql:/etc/postfix/mysql_transport2.cf
virtual_alias_maps = mysql:/etc/postfix/mysql_alias.cf
virtual_gid_maps = mysql:/etc/postfix/mysql_gid.cf
virtual_mailbox_base = /var/spool/mail/virtual
virtual_mailbox_domains = mysql:/etc/postfix/mysql_domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql_mailbox.cf
virtual_transport = mysql:/etc/postfix/mysql_transport2.cf
virtual_uid_maps = mysql:/etc/postfix/mysql_uid.cf
TIA
Nick
