> > A sample submission entry in master.cf: > > submission inet n - n - - smtpd > -o smtpd_tls_security_level=encrypt > -o smtpd_tls_auth_only=yes > -o smtpd_sasl_auth_enable=yes > -o broken_sasl_auth_clients=yes > -o > receive_override_options=no_header_body_checks,no_address_mappings > -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject > -o content_filter=lmtp-amavis:[127.0.0.1]:10026 > > The key is the smtpd_recipient_restrictions' permit_sasl_authenticated > coming first or early. Thus, port 587 users who authenticate pass the > green light. >
Just tried this configuration and moved client restrictions to master.cf under smtp; smtp inet n - - - 50 smtpd -o cleanup_service_name=pre-cleanup -o content_filter=procmail:filter -o smtpd_client_restrictions=$master_client_restrictions submission inet n - n - - smtpd -o smtpd_tls_security_level=encrypt -o smtpd_tls_auth_only=yes -o smtpd_sasl_auth_enable=yes -o broken_sasl_auth_clients=yes -o receive_override_options=no_header_body_checks,no_address_mappings -o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject main.cf changes; master_client_restrictions=permit_sasl_authenticated,permit_mynetworks reject_rbl_client blackholes.easynet.nl, <big list of rbls> #smtpd_client_restrictions = and I still get Client Host: Access denied in the logs from everywhere without permit_mynetworks in the submission smtpd_client_restrictions, that just makes it work from our networks, but not from the wireless broadband. So I am concluding that it is not acknowledging sasl_authentication for some reason? (I am now not seeing any rbl failed requests though.. probably since its not asked to check anymore. Any ideas? I am a little stumped, so any suggestions are welcomed with open arms (and 10 minutes to test them :) postconf -n alias_database = hash:/etc/postfix/aliases alias_maps = hash:/etc/postfix/aliases append_dot_mydomain = no biff = no broken_sasl_auth_clients = yes config_directory = /etc/postfix content_filter = amavis:[127.0.0.1]:10024 delay_warning_time = 4h disable_vrfy_command = yes inet_interfaces = all mailbox_size_limit = 0 message_size_limit = 26214400 mydestination = myhostname = <hostname> mynetworks = <network> myorigin = /etc/mailname recipient_delimiter = + relay_domains = mysql:/etc/postfix/mysql_relay_domains.cf relayhost = smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache smtpd_banner = $myhostname ESMTP $mail_name smtpd_data_restrictions = reject_unauth_pipelining smtpd_delay_reject = no smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname, permit smtpd_recipient_restrictions = permit_sasl_authenticated, reject_unauth_pipelining, permit_mynetworks, reject_non_fqdn_recipient, reject_unauth_destination, permit smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = smtpd_sasl_path = smtpd smtpd_sasl_security_options = noanonymous smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_non_fqdn_sender, reject_unauth_pipelining, check_sender_access hash:/etc/postfix/spoofprotection, permit smtpd_timeout = 60s smtpd_tls_cert_file = /etc/apache2/ssl/_.valex.com.au.crt smtpd_tls_key_file = /etc/apache2/ssl/valexnew.key smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache smtpd_use_tls = yes transport_maps = mysql:/etc/postfix/mysql_transport2.cf virtual_alias_maps = mysql:/etc/postfix/mysql_alias.cf virtual_gid_maps = mysql:/etc/postfix/mysql_gid.cf virtual_mailbox_base = /var/spool/mail/virtual virtual_mailbox_domains = mysql:/etc/postfix/mysql_domains.cf virtual_mailbox_maps = mysql:/etc/postfix/mysql_mailbox.cf virtual_transport = mysql:/etc/postfix/mysql_transport2.cf virtual_uid_maps = mysql:/etc/postfix/mysql_uid.cf TIA Nick