On 12/13/2009 12:13 PM, Walter Breno wrote: > Hi, > i need to force everybody including local network users that uses mail > clients and webmail to authenticate on smtp to send mails from my server > , i has enables sasl_auth modules and authentication is working fine but > when i set the option smtp_recipient_restrictions = > permit_sasl_authenticated reject my server stop to receive mail from > external server like gmail and yahoo i've tried the option > permit_auth_destination so if the final destination of emails is my > domain the server doesn't require authentication, but here i have the > security problem, if a machine on my network is infected with a virus or > one spammer inside or outside my network will send spam to all users on > my domain because the authentication is not required. > what is the correct way to do that? i need to require authentication but > the incoming can't be rejected. > > here is the section of my main.cf <http://main.cf>: > > smtpd_sasl_auth_enable = yes > smtpd_sasl_security_options = noanonymous > smtpd_sasl_local_domain = $myhostname > broken_sasl_auth_clients = yes > > smtpd_recipient_restrictions = reject_non_fqdn_recipient > permit_sasl_authenticated permit_unauth_destination reject > > strict_rfc821_envelopes = yes > smtpd_require_helo = yes
You should be reading up on submission. You don't want to reject unauthed users from port 25 as that is how the rest of the world sends you email. There's an example for submission in your main.cf -Matt
