i'm trying to use submission port and i set up my master.cf smtp inet n - n - - smtpd -o smtpd_recipient_restrictions=reject_unauth_destination,reject_non_fqdn_recipient,permit -o smtpd_client_restrictions=reject_unknown_client,permit submission inet n - n - - smtpd -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_restrictions=permit_sasl_authenticated,reject_sender_login_mismatch,reject
i want to receive emails on port 25 and send by other port in this case the 587 submission port, then i all restrictions are working correctly i tried to send an email at port 25 and the server refuses as i want. 2009/12/13 Matt Hayes <domin...@slackadelic.com> > On 12/13/2009 12:13 PM, Walter Breno wrote: > > Hi, > > i need to force everybody including local network users that uses mail > > clients and webmail to authenticate on smtp to send mails from my server > > , i has enables sasl_auth modules and authentication is working fine but > > when i set the option smtp_recipient_restrictions = > > permit_sasl_authenticated reject my server stop to receive mail from > > external server like gmail and yahoo i've tried the option > > permit_auth_destination so if the final destination of emails is my > > domain the server doesn't require authentication, but here i have the > > security problem, if a machine on my network is infected with a virus or > > one spammer inside or outside my network will send spam to all users on > > my domain because the authentication is not required. > > what is the correct way to do that? i need to require authentication but > > the incoming can't be rejected. > > > > here is the section of my main.cf <http://main.cf>: > > > > smtpd_sasl_auth_enable = yes > > smtpd_sasl_security_options = noanonymous > > smtpd_sasl_local_domain = $myhostname > > broken_sasl_auth_clients = yes > > > > smtpd_recipient_restrictions = reject_non_fqdn_recipient > > permit_sasl_authenticated permit_unauth_destination reject > > > > strict_rfc821_envelopes = yes > > smtpd_require_helo = yes > > > You should be reading up on submission. You don't want to reject > unauthed users from port 25 as that is how the rest of the world sends > you email. > > There's an example for submission in your main.cf > > > -Matt >
