> You've probably got permit_mynetworks near the top of your
> smtpd_foo_restrictions, which are inherited by default. The "-o
The only smtpd_foo_restrictions I have in main.cf are:
smtpd_recipient_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_destination,
permit
> smtpd_client_restrictions" line would have overridden that (if it was a
> client restriction) and forced your users to authenticate.
I'm now running submission like this:
submission inet n - n - - smtpd
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
> The same thing would work for the submission port after the switch, but you
> should first check that your SASL is really working since it wasn't being
> exercised.
SASL must be working since Thunderbird can send mail over 587,
correct? I don't see why local Squirrelmail won't send mail over 587,
but remote Thunderbird will. Squirrelmail also won't send mail over
port 25, but it will send mail over 465.
- Grant
