On 2013.06.20 04.51, Felix Rubio Dalmau wrote:
Hi all,
I have set up a postfix+dovecot+roundcube installation. Currently, I
have
set up these smtpd parameters:
smtpd_tls_security_level = may
smtpd_tls_auth_only = yes
smtpd_discard_ehlo_keyword_address_maps = hash:/etc/postfix/discard_ehlo
inside discard_helo, I have set "127.0.0.1 starttls,silent-discard" to
allow roundcube connecting without TLS.
With this setup, roundcoube can't connect because it is not on a TLS
connection. If I set up roundcube to use TLS and comment
smtpd_discard_ehlo_keyword_address_maps, everything goes fine.
The question is: how can I allow smtpd_tls_auth_only only on non-local
connections?
this is overcomplicated. set up a proper submission service [587] which
requires encryption and authentication. configure smtp service [25] to
offer [but not require] encryption and to not offer auth. configure
roundcube to use submission+encryption+smtp auth, just like any other
mail client.
-ben