On 2013.06.20 04.51, Felix Rubio Dalmau wrote:
Hi all,I have set up a postfix+dovecot+roundcube installation. Currently, I have set up these smtpd parameters: smtpd_tls_security_level = may smtpd_tls_auth_only = yes smtpd_discard_ehlo_keyword_address_maps = hash:/etc/postfix/discard_ehlo inside discard_helo, I have set "127.0.0.1 starttls,silent-discard" to allow roundcube connecting without TLS. With this setup, roundcoube can't connect because it is not on a TLS connection. If I set up roundcube to use TLS and comment smtpd_discard_ehlo_keyword_address_maps, everything goes fine. The question is: how can I allow smtpd_tls_auth_only only on non-local connections?
this is overcomplicated. set up a proper submission service [587] which requires encryption and authentication. configure smtp service [25] to offer [but not require] encryption and to not offer auth. configure roundcube to use submission+encryption+smtp auth, just like any other mail client.
-ben
