On 08/27/2013 05:24 AM, John Allen wrote:
On 26/08/2013 9:00 PM, Noel Jones wrote:
On 8/26/2013 7:49 PM, LuKreme wrote:
OK, now that port 587 is working, I would like to disable user
submission via port 25. Not right now, but in a bit once people have
a chance to change their settings.
What do I do to prevent users sending via port25?
Super easy...
# main.cf
smtpd_sasl_auth_enable = no
Your master.cf submission entry probably already includes
-o smtpd_sasl_auth_enable=yes
If not, go ahead and add it to submission now so things don't break
unexpectedly later.
This won't prevent users from sending local mail to port 25, but
they won't be able to authenticate and won't be able to relay. This
usually isn't considered a problem, and changing it often causes
other issues.
-- Noel Jones
I based it something that Noel Jones wrote way back in 2008.
Create a file of the networks you wish to deny access to eg.
“Deny_Mynetworks_Access” the content of which will be the same
networks as those found in the mynetworks parameter of the main.cf
file for example:
This is entirely unnecessary, since moving reject_unauth_destination in
front of permit_mynetworks takes care of that.
Everything after reject_unauth_destination is impervious to relay
attempts, because it explicitly blocks all such attempts.
Yes, relay_domains would be an exception to this - but think why domains
are in relay_domains to begin with.
This should deny access to the smtp port (25) from the local networks
while allowing access to the submission port (587).
So what you're saying is basically "to deny access from the networks in
mynetworks, do this complicated thing" ?
A simpler way to do that would be to not put these networks in mynetworks.
--
J.
