On tis 4 feb 2014 15:36:34, Viktor Dukhovni wrote: > On Tue, Feb 04, 2014 at 02:57:42PM +0100, Patrik B?t wrote: > >> When saslauthd crashes or beeing stopped, mails are bounced. >> eg: 535 5.7.8 Error: authentication failed: generic failure >> >> Can I somehow change it to just defer? > > If you have a dedicated submission/relay service to which *all* > clients must authenticate, then you can set the restrictions to > "defer" after allowing authenticated users. > > main.cf: > # Postfix >= 2.10 variant (uncomment below and comment-out variant for > # earlier versions. > # > #submission_relay_restrictions = permit_sasl_authenticated, defer > #submission_recipient_restrictions = > > # Earlier versions variant > # > submission_recipient_restrictions = permit_sasl_authenticated, defer > > master.cf: > # Replace "submission" with appropriate IP:port as required. > # Replace "submission" with appropriate IP:port as required. > submission inet n ... smtpd > -o smtpd_client_restrictions= > -o smtpd_helo_restrictions= > -o smtpd_sender_restrictions= > # Uncomment with Postfix >= 2.10 > # -o smtpd_relay_restrictions=$submission_relay_restrictions > -o smtpd_recipient_restrictions=$submission_recipient_restrictions > -o smtpd_data_restrictions= > -o smtpd_end_of_data_restrictions= > ... > > Do not do this on any SMTP listener that also handles inbound mail > (i.e. port 25 MX host for your domain) and thus cannot enforce authentication > for all clients. >
Thanks alot Victor! I've done this tho, but it wasn't working, so I have restrictions somewhere else also, so i need to figur that out, but then my conclusion wasn't that off :)
signature.asc
Description: OpenPGP digital signature
