On ons 5 feb 2014 09:17:57, Patrik Båt wrote: > On tis 4 feb 2014 15:42:04, Patrik Båt wrote: >> On tis 4 feb 2014 15:36:34, Viktor Dukhovni wrote: >>> On Tue, Feb 04, 2014 at 02:57:42PM +0100, Patrik B?t wrote: >>> >>>> When saslauthd crashes or beeing stopped, mails are bounced. >>>> eg: 535 5.7.8 Error: authentication failed: generic failure >>>> >>>> Can I somehow change it to just defer? >>> >>> If you have a dedicated submission/relay service to which *all* >>> clients must authenticate, then you can set the restrictions to >>> "defer" after allowing authenticated users. >>> >>> main.cf: >>> # Postfix >= 2.10 variant (uncomment below and comment-out variant for >>> # earlier versions. >>> # >>> #submission_relay_restrictions = permit_sasl_authenticated, defer >>> #submission_recipient_restrictions = >>> >>> # Earlier versions variant >>> # >>> submission_recipient_restrictions = permit_sasl_authenticated, defer >>> >>> master.cf: >>> # Replace "submission" with appropriate IP:port as required. >>> # Replace "submission" with appropriate IP:port as required. >>> submission inet n ... smtpd >>> -o smtpd_client_restrictions= >>> -o smtpd_helo_restrictions= >>> -o smtpd_sender_restrictions= >>> # Uncomment with Postfix >= 2.10 >>> # -o smtpd_relay_restrictions=$submission_relay_restrictions >>> -o smtpd_recipient_restrictions=$submission_recipient_restrictions >>> -o smtpd_data_restrictions= >>> -o smtpd_end_of_data_restrictions= >>> ... >>> >>> Do not do this on any SMTP listener that also handles inbound mail >>> (i.e. port 25 MX host for your domain) and thus cannot enforce >>> authentication >>> for all clients. >>> >> >> Thanks alot Victor! >> >> I've done this tho, but it wasn't working, so I have restrictions >> somewhere else also, so i need to figur that out, but then my >> conclusion wasn't that off :) >> > > Hmm, Victor are you sure this works? > I'm running postfix version 2.9.6 on Debian Wheezy. >
I think there is no option to change this atm :P eg: (line 314 in postfix-2.9.6/src/smtpd/smtpd_sasl_glue.c) if (status != XSASL_AUTH_DONE) { msg_warn("%s: SASL %s authentication failed: %s", state->namaddr, sasl_method, STR(state->sasl_reply)); /* RFC 4954 Section 6. */ smtpd_chat_reply(state, "535 5.7.8 Error: authentication failed: %s", STR(state->sasl_reply)); return (-1); }
signature.asc
Description: OpenPGP digital signature