On 2016.09.28 12.35, KSB wrote:
On 2016.09.28. 18:03, KSB wrote:
Hi!
I would like to use smtpd_tls_auth_only=yes at least for submission
port, but we have rare customers who have old scannners which don't
support SSL/TLS(as they say).
for this, i use the following:
table_directory = ${config_directory}/tables
smtpd_tls_security_level = may
smtpd_recipient_restrictions =
reject_non_fqdn_sender
reject_unknown_sender_domain
reject_non_fqdn_recipient
reject_unknown_recipient_domain
reject_unauth_pipelining
check_client_access cidr:${table_directory}/non_auth_submitters.cidr
reject_plaintext_session
permit_sasl_authenticated
reject
this offers encryption, allows non encrypted/non authenticated
exceptions to clients listed in non_auth_submitters.cidr, but rejects
attempts by any other clients to not use encryption or authentication.
-ben
