On Sat, Jul 31, 2021 at 03:59:07PM +0200, Hadmut Danisch <had...@danisch.de> wrote:
> On 30.07.21 23:09, Wietse Venema wrote: > > This is not needed. Postfix 3.0 and later log the AUTH failure AND > > the client IP address together: > > > > postfix/smtpd[xxx]: disconnect from unknown[x.x.x.x] auth=0/1 > > commands=0/1 > > > > This is logged even when AUTH is disabled (as it should be on port 25). > > > > Wietse > > Unfortunately, we cannot simply turn off AUTH on port 25, since we have > some unexperienced users (including their children) who would not simply > understand what we are asking for and what to do, if we tell them to use > the submission port. > > We therefore would need to detect who is still using auth on port 25 to > give some individual support and have it fixed. > > Is there a way to make postfix tell in the logs whether someone > authenticated on port 25 or 587? > > regards > Hadmut With only ports 25 and 465 open, the Mail app on an iphone will auto-configure itself to use port 25. It would use port 587/STARTTLS if that were open, but sadly, it ignores 465/TLS). The iphone can be coerced into connecting to port 465 but it doesn't happen without manual intervention. cheers, raf
