> On Sat, Jan 22, 2022 at 02:03:29PM -0500, Joe Acquisto-j4 wrote: > >> > IIRC Wietse already suggested a work-around, by making the >> > sender-dependent authentication settings be transport-specific. >> > >> > In particular the internal nexthop that does not do SASL should be >> > handled by a transport in which sender-dependent authentication is >> > disabled. >> >> I do desire outgoing email, with the "next hop" being my ISP, to have >> sender dependent authentication. Incoming email, once processed by >> Postfix, SA, ClamAV, is sent to "the last hop" which does no >> authentication. > > Sure, which means that the (smtp) transport used for that nexthop should > have sender dependent authentication enabled. > >> I do get, I think, the point you illuminate in last your paragraph >> that in my case, a specific inbound transport must be defined for all >> incoming messages and this transport must not specify authentication. > > By not enabling sender dependent authentication for the (smtp) transport > used to reach the internal mailstore. > >> However, I get a bit fuzzy about any distinction between "sender >> dependent authentication" and "no authentication". Presumably that >> will require some what different configuration than Wietse described?
Thanks for your continued efforts. > Postfix attempts to use SASL authentication when: > > * smtp_sasl_enable=yes > * and either > - smtp_sender_dependent_authentication = yes and > smtp_sasl_password_maps contains a match for the sender, OR > - smtp_sasl_password_maps contains a match for the nexthop or > just the underlying hostname extracted from the nexthop > [host]:port or the like. > Therefore your master.cf file needs to have an least one additional > smtp-based transport, with either SASL disabled entirely, and/or > sender-dependent authentication disabled, or perhaps a variant > password table... Below all three are set to "discourage" use > of SASL: > > noauth unix - - n - - smtp > -o smtp_sasl_enable=no > -o smtp_sender_dependent_authentication=no > -o smtp_sasl_password_maps= My initial attempts did not produce the desired result. Do I need to set all three options or just the first? When I use all three log show invalid comment for smtp > With this, just make sure that deliveries to the internal mailstore > use the "noauth" transport: > > internal.example noauth:[gateway.example] This I took to be an entry in /etc/postfix/transport. Is that correct? joe a. >> In any event I am nagged however by what causes Postfix to attempt > authentication, >> for this oddball email when others sent to the same user do not, with the > same >> configuration. > > See above. You enabled authentication by enabling sender-dependent > authentication and configuring a table with passwords specified for > the sender addresses in question. I still see a distinction but, let's just move on and see if it can be set to rights. joe a. --------------------------------- j4computers, llc Stone Ridge, NY 12484 845-687-3734 www.j4computers.com ---------------------------------