> >>
> >> Nick Sharp wrote:
> smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,r
> eject
> > in the submission bit in master.cf, the connect immediately rejects
> unless
> > matching mynetworks, still not giving a chance to do SASL..
> >
> > Any ideas why this would be?
> >
> > The nearest I can get is accept email to my domains with TLS, with or
> > without AUTH, or block you from even negotiating AUTH? There is no
> middle
> > ground it seems (or more I am missing it! :)
> >
> This is because you changed "smtpd_delay_reject = no" from it's default
> to Yes.
> The client is not given a chance to AUTH with this setting.
Ahh Thats he middle ground I was looking for!
Thanks all for your help.
To summarise, this submission config brought on the majic;
submission inet n - n - - smtpd
-o smtpd_tls_security_level=may
-o smtpd_sasl_auth_enable=yes
-o smtp_enforce_tls=yes
-o smtp_tls_enforce_peername=yes
-o broken_sasl_auth_clients=yes
-o
receive_override_options=no_header_body_checks,no_address_mappings
-o
smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
-o smtpd_sasl_security_options=noanonymous,noplaintext
-o smtpd_sasl_tls_security_options=noanonymous
Nick
