> >> > >> Nick Sharp wrote: > smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,r > eject > > in the submission bit in master.cf, the connect immediately rejects > unless > > matching mynetworks, still not giving a chance to do SASL.. > > > > Any ideas why this would be? > > > > The nearest I can get is accept email to my domains with TLS, with or > > without AUTH, or block you from even negotiating AUTH? There is no > middle > > ground it seems (or more I am missing it! :) > > > This is because you changed "smtpd_delay_reject = no" from it's default > to Yes. > The client is not given a chance to AUTH with this setting.
Ahh Thats he middle ground I was looking for! Thanks all for your help. To summarise, this submission config brought on the majic; submission inet n - n - - smtpd -o smtpd_tls_security_level=may -o smtpd_sasl_auth_enable=yes -o smtp_enforce_tls=yes -o smtp_tls_enforce_peername=yes -o broken_sasl_auth_clients=yes -o receive_override_options=no_header_body_checks,no_address_mappings -o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject -o smtpd_sasl_security_options=noanonymous,noplaintext -o smtpd_sasl_tls_security_options=noanonymous Nick