Hi!
I changed the restrictions line like you said:
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination
but this way it will try to see if the ip is part of mynetworks first, and
as it wont be it will reject or ... because my squirremail morks and I
think it does not use the authentification but rather the mynetworks.
Well.. :)
here is postconf | grep smtpd_sasl
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = no
smtpd_sasl_exceptions_networks =
smtpd_sasl_local_domain =
smtpd_sasl_path = smtp
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
smtpd_sasl_type = cyrus
I also now have all the authentification methods in the telnet EHLO
response. Which should not be
telnet localhost 587
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 ks359684.kimsufi.com ESMTP Postfix
EHLO localhost
250-ks359684.kimsufi.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH NTLM LOGIN PLAIN DIGEST-MD5 CRAM-MD5
250-AUTH=NTLM LOGIN PLAIN DIGEST-MD5 CRAM-MD5
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
STARTTLS
220 2.0.0 Ready to start TLS
Which I don't understand how because the /etc/sasl2/smtpd.conf is sayin:
mech_list: PLAIN LOGIN
pwcheck_method: saslauthd
I will continue to look now, need to clean somethin somewhere.
Thank you for the help ;)
Laurent
