On Mon, Jun 22, 2009 at 07:19:09PM -0600, Alvaro Mantilla Gimenez wrote: > > According to the /usr/share/sendmail/README file, it is necessary to > add the "a" modifier to the line that define the MSA: "Additionally, by > using the M=a modifier you can require authentication before messages > are accepted by the MSA"
Actually, 'a' will only advertise that SMTP AUTH is available, it does not require it. You want to use 'l' to enforce it. DAEMON_OPTIONS(`Family=inet, Address=0.0.0.0, Port=587, Name=MSA, M=El')dnl This won't even allow mail to local recipients without authentication first. > Why the original line (without the "a" modifier) port 587 requires > authentication as well?. Is it implicit in other place? I already > checked several times the send process with/without the "a" modifier and > I needed the authentication in both cases all the times to be able to > send an email trough the 587 port. How did you test this? Do you have any Srv_Features listed in your access map? Authentication is not required in the default config. In fact, it's not even available. Some clients (like Thunderbird, IIRC) will always try to authenticate if the mail server announces SMTP AUTH as a feature during the EHLO/HELO state. Are you sure you're not confusing an annoying client feature with enforcing authentication? > Spamhouse said that the only thing I need to avoid that "error" is to > have SMTP AUTH enable on the server on port 587 (which I already have as > my previous question about the lines on openbsd-proto.mc). Authenticated users will skip the DNSBL checks if you use FEATURE(`delay_checks') in your .mc file. > 587? Sadly I can test it myself because my IP does not appear on PBL > lists and my users will connect during my sleep time (I am 8 hours behind). You can always setup your own test DNSBL that lists just your IP address.
