On Mon, Jun 22, 2009 at 9:59 PM, Dan Harnett<dan...@harnett.name> wrote: > On Mon, Jun 22, 2009 at 07:19:09PM -0600, Alvaro Mantilla Gimenez wrote: >> >> According to the /usr/share/sendmail/README file, it is necessary to >> add the "a" modifier to the line that define the MSA: "Additionally, by >> using the M=a modifier you can require authentication before messages >> are accepted by the MSA" > > Actually, 'a' will only advertise that SMTP AUTH is available, it does > not require it. You want to use 'l' to enforce it. > > DAEMON_OPTIONS(`Family=inet, Address=0.0.0.0, Port=587, Name=MSA, M=El')dnl > > This won't even allow mail to local recipients without authentication > first.
Hmm, this seems to not match the documentation in /usr/share/doc/smm/08.sendmailop: the meaning you give for the 'a' and 'l' flags are correct for the srv_features ruleset, but not for the DaemonPortOptions option. ... > Authenticated users will skip the DNSBL checks if you use > FEATURE(`delay_checks') in your .mc file. This is the easiest way to accomplish the original poster's goal, yes. Philip Guenther