> But, (THIS IS THE IMPORTANT PART): > If I uncheck the "Username and Password" option, the mail is sent > successfully... > What I want is to block anonymous requests... In other words, ONLY send > those mails when the user is SASL authenticated. > It is possible? Am I missing something in the smtpd_sender_restrictions > parameter? > > This is my main.cf:
Please post the output of `postconf -n` in future. > #SASL auth > smtpd_sasl_auth_enable = yes > smtpd_sasl_local_domain = $myhostname > smtpd_sasl_security_options = noanonymous > smtpd_sasl_authenticated_header = yes > smtpd_sasl_type = dovecot > smtpd_sasl_path = private/auth > broken_sasl_auth_clients = yes I'm pretty sure this is okay so far. > # I'm not including "permit_mynetworks" for testing puposes. > smtpd_sender_restrictions = > permit_sasl_authenticated,reject_unknown_sender_domain, > reject_authenticated_sender_login_mismatch, > reject_unauthenticated_sender_login_mismatch > > smtpd_recipient_restrictions = > permit_sasl_authenticated,reject_unauth_destination It's usually recommended that you put all your restrictions in smtpd_recipient_restrictions, it makes it a bit easier to understand what's happening. Show maillog entries for a message that you think should have been blocked. Likely scenarios for your config: * client connects, client is sasl-authenticated, client is okay to send mail anywhere, accept the mail * client connects, client isn't authenticated, client is trying to send mail to a domain on the server (eg. localdomains, relaydomains, virtualdomains), accept the mail * client connects, client isn't authenticated, client is trying to send mail somewhere else, client is in $mynetworks, accept the mail (only if you use permit_mynetworks; most people would) * client connects, client isn't authenticated, client is trying to send mail somewhere else, client isn't in $mynetworks, reject the mail (client is trying to use you as an open relay)
