Thank you for your answer... You were right, I actually have commented that line (smtpd_client_restrictions) when I did the tests. So, that is why it allowed me.
Thank you.. I still have 1 more question, but I will write other mail for that. Cheers... On Mon, Mar 16, 2009 at 2:48 PM, Magnus Bäck <mag...@dsek.lth.se> wrote: > On Monday, March 16, 2009 at 06:18 CET, > Alberto Lepe <d...@alepe.com> wrote: > > [...] > >> I wanted to force the users to authenticate, in order to send mails, with: >> >> #smtpd_client_restrictions = permit_sasl_authenticated,reject >> >> But for some reason, when I use that line, and I send a mail from >> gmail to one of the test accounts, it is bounced with an "Client host >> rejected: Access denied" error. >> I thought it was only for those wishing to use the SMTP server for >> sending emails... but it is not... right? > > Postfix doesn't know why the client is connecting. As far as it's > concerned, Gmail is also "sending" email. Postfix is doing exactly > what you're telling it to do -- permit authenticated clients and > rejecting the rest. > >> So, what I don't understand about the restrictions is: >> >> If I don't include the "smtpd_client_restrictions = >> permit_sasl_authenticated,reject" line, >> anyone can use my SMTP to send emails without authentication if it is >> not rejected by other rules (e.g., reject_unlisted_sender, etc.) > > Yes, but only to domains hosted by your Postfix. How would you otherwise > receive email from e.g. Gmail? > >> Even with " smtpd_client_restrictions" rule, If I use that server as >> SMTP server, I can send an email to a local account: >> (t...@myhostname.com) without authentication! (and outside >> mynetworks). Why is that possible? > > No, that's incorrect. With > > smtpd_client_restrictions = permit_sasl_authenticated,reject > > in main.cf only authenticated clients will be allowed to do anything. > > Put the permit_sasl_authenticated stuff in smtpd_recipient_restrictions > instead, along with permit_mynetworks. Relay access control takes place > in smtpd_recipient_restrictions. > > -- > Magnus Bäck > mag...@dsek.lth.se >
