On 24/05/2024 03:15, Peter via Postfix-users wrote:
No you definately should disable auth on port 25 regardless. It is possible for postscreen to pass a connection to
smtpd and smtpd can *then* offer auth.
To answer your original question, you can just set -o smtpd_sasl_auth_enable=no in master.cf but it has to be on the
smtpd service, not on postscreen. That said, I recommend not setting smtpd_sasl_auth_enable in main.cf and instead
explicitly set it on your submission and/or submissions service in master.cf instead. When it comes to things like
this it is generally better to default to off and explicitly turn on rather than default to on and explicitly turn off.
Many moons ago I was told to put "smtpd_sasl_auth_enable=no" in main.cf, blocking the function everywhere, and then put
"-o smtpd_sasl_auth_enable=yes" in the submission stanza(s) in master.cf, expressly enabling it *just* there.
Allen C
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
