Wietse Venema via Postfix-users:
> Antonin VERRIER via Postfix-users:
> > Hello,
> >
> > I'm a bit confused about whether Postfix considers a client
> > authenticated using XCLIENT to be SASL-authenticated or not.
>
> If XCLIENT receives a SASL login name, Postfix assumes that client
> is authenticated.
>
> > Apparently "permit_sasl_authenticated" says no but
> > "reject_sender_login_mismatch" says yes.
>
> That is not working as intended. I can reproduce the problem on a
> test machine with:
>
> smtpd_relay_restrictions = permit_sasl_authenticated
> reject_unauth_destination
>
> Example:
>
> $ telnet wzv smtp
> Trying 168.100.3.7...
> Connected to wzv.
> Escape character is '^]'.
> 220 wzv.porcupine.org ESMTP Postfix
> XCLIENT LOGIN=whatever
> 220 wzv.porcupine.org ESMTP Postfix
> MAIL FROM:<>
> 250 2.1.0 Ok
> RCPT TO:<wietse>
> 554 5.7.1 <wietse>: Relay access denied
>
> Investigating...
Workaround: specify "smtpd_sasl_auth_enable = yes". That means
Postfix needs some of the Dovecot machinery even if most of it will
remain unused.
The documentation may suggest that enabling Postfix SASL is not
needed. I'll see what code change will fix the documented promise
without causing new problems.
Wietse
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
