Dnia 23.10.2024 o godz. 10:51:38 Ivan Ionut via Postfix-users pisze: > > Well, yes I do have submission service on the same server... and I > do have disabled SASL on port 25 and my logs on failed attempts are > something like this: > > Oct 23 08:15:12 myhost postfix/submission/smtpd[1888892]: warning: > unknown[xxx.xxx.xxx.xxx]: SASL PLAIN authentication failed: > Oct 23 08:19:26 myhost postfix/submission/smtpd[1897067]: warning: > spamhost [xxx.xxx.xxx.xxx]: SASL LOGIN authentication failed: > UGFzc3dvcmQ6
As I have written some time ago, I use a policy service that immediately rejects all connections on submission ports if there is no logged in IMAP session from the same IP address. The reason is that regular mail clients first establish an IMAP session, to read mail, and connect to submission port only later, when the user wants to send something. So if something tries to connect to submission port without establishing an IMAP session first, it is not a regular user using a mail client, but something else. I don't want that "something else", so I reject it. Of course, if your actual users do happen to submit mail without establishing an IMAP session first, this solution is not for you. But in my case it works very well. -- Regards, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub." _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
