On Wed, 18 Dec 2024 11:43:06 +0800 esd via Postfix-users <postfix-users@postfix.org> wrote:
> What I want to express is to enhance the robustness of postfix. For example, > add a default configuration, which can be more secure. In this way, even if > dovecot fails. It still does not affect other transactions that do not > require authentication to process. It seems like you want something similar to opportunistic TLS, e.g. smtpd_tls_security_level = may but for SASL. I think the problem with SASL and everything else you try to squeeze on port 25: if SASL was opportunistic then anyone could easily bypass it. There would need to be some sort of lookup table, to tell Postfix for which connections to enforce SASL. I'm not a Postfix expert so not sure if this is supported, but it is probably much simpler to run a separate submission service on a different port, which always enforces SASL. _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
