> -----Original Message----- > From: owner-postfix-us...@postfix.org [mailto:owner-postfix- > us...@postfix.org] On Behalf Of Brian Evans - Postfix List > Sent: Tuesday, August 04, 2009 12:30 AM > To: Postfix users > Subject: Re: allow sasl authenticated on submission port and bypass rbl > > Nick Sharp wrote: > > Sorry, was referring to the same log in my previous email, but didn't > > consider people may not always have that handy.. > > > > Aug 3 22:08:27 mail1 postfix/smtpd[25798]: NOQUEUE: reject: CONNECT > from > > unknown[58.171.194.208]: 554 5.7.1 <unknown[58.171.194.208]>: Client > host > > rejected: Access denied; proto=SMTP > > > > This transaction did not have a SASL auth that was successful. > Therefore, any permit_sasl_authenticated will not work. > > All log entries where SASL is successful, in smtpd, will have > "sasl_username=" and "sasl_method=" defined >
Ok, with smtpd_tls_security_level=encrypt as recommended, AUTH wasn't offered and therefore wouldn't match permit_sasl_authenticated. I got that going by changing encrypt to may and it now shows when I telnet.. 250-PIPELINING 250-SIZE 26214400 250-ETRN 250-STARTTLS 250-AUTH DIGEST-MD5 CRAM-MD5 250-AUTH=DIGEST-MD5 CRAM-MD5 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN Now if I have -o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject in the submission bit in master.cf, the connect immediately rejects unless matching mynetworks, still not giving a chance to do SASL.. Any ideas why this would be? The nearest I can get is accept email to my domains with TLS, with or without AUTH, or block you from even negotiating AUTH? There is no middle ground it seems (or more I am missing it! :) TIA Nick
