* Неворотин Вадим <nevoro...@gmail.com>: > How can I deny SASL authentication not from local (192.168.0.0/16) IP? Now I > have restrictions in smtpd_recipient_restrictions and other parameters, > which allow send mails to relayhost only from local IPs and only after > authentication. But client from Internet still can authenticate on my > server, but can't send mail. But I need to deny authentication from outer > net at all. It's because my users use very simple passwords, and in my net > each user has only one login/password for all services.
If your users also connect from outside, then there's no way to deny SASL authentication. If, however, you can identify your users by network range, split Postfix smtpd into an outside and an inside configuration like this in master.cf: # ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # ========================================================================== # smtp inet n - - - - smtpd <insideIP>:25 inet n - - - - smtpd -o smtpd_sasl_auth_enable=yes <outsideIP>:25 inet n - - - - smtpd Then remove "smtpd_sasl_auth_enable = yes" from main.cf and restart postfix. p...@rick -- All technical questions asked privately will be automatically answered on the list and archived for public access unless privacy is explicitely required and justified. saslfinger (debugging SMTP AUTH): <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
