zhong ming wu:
> Dear List
>
> Last time I have configured postfix was many years ago with version
> 2.3. Now I wish to upgrade to 2.7 and also change
> configuration by adding dovecot sasl authentication. It is working
> as expected. Public can deliver mail to my domain
> without authentication. authenticated users can use the server as a
> relay to anywhere.
>
> My concern is that with my config if dovecot server were to go down
> for any reason at all postfix cannot accept mail delivery. This seems
> to be undesirable because mail delivery does not need authentication.
The solution:
1) Do not enable SASL authentication on port 25. This is
used for mail from the Internet.
2) Enable SASL authentication on the submission port. This is
used for user mail clients. An example submission service is
commented out in the default master.cf file.
As required by RFC 2554, the SMTP server must announce the names
of the available SASL authentication mechanisms in the EHLO response.
Therefore, don't enable SASL authentication on a server that must
be available while the authentication server is down.
Wietse
> I believe the following line in main.cf might be relevant.
>
> smtpd_recipient_restrictions = permit_mynetworks,
> permit_sasl_authenticated, reject_unauth_destination
>
> Is the other option setting up 2 postfix servers: 1 for mail delivery
> and 1 for authenticated relay?
>
> Thanks for any suggestion.
>
> mr.wu
>
>
