On Tue, 8 Jun 2010, Phil Howard wrote:
On Fri, Jun 4, 2010 at 18:31, Sahil Tandon <sa...@freebsd.org> wrote:
On Fri, 04 Jun 2010, Dan Burkland wrote:
Relevant configuration entries:
-------main.cf--------
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination
^^^^^^^^^
-------master.cf-------
submission inet n - n - - smtpd
-o smtpd_enforce_tls=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_path=private/auth
-o smtpd_client_restrictions_permit_sasl_authenticated,reject
^^^^^^
You might have incorrectly assumed that if one restriction list
evaluates to OK, that the following restriction lists are skipped. This
is not the case. You OK the SASL authenticated client in
smtpd_client_restrictions, but then smtpd_recipient_restrictions are
still evluated based on the definition in main.cf. For a better
understanding, review SMTPD_ACCESS_README.
I'm assuming that:
-o smtpd_client_restrictions_permit_sasl_authenticated,reject
is intended to be:
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
Phil, you're not getting what people are trying to tell you. Your entry
in master.cf for submission overrrides smtpd_CLIENT_restrictions. You are
not overriding smtpd_RECIPIENT_restrictions so the
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination
in main.cf is still applied. And that says if it's not mynetworks,
reject. SASL authentication is never looked at in that restriction.
-- Larry Stone
lston...@stonejongleux.com
