On Tue, Jun 8, 2010 at 09:47, Larry Stone <lston...@stonejongleux.com> wrote: > On Tue, 8 Jun 2010, Phil Howard wrote: > >> On Fri, Jun 4, 2010 at 18:31, Sahil Tandon <sa...@freebsd.org> wrote: >>> >>> On Fri, 04 Jun 2010, Dan Burkland wrote: >>> >>>> Relevant configuration entries: >>>> >>>> -------main.cf-------- >>>> smtpd_recipient_restrictions = permit_mynetworks, >>>> reject_unauth_destination >>> >>> ^^^^^^^^^ >>> >>>> -------master.cf------- >>>> submission inet n - n - - smtpd >>>> -o smtpd_enforce_tls=yes >>>> -o smtpd_sasl_auth_enable=yes >>>> -o smtpd_sasl_type=dovecot >>>> -o smtpd_sasl_path=private/auth >>>> -o smtpd_client_restrictions_permit_sasl_authenticated,reject >>> >>> ^^^^^^ >>> >>> You might have incorrectly assumed that if one restriction list >>> evaluates to OK, that the following restriction lists are skipped. This >>> is not the case. You OK the SASL authenticated client in >>> smtpd_client_restrictions, but then smtpd_recipient_restrictions are >>> still evluated based on the definition in main.cf. For a better >>> understanding, review SMTPD_ACCESS_README. >> >> I'm assuming that: >> >> -o smtpd_client_restrictions_permit_sasl_authenticated,reject >> >> is intended to be: >> >> -o smtpd_client_restrictions=permit_sasl_authenticated,reject >> > > Phil, you're not getting what people are trying to tell you. Your entry in > master.cf for submission overrrides smtpd_CLIENT_restrictions. You are not > overriding smtpd_RECIPIENT_restrictions so the smtpd_recipient_restrictions > = permit_mynetworks, reject_unauth_destination > in main.cf is still applied. And that says if it's not mynetworks, reject. > SASL authentication is never looked at in that restriction.
Did you even look at what I posted? There is no config item called "smtpd_client_restrictions_permit_sasl_authenticated". I wasn't talking about smtpd_recipient_restrictions at all. I guess this is the confusion that happens in threads when there are 2 or more errors.
