On 2/11/2011 12:17 PM, Benny Pedersen wrote:
On Fri, 11 Feb 2011 13:10:35 -0500, Victor Duchovni
<victor.ducho...@morganstanley.com> wrote:
On Fri, Feb 11, 2011 at 07:07:15PM +0100, Benny Pedersen wrote:
not the best option for me, but my users can live with it, but remote
servers will need tls on port 25 still
TLS != SASL. Postscreen supports TLS/SSL, but not SASL, which belongs
largely on port 587.
why is postscreen not supporting sasl ?
The postscreen dnsbl tests happen before the client says
anything -- long before the authentication conversation.
To change this, postscreen would need to record the
conversation up to some chosen point and then play it back to
the real smtpd. This greatly increases the memory
requirements and complexity of postscreen, which is intended
to be small and lightweight. This won't change anytime soon,
maybe never.
AUTH clients really belong on submission/smtps, which in the
long run makes things easier on you and easier on your
clients. If that's not acceptable in your environment, don't
use postscreen.
-- Noel Jones
