On 6 mrt 2011, at 22:34, Noel Jones wrote: > On 3/6/2011 9:08 AM, DTNX/NGMX Postmaster wrote: >> >> I suspect that if you were to increase logging detail, you'd find that >> 'permit_sasl_authenticated' evaluates to zero during the client restrictions >> stage because of a delay in getting back an answer from whatever SASL >> backend you have in use. Postfix evaluates the rest of the client >> restrictions, and denies you access. > > No. The SASL authentication happens after CONNECT and HELO, before MAIL > FROM. With "smtpd_delay_reject = no", and "smtpd_client_restrictions = > permit_sasl_authenticated, reject" you're checking for sasl authentication > before the authentication ever has a chance to take place. > > This has nothing to do with what you're using for a sasl backend, because the > backend is never consulted. > > Just another good reason to not muck with the defaults.
Hmm, I must be remembering it wrong then, because that makes perfect sense. Or I interpreted the logging data incorrectly, which is not impossible either. Anyway, thanks for the correction. Cya, Jona
