> Benny Pedersen: > > since i never travel outside my own country i have desided to limit based > > on ip to not have sasl on whole ipv4 and now ipv6 ip ranges, my question > > is, is enough to remove starttls in port 25 to disable sasl for this > > clients ? > > > > there is properly better ways to make it, i just need to know them so > > You can use smtpd_discard_ehlo_keyword_address_maps to disable > AUTH by IP address. With this, the Postfix SMTP server will not > announce AUTH support and will not accept AUTH commands. > Another solution: - Use the submission port for authenticated clients - only allow server2server communication on port 25 - use a firewall to block incomming traffic to the submission port (- use a firewall to block all traffic from dynamic ipranges to port 25)
Greetings Thomas Berger
signature.asc
Description: This is a digitally signed message part.
