2) why would you setup a submission service that doesn't require auth
from MUAs?
It's because they never had to. It is
a
historical problem. Now we have thousands of customers, that never had to
authenticate, so there is no power to force them to do it now.
These days I'm spending the time by splitting the server into port 25
(MTA connections) and 587 (MUA connections) - just see my previous
posts, and can do NOTHING with the
clients, that never autenticated. I can send them email, to please them,
and then force
the authentication on port 587, but I'm pretty sure, that thousands of
them
will not reflect the email and they will call here and complain about
functionality of the email service - this is common for end users
these days. And after that, I will lose my job... :-) And many of them are
also unable to reconfigure their Outlooks.
So the result at submission port must be something like this:
submission inet n - n - - smtpd
-o smtpd_etrn_restrictions=reject
-o smtpd_sasl_auth_enable=yes
-o content_filter=
-o receive_override_options=no_header_body_checks
-o
smtpd_client_restrictions=check_policy_service,inet:127.0.0.1:24575,permit_mynetworks,permit_sasl_authenticated,reject
Tomas
