On Tue, Mar 19, 2013 at 02:18:51PM +0000, Matteo Marescotti wrote:
> submission inet n - - - - smtpd
> -o smtpd_tls_security_level=encrypt
> -o smtpd_sasl_auth_enable=yes
> -o smtpd_client_restrictions=permit_sasl_authenticated,reject
> -o milter_macro_daemon_name=ORIGINATING
> ...
With "smtpd_tls_security_level=encrypt" only EHLO, NOOP and QUIT
are allowed before STARTTLS. The other commands will be rejected,
but of course we can't prevent the client from sending them.
> With this configuration, messages can only be submitted through port
> 587 after an encrypted connection has been established and user
> authentication has succeded. So users need to authenticate
> themselves in order to send emails. Nevertheless, Postfix accepts
> the MAIL FROM command before authentication.
Show real evidence of this, after making sure your master.cf file
reflects run-time reality (postfix stop/start or at least reload).
--
Viktor.
