On Tue, Mar 19, 2013 at 06:47:42PM +0100, Matteo Marescotti wrote:
> Il 19/03/2013 17:41, Viktor Dukhovni wrote:
> >On Tue, Mar 19, 2013 at 02:18:51PM +0000, Matteo Marescotti wrote:
> >
> >>submission inet n - - - - smtpd
> >> -o smtpd_tls_security_level=encrypt
> >> -o smtpd_sasl_auth_enable=yes
> >> -o smtpd_client_restrictions=permit_sasl_authenticated,reject
> >> -o milter_macro_daemon_name=ORIGINATING
> >>...
> >
> >With "smtpd_tls_security_level=encrypt" only EHLO, NOOP and QUIT
> >are allowed before STARTTLS. The other commands will be rejected,
> >but of course we can't prevent the client from sending them.
> I said Postfix accepts the MAIL FROM command before user
> authentication, not before STARTTLS.
Sorry, I misread your post, I am too focused on TLS lately, yes
rejection of transactions is deliberately delayed to RCPT TO, this
makes it possible to later figure out what was being rejected.
A good MTA produces a good audit trail.
--
Viktor.
