Il 19/03/2013 19:30, Viktor Dukhovni ha scritto:
On Tue, Mar 19, 2013 at 06:47:42PM +0100, Matteo Marescotti wrote:
Il 19/03/2013 17:41, Viktor Dukhovni wrote:
On Tue, Mar 19, 2013 at 02:18:51PM +0000, Matteo Marescotti wrote:
submission inet n - - - - smtpd
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
...
With "smtpd_tls_security_level=encrypt" only EHLO, NOOP and QUIT
are allowed before STARTTLS. The other commands will be rejected,
but of course we can't prevent the client from sending them.
I said Postfix accepts the MAIL FROM command before user
authentication, not before STARTTLS.
Sorry, I misread your post, I am too focused on TLS lately, yes
rejection of transactions is deliberately delayed to RCPT TO, this
makes it possible to later figure out what was being rejected.
A good MTA produces a good audit trail.
I was sure there was a very good reason for that. Thank you very much to
everybody. I learned something I could not figure out by myself.
Matteo
