David Hulsebus: > > Probably better is to only offer AUTH on submission port 587 with > > required encryption, and not offer AUTH at all on port 25. > > That is exactly what I want to do. If I uncomment this in the master.cf does > it force TLS encryption on port 587 before authentication? If not, how would > I do that? > > submission inet n - - - - smtpd > -o smtpd_tls_security_level=encrypt > -o smtpd_sasl_auth_enable=yes > -o smtpd_client_restrictions=permit_sasl_authenticated,reject > -o milter_macro_daemon_name=ORIGINATING
http://www.postfix.org/SASL_README.html#server_sasl_enable http://www.postfix.org/postconf.5.html#smtpd_sasl_auth_enable http://www.postfix.org/TLS_README.html#server_tls http://www.postfix.org/postconf.5.html#smtpd_tls_auth_only http://www.postfix.org/postconf.5.html#smtpd_tls_security_level > Further, how do I not allow AUTH on port 25. I can't glean it from the docs. http://www.postfix.org/SASL_README.html#server_sasl_enable Wietse
