On 26/08/2013 9:00 PM, Noel Jones wrote:
On 8/26/2013 7:49 PM, LuKreme wrote:
OK, now that port 587 is working, I would like to disable user submission via
port 25. Not right now, but in a bit once people have a chance to change their
settings.
What do I do to prevent users sending via port25?
Super easy...
# main.cf
smtpd_sasl_auth_enable = no
Your master.cf submission entry probably already includes
-o smtpd_sasl_auth_enable=yes
If not, go ahead and add it to submission now so things don't break
unexpectedly later.
This won't prevent users from sending local mail to port 25, but
they won't be able to authenticate and won't be able to relay. This
usually isn't considered a problem, and changing it often causes
other issues.
-- Noel Jones
I based it something that Noel Jones wrote way back in 2008.
Create a file of the networks you wish to deny access to eg.
“Deny_Mynetworks_Access” the content of which will be the same networks
as those found in the mynetworks parameter of the main.cf file for example:
192.168.0.0/16 REJECT local access not permitted
n.n.n.n/28 REJECT local access not permitted
[nnnn:nnnn:nnnn::]/64 REJECT local access not permitted
remove the permit_mynetworks from all the various
smtpd_xxxx_restrictions stanzas of main.cf. Then modify the master.cf by
adding
-o smtpd_client_restrictions=hash:Deny_Mynetworks_Access,.....
to the smtp service, and add
-o smtpd_client_restrictions=permit_mynetworks,.....
to the submission service.
This should deny access to the smtp port (25) from the local networks
while allowing access to the submission port (587).
