On Wed, Oct 02, 2013 at 07:08:48PM +0200, Manuel Bieling wrote:
> >I wonder if moving the
> >check_client_access and permit_sasl_authenticated below
> >reject_unauth_destination would help?
>
> Moving 'check_client_access' below 'reject_unauth_destination'
> prevents you from wildcards in 'check_client_access' which can make
> you an open relay. Just best practice and not a must.
No, it simply breaks POP before SMTP. So the original order is
correct.
However, now that we see that the OP is using POP before SMTP, it
is quite likely the POP before SMTP cache, rather than SMTP auth
that is at issue with the spammers in question. Once SASL is up
and running, it is wise to stop supporting the POP before SMTP
crutch.
--
Viktor.
