On Tue, Feb 04, 2014 at 02:57:42PM +0100, Patrik B?t wrote:
> When saslauthd crashes or beeing stopped, mails are bounced.
> eg: 535 5.7.8 Error: authentication failed: generic failure
>
> Can I somehow change it to just defer?
If you have a dedicated submission/relay service to which *all*
clients must authenticate, then you can set the restrictions to
"defer" after allowing authenticated users.
main.cf:
# Postfix >= 2.10 variant (uncomment below and comment-out variant for
# earlier versions.
#
#submission_relay_restrictions = permit_sasl_authenticated, defer
#submission_recipient_restrictions =
# Earlier versions variant
#
submission_recipient_restrictions = permit_sasl_authenticated, defer
master.cf:
# Replace "submission" with appropriate IP:port as required.
# Replace "submission" with appropriate IP:port as required.
submission inet n ... smtpd
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
# Uncomment with Postfix >= 2.10
# -o smtpd_relay_restrictions=$submission_relay_restrictions
-o smtpd_recipient_restrictions=$submission_recipient_restrictions
-o smtpd_data_restrictions=
-o smtpd_end_of_data_restrictions=
...
Do not do this on any SMTP listener that also handles inbound mail
(i.e. port 25 MX host for your domain) and thus cannot enforce authentication
for all clients.
--
Viktor.
