Am 05.02.2014 01:28, schrieb Silvio Siefke: > On Tue, 04 Feb 2014 21:40:38 +0100 "li...@rhsoft.net" > <li...@rhsoft.net> wrote: > >> how should it if you happily reject anything and not use >> "permit_sasl_authenticated" anywhere? authentication itself >> means nothing without configuration for it > > Yes that's correct i have nothing stand, because when i read on dovecot > the sasl wiki page i has think this job run with submission.
yes, but you provided only one log line which has no evidence that your client used the submission port (587) *and* authentication as well as you did not state your submission config in the inital posting you only overwrite "smtpd_recipient_restrictions" in master.cf but you have other restrictions enabled and "Client host rejected: cannot find your hostname" is pretty sure from your global "smtpd_client_restrictions" as well you do not want your global "smtpd_helo_restrictions" on submission your global restrictions: >> smtpd_client_restrictions = reject_unknown_client_hostname >> smtpd_helo_restrictions = reject_invalid_helo_hostname, >> reject_unknown_helo_hostname, reject_non_fqdn_helo_hostname >> smtpd_recipient_restrictions = reject_unknown_recipient_domain, >> reject_non_fqdn_recipient, reject_unverified_recipient, permit_mynetworks, reject_unauth_destination, >> smtpd_sender_restrictions = reject_unknown_sender_domain also be careful with "reject_unknown_recipient_domain" http://www.postfix.org/postconf.5.html#reject_unknown_recipient_domain mail-clients can't handle temporary errors and you make the life of your users hard because you hit them with *any* temporary DNS error > http://wiki2.dovecot.org/HowTo/PostfixAndDovecotSASL > > submission inet n - n - - smtpd > -o smtpd_tls_security_level=encrypt > -o smtpd_sasl_auth_enable=yes > -o smtpd_sasl_type=dovecot > -o smtpd_sasl_path=private/auth > -o smtpd_recipient_restrictions=reject_unknown_recipient_domain, > reject_non_fqdn_recipient, > permit_sasl_authenticated, > reject fix that above submission inet n - n - - smtpd -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_sasl_type=dovecot -o smtpd_sasl_path=private/auth -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_recipient_restrictions=reject_unknown_recipient_domain, reject_non_fqdn_recipient, permit_sasl_authenticated, reject
