On tis 4 feb 2014 15:42:04, Patrik Båt wrote: > On tis 4 feb 2014 15:36:34, Viktor Dukhovni wrote: >> On Tue, Feb 04, 2014 at 02:57:42PM +0100, Patrik B?t wrote: >> >>> When saslauthd crashes or beeing stopped, mails are bounced. >>> eg: 535 5.7.8 Error: authentication failed: generic failure >>> >>> Can I somehow change it to just defer? >> >> If you have a dedicated submission/relay service to which *all* >> clients must authenticate, then you can set the restrictions to >> "defer" after allowing authenticated users. >> >> main.cf: >> # Postfix >= 2.10 variant (uncomment below and comment-out variant for >> # earlier versions. >> # >> #submission_relay_restrictions = permit_sasl_authenticated, defer >> #submission_recipient_restrictions = >> >> # Earlier versions variant >> # >> submission_recipient_restrictions = permit_sasl_authenticated, defer >> >> master.cf: >> # Replace "submission" with appropriate IP:port as required. >> # Replace "submission" with appropriate IP:port as required. >> submission inet n ... smtpd >> -o smtpd_client_restrictions= >> -o smtpd_helo_restrictions= >> -o smtpd_sender_restrictions= >> # Uncomment with Postfix >= 2.10 >> # -o smtpd_relay_restrictions=$submission_relay_restrictions >> -o smtpd_recipient_restrictions=$submission_recipient_restrictions >> -o smtpd_data_restrictions= >> -o smtpd_end_of_data_restrictions= >> ... >> >> Do not do this on any SMTP listener that also handles inbound mail >> (i.e. port 25 MX host for your domain) and thus cannot enforce authentication >> for all clients. >> > > Thanks alot Victor! > > I've done this tho, but it wasn't working, so I have restrictions > somewhere else also, so i need to figur that out, but then my > conclusion wasn't that off :) >
Hmm, Victor are you sure this works? I'm running postfix version 2.9.6 on Debian Wheezy.
signature.asc
Description: OpenPGP digital signature
