Authentication query

Sat, 16 Jan 2016 06:49:10 -0800 

Hi,
I'm afraid I struggle a bit with understanding all the various restrictions with their meaning and where they are applied to so can I please have some help? 


Last night I noticed one IP address repeatedly trying to authenticate on 
port 25, trying different user names until he finally went away on his 
own accord. I have a small family server at home and I have no need for 
any valid user on my LAN to authenticate so I have permit_mynetworks in 
my restrictions. If I am outside my LAN I use submission with the 
following in master.cf:


   submission inet n       -       n       -       - smtpd -o
   smtpd_sasl_auth_enable=yes -o
smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject

This appears to work and was gleaned from earlier posts of mine here.

In main.cf I have:
smtpd_helo_required = yes
smtp_sasl_auth_enable = yes

smtpd_recipient_restrictions = permit_mynetworks, 
permit_sasl_authenticated, reject_unknown_recipient_domain, 
reject_unauth_pipelining, reject_invalid_hostname, 
reject_non_fqdn_hostname, reject_non_fqdn_sender, 
reject_non_fqdn_recipient, reject_unauth_destination, reject_rbl_client 
zen.spamhaus.org, reject_rbl_client 2.0.0.127.b.barracudacentral.org

smtpd_helo_restrictions =
        permit_mynetworks,
        permit_sasl_authenticated,
        reject_non_fqdn_helo_hostname,
smtpd_sender_restrictions =
        permit_mynetworks,
        permit_sasl_authenticated,
        reject_non_fqdn_sender,
        reject_invalid_hostname,
        reject_rhsbl_sender,
        dsn.rfc-ignorant.org

I send mail to the outside world using smtps via stunnel.


Is it possibly to stop anyone outside my LAN who tries to authenticate 
on port 25? For example:



In smtpd_recipient_restrictions (and smtpd_helo_restrictions and 
smtpd_sender_restrictions), can I drop permit_sasl_authenticated without 
losing any mail. The original smtpd_recipient_restrictions were gleaned 
from some forum post with little understanding.



Do I need "smtp_sasl_auth_enable = yes" as I need authentication when 
sending mail to stunnel and when relaying from the outside on the 
submission port?


If you have any other comments on my settings, I'm happy to hear them.

Many thanks for your patience,

Nick






















					Reply via email to