On 2/2/2016 5:53 PM, John A @ KLaM wrote: > If I might ask another peripheraly related and most probably very > dumb question - is it possible to the have the inverse of > "permit_authenticated_users"? > The rules for this outfit are - imap for picking up you mail, > submission (port 587) for sending. So if somebody who can > authenticate themselves turns up on port 25, they are in the wrong > place.
This is commonly handled by not offering AUTH on port 25. Users who end up there find sending mail doesn't work, and usually recheck their settings before calling. Take all the sasl statements out of main.cf, and add them as -o options to the "submission" service in master.cf. Something like: # main.cf smtpd_sasl_auth_enable = no # master.cf submission inet n - n - - smtpd -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes -o smtpd_relay_restrictions=permit_sasl_authenticated,reject ... other stuff you like ... -- Noel Jones
