On 4/29/2016 3:02 AM, Alice Wonder <[email protected]> wrote: > submission inet n - n - - smtpd > -o syslog_name=postfix/submission > -o smtpd_tls_security_level=encrypt > -o smtpd_sasl_auth_enable=yes > -o smtpd_reject_unlisted_recipient=no > -o smtpd_client_restrictions=permit_mynetworks,reject > -o smtpd_relay_restrictions=permit_mynetworks,reject_unauth_destination
What about permit_sasl_authenticated ? Without that external clients will not be able to use it. Also, personally I would *never* allow unauthenticated, except only from specific older clients that don't support SASL AUTH - and I would do that on a separate port with additional checks - but that is me, I know it isn't uncommon to do this.
