On Thu, 11 Aug 2016 22:54:37 +0200, Benny Pedersen wrote: > On 2016-08-11 22:49, Richard Klingler wrote: > >> I've put it also now on the client restriction..but the message looks >> the same... >> Clients still can try to do SMTP AUTH... > > disable sasl auth in main.cf > > enable it in master.cf for port 587 only > > the check_client_access cann aswell be used in master.cf only > > its just important to block where its needed to block > > time for a new postconf -n output to continue help
This is it: (dunno know how to enable sasl in master.conf for a specific port ;o) marvin# postconf -n alias_database = hash:/usr/local/etc/postfix/aliases alias_maps = hash:/usr/local/etc/postfix/aliases bounce_size_limit = 200000 broken_sasl_auth_clients = yes command_directory = /usr/local/sbin config_directory = /usr/local/etc/postfix daemon_directory = /usr/local/libexec/postfix data_directory = /var/db/postfix debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5 disable_vrfy_command = yes header_checks = regexp:/usr/local/etc/postfix/header_checks html_directory = /usr/local/share/doc/postfix inet_protocols = ipv4 mail_owner = postfix mailbox_size_limit = 500000000 mailq_path = /usr/local/bin/mailq manpage_directory = /usr/local/man message_size_limit = 200000000 mime_header_checks = regexp:/usr/local/etc/postfix/mime_header_checks mydestination = $myhostname, localhost.$mydomain myhostname = marvin.klingler.net mynetworks = 127.0.0.0/8, 213.193.121.96/29 mynetworks_style = host newaliases_path = /usr/local/bin/newaliases queue_directory = /var/spool/postfix readme_directory = /usr/local/share/doc/postfix sample_directory = /usr/local/etc/postfix sendmail_path = /usr/local/sbin/sendmail setgid_group = maildrop smtp_sasl_password_maps = hash:/usr/local/etc/sasldb2.db smtp_tls_note_starttls_offer = yes smtp_use_tls = yes smtpd_client_restrictions = check_client_access cidr:/usr/local/etc/postfix/blacklisted_prefixes, permit_sasl_authenticated, check_client_access hash:/usr/local/etc/postfix/blacklist, permit_mynetworks, reject_rbl_client bl.blocklist.de, reject_rbl_client bl.spamcop.net, reject_rbl_client cbl.abuseat.org, reject_rbl_client dnsbl.njabl.org smtpd_etrn_restrictions = reject smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, reject_non_fqdn_hostname, reject_invalid_hostname, check_helo_access pcre:/usr/local/etc/postfix/helo_checks smtpd_recipient_limit = 3000 smtpd_recipient_restrictions = check_client_access cidr:/usr/local/etc/postfix/blacklisted_prefixes, permit_sasl_authenticated, permit_mynetworks, reject_rbl_client bl.blocklist.de, reject_rbl_client ix.dnsbl.manitu.net, reject_rbl_client cbl.abuseat.org, reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unauth_destination, check_policy_service inet:127.0.0.1:10023 smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = smtpd_sasl_path = private/smtp smtpd_sasl_type = cyrus smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, check_client_access hash:/usr/local/etc/postfix/blacklist, reject_rbl_client bl.blocklist.de, reject_non_fqdn_sender smtpd_tls_CAfile = /usr/local/etc/postfix/ssl/smtpd.pem smtpd_tls_cert_file = /usr/local/etc/postfix/ssl/smtpd.pem smtpd_tls_key_file = /usr/local/etc/postfix/ssl/smtpd.pem smtpd_tls_loglevel = 2 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s smtpd_use_tls = yes tls_random_source = dev:/dev/urandom transport_maps = hash:/usr/local/etc/postfix/transport unknown_client_reject_code = 550 unknown_local_recipient_reject_code = 550 virtual_alias_maps = hash:/usr/local/etc/postfix/virtual_maps
