On 2 Jun 2019, at 10:03 (-0400), @lbutlr wrote:
Just want a quick sanity check on enabling smts in master.cf:
smtps inet n - n - - smtpd
-o smtpd_sasl_auth_enable=yes
-o smtpd_tls_wrappermode=yes
-o syslog_name=submit/smtps
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_security_options=noanonymous
-o smtpd_sasl_path=private/auth
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o
smtpd_relay_restrictions=permit_sasl_authenticated,reject_unauth_destination,reject
-o
smtpd_recipient_restrictions=permit_sasl_authenticated,reject_unauth_destination,reject
-o smtpd_helo_restrictions=
-o smtpd_data_restrictions=
I am not sure I need smtpd_client_restrictions or
smtpd_sasl_security_options at all?
You should keep smtpd_sasl_security_options=noanonymous' to block
anonymous SASL mechanisms.
You do not need
smtpd_client_restrictions=permit_sasl_authenticated,reject' because you
have 'permit_sasl_authenticated,*,reject' in restriction lists that are
evaluated later.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Available For Hire
