On 5/12/2021 2:21 PM, Noel Jones wrote:
On 5/12/2021 2:11 PM, David Mehler wrote:
Hello,
Thanks. Here's my master.cf submission entry:
submission inet n - n - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
-o tls_preempt_cipherlist=yes
-o
smtpd_sender_login_maps=mysql:/usr/local/etc/postfix/db/sender-login-maps.cf
What do I need to add?
The idea is to remove the more restrictive entries that
unauthenticated internet connections have to pass.
add something like
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-- Noel Jones
Oh, and remove any permit_sasl_authenticated from the entries in
main.cf - assuming that no authenticated users should be using port 25.
-- Noel Jones
