On 2022-03-04 at 15:02:28 UTC-0500 (Fri, 4 Mar 2022 22:02:28 +0200)
Nikolaos Milas <nmi...@noa.gr>
is rumored to have said:
> With regard to disabling AUTH on port 25 only - we need to let AUTH available
> on submission port (587) - what exactly should I do? Would it be enough to
> remove "permit_sasl_authenticated" from "smtpd_client_restrictions" in
> main.cf?
No, that isn't enough, it just makes authentication pointless.
ALSO remove "smtpd_sasl_auth_enable = yes" from main.cf and add '-o
smtpd_sasl_auth_enable = yes" to your submission and smtps services in
master.cf, i.e. something like this:
submission inet n - n - - smtpd
-o syslog_name=postfix/submit
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
smtps inet n - n - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING-TLS
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
