|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Bissio (bissio2000
yahoo.it)
Date: Fri Aug 24 2007 - 02:16:10 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi all,
I solved the problem... I have "check_sender_access
mysql:/etc/postfix/mysql-sender.cf" in recipient restictions and i put some
sender domains like trusted into mysql table (domains of mine and other
external domain like yahoo.com, aol.com etc...) so every email coming from
those domains did not require authentication.
My question is how this is possible if in recipient restiction i have
permit_sasl_authenticated before check_sender_access? There is no precedence
in these rules?
Thanks
-----Messaggio originale-----
Da: owner-postfix-userspostfix.org [mailto:owner-postfix-userspostfix.org]
Per conto di Bissio
Inviato: giovedě 23 agosto 2007 16.48
A: no.spam.herefree.fr
Cc: postfix-userspostfix.org
Oggetto: R: sasl2 help
I ever used this configuration on main.cf:
smtpd_sasl_auth_enable = yes
smtpd_sasl2_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =
broken_sasl_auth_clients = yes
.......
smtpd_recipient_restrictions = permit_sasl_authenticated,
check_recipient_access mysql:/etc/postfix/mysql-recipient.cf,
check_sender_access mysql:/etc/postfix/mysql-sender.cf,
reject_invalid_hostname, reject_non_fqdn_recipient,
reject_unauth_destination, reject_unknown_recipient_domain,
reject_unverified_recipient, reject_unverified_sender
And any message without authentication did not start but in last week i saw
that any message starts with or without authentication. If i put a wrong
password on my mail client the message does not start, so the sasl2 works...
Only if i put wrong password.
Thanks
-----Messaggio originale-----
Da: owner-postfix-userspostfix.org [mailto:owner-postfix-userspostfix.org]
Per conto di mouss
Inviato: giovedě 23 agosto 2007 16.26
Cc: postfix-userspostfix.org
Oggetto: Re: sasl2 help
Bissio wrote:
>[snip]
> and this is a telnet result:
>
> 220 my.mailserver.com ESMTP Postfix
> ehlo me
> 250-my.mailserver.com
> 250-PIPELINING
> 250-SIZE 20240000
> 250-ETRN
> 250-AUTH PLAIN LOGIN
> 250-AUTH=PLAIN LOGIN
> 250-ENHANCEDSTATUSCODES
> 250-8BITMIME
> 250 DSN
> mail from: test
> 250 2.1.0 Ok
> rcpt to: test1test.com
> 250 2.1.5 Ok
> data
> 354 End data with <CR><LF>.<CR><LF>
> quit
>
> Any messages without authentication is sent... what's wrong?
nothing is wrong. That's standard behaviour. authentication is not required.
to enforce authentication for relay, see reject_sender_login_mismatch and
friends.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]