|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: mouss (mouss
netoyen.net)
Date: Mon Dec 01 2008 - 10:10:04 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Noel Jones a écrit :
> mouss wrote:
>> Simone Felici a écrit :
>>> mouss ha scritto:
>>>> Simone Felici a écrit :
>>>>> Why? Uhm, dunno...
>>>>> It seems certain mailclients has Autenticated smtp enabled as default
>>>>> and if the client found the smtp server support it, then it try to
>>>>> send
>>>>> in auth. This return an error, due inappropriate settings of the
>>>>> client.
>>>> if you know their IPs, you can use
>>>> smtpd_discard_ehlo_keyword_address_maps
>>>>
>>>
>>> Mouss,
>>> this could be a solution... but haven't find any example or documation
>>> to try it.
>>> Could you pount me at any example?
>>
>> make sure to read:
>>
>> http://www.postfix.org/postconf.5.html#smtpd_discard_ehlo_keyword_address_maps
>>
>>
>>
>>
>> smtpd_discard_ehlo_keyword_address_maps
>> hash:/etc/postfix/discard_ehlo
>>
>> == discard_ehlo
>> 10.1.2.3 starttls, auth, silent-discard
>>
>> (silent-discard prevents postfix from logging this "keyword discard"
>> action).
>>
>>
>
>
> (discarding starttls may be too much, but OP can decide for himself)
>
yes. I only cited it to show that multiple keywords can be discarded.
>
> I think this is even easier:
> http://www.postfix.org/postconf.5.html#smtpd_sasl_exceptions_networks
>
> The simplest form of this is:
> # main.cf
> smtpd_sasl_exceptions_networks = $mynetworks
>
>
>>> The initial problem was:
>>> I've an SMTP server for customers, with standard smtp open only from a
>>> range of IPs.
>>> Could I provide normal smtp service for customers of a range of known IP
>>> (like now) and open my server to all the world for smtp service but ONLY
>>> if autenthicated smtp i sused?
>>>
>>> Is the MUA with an IP of my customers?
>>> YES: It can send without any authentication.
>>> NO: It can send ONLY it a user/pass is provided.
>>>
>>
>
> The behavior you describe is the standard settings:
>
> smtpd_recipient_restrictions =
> permit_mynetworks
> permit_sasl_authenticated
> reject_unauth_destination
> ... other restrictions ...
>
> You only need to make special arrangements such as mouss and I describe
> when you don't want to ever offer AUTH to local clients. Offering AUTH
> to everyone does not present a problem to the vast majority of clients.
>
It's unclear whether he actually found misbehaving MUAs or if he is just
fearing the unknown ;-p
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]