Submission clients bypass MYNETS policy
Patrick Ben Koetter
p at state-of-mind.de
Tue Sep 20 07:50:39 CEST 2011
* Gary V <mr88talent at gmail.com>:
> Example:
>
> in master.cf:
>
> submission inet n - n - - smtpd
> -o smtpd_tls_security_level=encrypt
> -o smtpd_sasl_auth_enable=yes
> -o smtpd_client_restrictions=permit_sasl_authenticated,reject
> -o receive_override_options=no_address_mappings
> -o content_filter=smtp-amavis:[127.0.0.1]:10026
You MAY be less strict on the TLS side. The submission RFC recommends TLS, but
doesn't say it is mandatory. If you allow plaintext authentication mechanisms
such as PLAIN or LOGIN, you should set "encrypt" as smtpd_tls_security_level.
In any other case you can choose "may".
p at rick
--
All technical questions asked privately will be automatically answered on the
list and archived for public access unless privacy is explicitely required and
justified.
saslfinger (debugging SMTP AUTH):
<http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
More information about the amavis-users
mailing list