Submission clients bypass MYNETS policy

Patrick Ben Koetter p at
Tue Sep 20 07:50:39 CEST 2011

* Gary V <mr88talent at>:
> Example:
> in
> submission inet n       -       n       -       -       smtpd
>   -o smtpd_tls_security_level=encrypt
>   -o smtpd_sasl_auth_enable=yes
>   -o smtpd_client_restrictions=permit_sasl_authenticated,reject
>   -o receive_override_options=no_address_mappings
>   -o content_filter=smtp-amavis:[]:10026

You MAY be less strict on the TLS side. The submission RFC recommends TLS, but
doesn't say it is mandatory. If you allow plaintext authentication mechanisms
such as PLAIN or LOGIN, you should set "encrypt" as smtpd_tls_security_level.
In any other case you can choose "may".

p at rick

All technical questions asked privately will be automatically answered on the
list and archived for public access unless privacy is explicitely required and

saslfinger (debugging SMTP AUTH):

More information about the amavis-users mailing list