Submission clients bypass MYNETS policy

Alex mysqlstudent at
Tue Sep 20 21:30:20 CEST 2011


>> in
>> submission inet n       -       n       -       -       smtpd
>>   -o smtpd_tls_security_level=encrypt
>>   -o smtpd_sasl_auth_enable=yes
>>   -o smtpd_client_restrictions=permit_sasl_authenticated,reject
>>   -o receive_override_options=no_address_mappings
>>   -o content_filter=smtp-amavis:[]:10026
> You MAY be less strict on the TLS side. The submission RFC recommends TLS, but
> doesn't say it is mandatory. If you allow plaintext authentication mechanisms
> such as PLAIN or LOGIN, you should set "encrypt" as smtpd_tls_security_level.
> In any other case you can choose "may".

Thanks very much for all your help. After I understood the data path
and how the data got from the submission port to amavis, I figured it

Thanks again,

More information about the amavis-users mailing list