Submission clients bypass MYNETS policy

Alex mysqlstudent at gmail.com
Tue Sep 20 21:30:20 CEST 2011


Hi,

>> in master.cf:
>>
>> submission inet n       -       n       -       -       smtpd
>>   -o smtpd_tls_security_level=encrypt
>>   -o smtpd_sasl_auth_enable=yes
>>   -o smtpd_client_restrictions=permit_sasl_authenticated,reject
>>   -o receive_override_options=no_address_mappings
>>   -o content_filter=smtp-amavis:[127.0.0.1]:10026
>
> You MAY be less strict on the TLS side. The submission RFC recommends TLS, but
> doesn't say it is mandatory. If you allow plaintext authentication mechanisms
> such as PLAIN or LOGIN, you should set "encrypt" as smtpd_tls_security_level.
> In any other case you can choose "may".

Thanks very much for all your help. After I understood the data path
and how the data got from the submission port to amavis, I figured it
out.

Thanks again,
Alex


More information about the amavis-users mailing list