| 1 |
Hi! |
| 2 |
|
| 3 |
I changed the restrictions line like you said: |
| 4 |
smtpd_recipient_restrictions = |
| 5 |
permit_mynetworks, |
| 6 |
permit_sasl_authenticated, |
| 7 |
reject_unauth_destination |
| 8 |
|
| 9 |
but this way it will try to see if the ip is part of mynetworks first, and |
| 10 |
as it wont be it will reject or ... because my squirremail morks and I |
| 11 |
think it does not use the authentification but rather the mynetworks. |
| 12 |
Well.. :) |
| 13 |
|
| 14 |
here is postconf | grep smtpd_sasl |
| 15 |
smtpd_sasl_auth_enable = yes |
| 16 |
smtpd_sasl_authenticated_header = no |
| 17 |
smtpd_sasl_exceptions_networks = |
| 18 |
smtpd_sasl_local_domain = |
| 19 |
smtpd_sasl_path = smtp |
| 20 |
smtpd_sasl_security_options = noanonymous |
| 21 |
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options |
| 22 |
smtpd_sasl_type = cyrus |
| 23 |
|
| 24 |
|
| 25 |
I also now have all the authentification methods in the telnet EHLO |
| 26 |
response. Which should not be |
| 27 |
telnet localhost 587 |
| 28 |
Trying 127.0.0.1... |
| 29 |
Connected to localhost. |
| 30 |
Escape character is '^]'. |
| 31 |
220 ks359684.kimsufi.com ESMTP Postfix |
| 32 |
EHLO localhost |
| 33 |
250-ks359684.kimsufi.com |
| 34 |
250-PIPELINING |
| 35 |
250-SIZE 10240000 |
| 36 |
250-VRFY |
| 37 |
250-ETRN |
| 38 |
250-STARTTLS |
| 39 |
250-AUTH NTLM LOGIN PLAIN DIGEST-MD5 CRAM-MD5 |
| 40 |
250-AUTH=NTLM LOGIN PLAIN DIGEST-MD5 CRAM-MD5 |
| 41 |
250-ENHANCEDSTATUSCODES |
| 42 |
250-8BITMIME |
| 43 |
250 DSN |
| 44 |
STARTTLS |
| 45 |
220 2.0.0 Ready to start TLS |
| 46 |
|
| 47 |
Which I don't understand how because the /etc/sasl2/smtpd.conf is sayin: |
| 48 |
mech_list: PLAIN LOGIN |
| 49 |
pwcheck_method: saslauthd |
| 50 |
|
| 51 |
I will continue to look now, need to clean somethin somewhere. |
| 52 |
Thank you for the help ;) |
| 53 |
|
| 54 |
Laurent |
Archives