On Sun, Apr 06, 2025 at 01:18:14AM +0200, Andreas Kuhlen via Postfix-users
wrote:
> For better readability once more. Sorry for the first post which was a
> bit confusing because of its format!
This variant is not much better, at least not its text/plain variant,
only the HTML is correctly formatted. Please avoid HTML in posts to
this list..
> I have a question regarding the configuration of postscreen. In my
> current master.cf file I have not allowed SASL authentication for SMTP:
>
> I have a question regarding the configuration of postscreen. In my
> current master.cf file I have not allowed SASL authentication for SMTP:
> smtp inet n - y - - smtpd
> -o smtpd_sasl_auth_enable=no
You should leave essentially unchanged, just replacing "inet" with
"pass". It is still smtpd(8) that might or might not do SASL, the
postscreen(8) service never implements SASL.
> To activate postscreen in the master.cf file I added the following passage:
> smtp inet n - y - 1 postscreen
> smtpd pass - - y - - smtpd
Add
-o smtpd_sasl_auth_enable=no
to the "smtpd pass" service.
> dnsblog unix - - y - 0 dnsblog
> tlsproxy unix - - y - 0 tlsproxy
> I commented out the upper part that prohibits SASL authentication for
> SMTP.
Changing the internal protocol from "inet" to "pass" does not
substantially change the fact that this smtpd(8) instance handles
incoming connections on port 25 after they're briefly inspected by
postscreen(8).
> Postscreen also works so far, the question remains whether the
> option line that prohibits SMTP authentication can also be set for
> postscreen?
See above.
> Like this:
> smtp inet n - y - 1 postscreen
> -o smtpd_sasl_auth_enable=no
> smtpd pass - - y - - smtpd
> dnsblog unix - - y - 0 dnsblog
> tlsproxy unix - - y - 0 tlsproxy
No, the option goies "smtpd", just like its name implies.
--
Viktor.
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
