On Tue, Oct 29, 2024 at 07:35:41AM +0100, Kirill A. Korinsky wrote:
> I wonder why you can't use different listeners with and without filters?
>
> For example I do have following setup:
>
> listen on socket
>
> listen on egress inet4 port smtp tls pki mx.catap.net \
> filter { admdscrub, "auth", dnsbl }
>
> listen on egress port submission \
> tls-require pki mx.catap.net auth <credentials> \
> mask-src \
> filter sign
>
> where sign is filter chain which adds DKIM and ARC signatures for the mail
> which is relayed in behalf of authenticated users.
According to RFC 6409, Section 3.1:
> Although most email clients and servers can be configured to use port
> 587 instead of 25, there are cases where this is not possible or
> convenient. A site MAY choose to use port 25 for message submission
> by designating some hosts to be MSAs and others to be MTAs.
My patch allows the server admin to operate it in this manner, using the
authentication status as an identifier.
Tom Li
