Simone Felici a écrit : > Why? Uhm, dunno... > It seems certain mailclients has Autenticated smtp enabled as default > and if the client found the smtp server support it, then it try to send > in auth. This return an error, due inappropriate settings of the client.
if you know their IPs, you can use smtpd_discard_ehlo_keyword_address_maps > To prevent this i would like to set up two ip address on the same server. > The first ip address should accept only clean smtp sessions, with > restrictions allowing smtp only from specific client-ip, ranges. This is > the actual situation in porduction and all is ok. > The second ip should accept only sasl auth smtp session. If the > authenitcation goes well, the the client can send without other check > and the client can have every ip he want. > Due company decisions, out smtp server accept sending messages only if > the customer is connected with our network. the second ip on the server > should introduce the possibility to send (only if authenticated) from > any network. > Is it possible to setup on the same server? > I've read this (http://www.postfix.org/RESTRICTION_CLASS_README.html) > and ok, but have no idea how to choose different policies depending on > two different IPs (interfaces) of the server. > instead of playing with IPs, just enable the submission service in master.cf and get users to configure their MUA to use port 587 when they want to authenticate. if this isn't what you want/need, copy the submission service and do not enable sasl for the "standard" smtpd. 10.1.2.3:25 inet n - n - - smtpd # -o smtpd_tls_security_level=encrypt # -o smtpd_sasl_auth_enable=yes # -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING
