On Mon, Jun 03, 2024 at 08:55:11PM +0800, Jeff P via Postfix-users wrote:
> I have closed sasl auth on port 25. but users still can use port 587
> for login with plain text. how can I force users to use submission
> via start-tls only? I know I can open port 465 for ssl connection.
> but for history reason the port 587 must be open.
Belt and suspenders (the first setting implies the second, and the third
should then never be used), in master.cf for the submission entry set:
-o { smtpd_tls_security_level = encrypt }
-o { smtpd_tls_auth_only = yes }
-o { smtpd_sasl_security_options = noanonymous, noplaintext, nodictionary }
-o { smtpd_sasl_tls_security_options = noanonymous }
--
Viktor.
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
