On 3/19/2013 9:18 AM, Matteo Marescotti wrote: > Hello, > I have a question for you about authentication on port 587. At the > moment, my mailserver is configured as follows: > > main.cf: > ... > smtpd_use_tls=yes > smtpd_tls_auth_only = yes > smtpd_sasl_auth_enable = yes > mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 > smtpd_recipient_restrictions = permit_mynetworks, > permit_sasl_authenticated, reject_unauth_destination > ... > > > master.cf: > ... > smtp inet n - - - - smtpd > -o smtpd_tls_security_level=may > submission inet n - - - - smtpd > -o smtpd_tls_security_level=encrypt > -o smtpd_sasl_auth_enable=yes > -o smtpd_client_restrictions=permit_sasl_authenticated,reject > -o milter_macro_daemon_name=ORIGINATING > ... > > With this configuration, messages can only be submitted through port > 587 after an encrypted connection has been established and user > authentication has succeded. So users need to authenticate > themselves in order to send emails. Nevertheless, Postfix accepts > the MAIL FROM command before authentication. > > Is there a different configuration such that postfix requires > authentication before any MAIL FROM command can be accepted by the > mail server? >
It is not currently possible to prevent the client from sending a MAIL FROM command (nor any other command) before they authenticate. -- Noel Jones
