> disable sasl auth global in main.cf > > and only enable sasl auth in submission & smtps in master.cf with -o pr > service > > but dont disable starttls on port 25
My colleagues need authenticated channel to submit mails when traveling. So disabling sasl is not an option. And I have to receive mails on ports as much as possible due to restrictive hotel/airport/etc firewalls. (No, VPN is not used by all of them. So address based authentication cannot be mandatory.) In general it is unlikely my boss permits me to reform our policies. :-) Thanks for everybody for responses. The problem is already solved by Allen Coates. :-) Gabor
