SMTP AUTH and no Scanning

Hugo van der Kooij hvdkooij at vanderkooij.org
Sun Mar 30 23:05:33 IST 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Glenn Steen wrote:

| Unfortunately this likely will not work that well... Rather better to
| do something completely different. Like demanding taht the ones doing
| authenticated SMTP use an alternate port ... and have an instance of
| PF listening there that don't include the HOLD thing. ... That's how
| I'd do it if I needed it:-).

In fact port 587 is intended for this purpose. The trick is to make it
listen for authenticated traffic only and then go out straight away and
not hit MailScanner on the way out.

So the first bit is to make it listen by activating this in the
$POSTFIX/master.cf file:

submission inet n       -       n       -       -       smtpd
~  -o smtpd_enforce_tls=yes
~  -o smtpd_sasl_auth_enable=yes
~  -o smtpd_client_restrictions=permit_sasl_authenticated,reject

This was the bit I could find straight away. But how can one make sure
the normal hold trick does not apply here? Because that one still is
applied at the moment.

Hugo.

- --
hvdkooij at vanderkooij.org               http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc

	A: Yes.
	>Q: Are you sure?
	>>A: Because it reverses the logical flow of conversation.
	>>>Q: Why is top posting frowned upon?

Bored? Click on http://spamornot.org/ and rate those images.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFH8A6rBvzDRVjxmYERAhZpAJ9u8rvZVJLin9b2yZKSwEBp2RMpYACdE8pF
q2cXO/vu3s5jQPRmelXl1jE=
=gqSA
-----END PGP SIGNATURE-----


More information about the MailScanner mailing list