1

I have configured my postfix so as users under my server shall send mails through port 587 and port 25 will only be used to receive mails from mail servers.

I am successful to the extent that on connecting to port 25 mails are not allowed outside the mail server and it is being rejected as relay-access denied. whereas on port 587 the clients are able to sent mail to outside mail servers.

To achieve this I have set in my main.cf

smtpd_recipient_restriction=permit_mynetworks, reject_unauth_destination

that is I removed permit_sasl_authenticated.

if I add this condition, the mails are allowed to be sent outside the network and if I am removing the condition, any one can connect to port 25 and since there is no authentication can sent any number of mails to local recipients.

what is way that I can use sasl authenticaton on port 25, yet prevent it from relaying mails outside my nework.

Joshi
  • 2,730
  • 5
  • 36
  • 62

2 Answers2

0

I'm by no means proficient when it comes to administering postfix but I do know that you can always overwrite the restrictions on a per daemon level.

Take a look at postfix's master.cf, specifically the -o smtpd_xxx entries and google for an example.

aefxx
  • 24,835
  • 6
  • 45
  • 55
0

Postfix allows relaying based on two criteria:

  • authentication (you removed that!)
  • network (this is controlled by $mynetworks)

I recommend you set the mynetworks variable to a single IP and localhost, something like:

mynetworks = ip.of_ser.ver, 127.0.0.1
Ralf Hildebrandt
  • 543
  • 2
  • 16