Hopefully an easy Postfix question....

[NoDoze]

Code:

smtp      inet  n       -       n       -       -       smtpd
submission inet n      -       n       -       -       smtpd
	-o smtpd_etrn_restrictions=reject
	-o smtpd_client_restrictions=permit_sasl_authenticated,reject
465    inet  n       -       n       -       -       smtpd
  -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes

In the code above from the master.cf file...
Currently, anyone connecting via imap or pop for smtp requires user authentication, SSL, and port 465.

What would I have to change here to turn off user authentication, SSL, but still allow on port 465?

And what would I have to do to add port 587? So that ports 25, 465, and 587 can be used, Do I just add these lines again...so that it would look like this?

Code:

smtp      inet  n       -       n       -       -       smtpd
submission inet n      -       n       -       -       smtpd
	-o smtpd_etrn_restrictions=reject
	-o smtpd_client_restrictions=permit_sasl_authenticated,reject
465    inet  n       -       n       -       -       smtpd
submission inet n      -       n       -       -       smtpd
	-o smtpd_etrn_restrictions=reject
	-o smtpd_client_restrictions=permit_sasl_authenticated,reject
587    inet  n       -       n       -       -       smtpd
  -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes

Thanks for any clarification.

[NoDoze]

I guess I just have to make the changes and go by trial and error...

[Baylink]

If you were suggesting that you're not going to require authentication on ports 465 and 587, *please* don't do that.

That's a great way to become an open relay.

[NoDoze]

The reason being?
And what's an open relay?

[NoDoze]

ok, I've never heard it called an open relay before...
But essentially you're talking about a public port on which spam can be sent via my smtp server....
But how is it any different than port 25 being public? Is port 25 handled/treated differently by the server?

[NoDoze]

Actually, I realized the second part of my question wasn't answered...

As I showed above, is that what I would have to put for the code to have 25, 465, AND 587 active? Possible?

[Baylink]

Quote:

Originally Posted by NoDoze

ok, I've never heard it called an open relay before...
But essentially you're talking about a public port on which spam can be sent via my smtp server....

Nope.

Quote:

But how is it any different than port 25 being public? Is port 25 handled/treated differently by the server?

You *can't* *require* authentication on port 25, because you can't guarantee that The General Public can do it.

Therefore, you don't allow mail delivered to 25 for any domain you don't run.

Port 587, on the other hand, you *can* require auth on, because no one tries to deliver mail there except your users, and since you can *prove* they're your users, you can allow unrestricted forwarding on that port without being an open relay.

Clearer now? :-)

[NoDoze]

ok, if you read my last part, it wasn't about port authentication... it's about making the ports available reguardless of authentication...

Quote:

...what would I have to do to add port 587? So that ports 25, 465, and 587 can be used...

I understand that port 25 will be the only one "open" and the rest will have to use authentication, but is it possible and how would I enable the other ports to be used IN ADDITION to the default 25...?

Thanks.

[Baylink]

Port 587 is the port listened to by the 'submission' daemon in Postfix; if you enable that in master.cf, that's the port that will get listened to.

I believe the default config requires auth; the RFC didn't originally, but does now.