Yan Seiner wrote:
> Phil Pennock wrote:
>
>>
>> Note that you're just adding an extra rejection step at the start of
>> acl_check_rcpt, so if you keep all the rest of that logic the same then
>> you won't risk an open mail relay (unless you're already an OMR).
>>
>
Actually, the only thing that's needed is this:
deny hosts = +home_net
!authenticated = *
set acl_c_denied_by_mail = yes
set acl_c_dbm_message = Papers, please.
That blocks both 25 and 587 unless the user is authenticated.
Submissions to the local domain work fine. Just outgoing email needs an
authenticated user.
That's pretty neat.
--Yan
--
Yan Seiner
