Postfix authenticate disable smtp port 25, but 587

postfixsmtp

I am trying to make postfix not to auth users on port 25 but only on 587 and using STARTTLS.
I have tried may different confs, but no success so far.

main.cf:

    ...
    smtpd_sasl_auth_enable =yes
    smtpd_sasl_authenticated_header = yes
    smtpd_sasl_local_domain = $myhostname
    smtpd_sasl_security_options = noanonymous
    smtpd_sasl_type = dovecot
    broken_sasl_auth_clients = yes
    smtpd_sasl_path = private/auth
    allow_mail_to_commands = alias
    allow_mail_to_files = alias

    smtpd_data_restrictions = reject_unauth_pipelining
    smtpd_helo_required = yes

    smtpd_sender_restrictions = permit_sasl_authenticated

    smtpd_recipient_restrictions =
      reject_non_fqdn_sender,
      reject_non_fqdn_helo_hostname,
      reject_unknown_recipient_domain,
      reject_non_fqdn_recipient,
      reject_invalid_hostname,
      permit_sasl_authenticated,
      reject_unauth_destination

    smtpd_use_tls = yes
    smtp_use_tls = yes
    #smtpd_tls_security_level = may
    #smtp_tls_security_level = encrypt

    smtpd_tls_auth_only = yes
    smtpd_tls_mandatory_protocols = !SSLv3, !SSLv2
    smtp_tls_note_starttls_offer = yes
    smtpd_tls_key_file = /etc/ssl/postfix/smtpd.pem
    smtpd_tls_cert_file = /etc/ssl/postfix/smtpd.pem
    smtpd_tls_CAfile = /etc/ssl/postfix/smtpd.pem
    smtpd_tls_session_cache_timeout = 3600s
    smtpd_tls_loglevel = 1
    smtpd_tls_received_header = yes
    tls_random_source = dev:/dev/urandom
    ...

master:

    # service type  private unpriv  chroot  wakeup  maxproc command + args
    #               (yes)   (yes)   (yes)   (never) (100)
    # ==========================================================================
    smtp      inet  n       -       n       -       -       smtpd
    #  -o smtp_sasl_auth_enable=yes
    submission inet n       -       n       -       -       smtpd
    #  -o content_filter=spamassassin
      -o smtpd_tls_security_level=encrypt
    #  user=spamd argv=/usr/local/bin/spamc -f -e /usr/local/libexec/dovecot/deliver -f ${sender} -d ${recipient}
    #  -o smtpd_enforce_tls=yes
    #  -o syslog_name=postfix/submission
      -o smtpd_sasl_auth_enable=yes
    #  -o smtpd_reject_unlisted_recipient=no
    #  -o smtpd_client_restrictions=$mua_client_restrictions
      -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    #  -o smtpd_helo_restrictions=$mua_helo_restrictions
    #  -o smtpd_sender_restrictions=$mua_sender_restrictions
    #  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
    #  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
    #  -o milter_macro_daemon_name=ORIGINATING
    #smtps     inet  n       -       n       -       -       smtpd
    #  -o syslog_name=postfix/smtps
    #  -o smtpd_tls_security_level=encrypt
    #  -o smtpd_tls_wrappermode=yes
    #  -o smtpd_sasl_auth_enable=yes
    #  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    #  -o smtpd_reject_unlisted_recipient=no
    #  -o smtpd_client_restrictions=$mua_client_restrictions
    #  -o smtpd_helo_restrictions=$mua_helo_restrictions
    #  -o smtpd_sender_restrictions=$mua_sender_restrictions
    #  -o smtpd_recipient_restrictions=
    #  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
    #  -o milter_macro_daemon_name=ORIGINATING
    #628       inet  n       -       n       -       -       qmqpd
    pickup    unix  n       -       n       60      1       pickup
    ...

Maybe, I miss something..
Thank you

Best Answer

Add this in your master.cf:

submission inet n       -       -       -       -       smtpd
  -o smtpd_sasl_auth_enable=yes
  ...

And remove smtpd_sasl_auth_enable = yes from your main.cf leaving the default no.

Related Topic