Closed Lennix closed 6 years ago
andryyy
commented
6 years ago You should not use port 25 to authenticate against SMTP. Use port 587.
This makes me think about disabling AUTH on 25 completly, but... Postscreen would run its checks anyway before you reach the smtpd.
Lennix
commented
6 years ago I've used 465, I'll check again with 587.
andryyy
commented
6 years ago There is no DNSBL check on 465 and 587.
Lennix
commented
6 years ago Yes, I've tested with Outlook and forgot to check "Authenticate with SMTP". It works with 465 and 587.
I'll try to convince freepbx not to use port 25 with TLS activated.
Thanks for the fast response :)
andryyy
commented
6 years ago No problem, glad it worked. :-)
Lennix
commented
6 years ago -- Removed --
Nevermind, freebpx didn't regenerate the sasl_passwd when changing the passwort in the UI.
I'm having trouble with a customer with a bad IP-range. Its blocked by spamhaus and he's unable to send e-mail because DNSBL blocks access before SMTP can authenticate.
I've already looked through main.cf, but I can't find the correct option.
Also, why is this default behavior? Brute-Force attacks should be blocked by netfilter. Is SASL Auth very performance intensive or am I missing something?