Restricting Port 587

[hci]

I have this to restrict port 587:

domainlist local_domains = lsearch;/etc/virtual/domains
domainlist relay_domains = lsearch;/etc/virtual/domains : localhost
hostlist auth_relay_hosts = *
hostlist relay_hosts = net-lsearch;/etc/virtual/pophosts : /etc/virtual/local_ips : 127.0.0.1

begin acl

# ACL that is used after the RCPT command
check_recipient:

# to block certain wellknown exploits, Deny for local domains if
# local parts begin with a dot or contain @ % ! / |
deny domains = +local_domains
local_parts = ^[.] : ^.*[@%!/|]

deny
message = $sender_address is using port 587 without authentication
condition = ${if eq{$interface_port}{587} }
!authenticated = *
!hosts = +relay_hosts

It seems as if it no longer allows IP's listed in pophosts through without authentication. My goal is to only allow use of of 587 to users that are: authenticated OR in pophosts OR in local_ips OR are 127.0.0.1. Do I have this wrong?

 

[zEitEr]

Isn't it working as expected?! For me it seems to be OK.

 

[nobaloney]

Port 587 has only ever worked for me with authenticaed smtp. The pophosts file should continue to work for port 25 relaying.

If people would please host their experiences perhaps we can figure out what works best for everyone, vs their expectations.

Jeff

 

[zEitEr]

We do not use pophosts, thus password and login are always required in our particular case..