Disable sasl authentication

NethServer Version: 7.9.2009
Module: Postfix

Hi All

I am looking at Nethserver to replace our current ClearOS Firewall. As we don’t have any users authenticating to Postfix externally I’d like to disable sasl authentication. If the option is in the GUI I’m being blind and would appreciate some directions to where it is.

I’m still trying to get my head around the templates/config database. From the CLI I ran the following commands

config setprop smarthosts smtpd_sasl_auth_enable no
signal-event nethserver-mail-server-update

but the setting is not updated. What am I missing/doing wrong?

Maybe I’m the person who’s in wrong however… I don’t remember sasl used from postfix as default.

Thanks. If the setting is not part of the defaults how would I go about changing it?

Would you please describe how is configured (simply) your current Nethserver installation?
Services/modules (with goals)
network structure (simply replace public addresses, eventually)

You wrote “firewall”, however… now you refer to “Postfix” so… maybe is also a mail server?

As default, Nethserver requires as mailserver a TLS/SSL connection for allow relay and mail deliver.
However… IDK if it’s used SASL as a “plugin” for Postfix to implement that.

Currently ClearOS serves as a Firewall and a mail relay and I would like to replace those functions with Nethserver. No users or file shares etc. The mail relay is only for sending scans from on prem Multi Function printers to 365 users and receive archive email from 365 and relay it to the archive server on prem. ClearOS server has 4 interfaces. 2 x WAN, 1 x LAN and 1 x DMZ.

For testing the current Nethserver is default installation with Antivirus, Email, Fail2ban, Firewall and the default Web server apps. Goal is to have a Firewall and mail relay so I would probably add DPI and monitoring apps later. Only 2 interfaces are currently setup LAN - and WAN - So far it works as expected, I haven’t tested receiving an email and replaying it to archive server though.

Both installations are on VMware.

This particular config is not a deal breaker if I can’t change it but there will be other settings I would need to change that are not available from the GUI so this is a good starting point in learning how to go about it. There are 2 files in /etc/e-smith/templates/etc/postfix/master.cf that reference smtpd_sasl_auth_enable, 30access_policy_default and 30access_policy_smtpauth which is why I guessed it’s config would be in the smarthost DB

On the ClearOS installation I would just toggle this setting in /etc/postfix/main.cf

No users => no allowed relays, unless you allow into “Relay section” the IP Address section. But this works only if you install email module, which more or less you don’t need.

Postfix mostly is used for deliver notifications, via the smarthost feature.

No Nethserver Users but it still needs to relay between on prem and 365 which is working correctly.

My question how to change settings in config files. If smtpd_sasl_auth_enable is not part of the default config is there a way to change it?

Long story short, there should be, creating a configuration fragment. However, I never did on Postfix, so I’m not in condition to help out on that.
May i assume that device on premises “do not chew” 365 logins algorithms?

Thanks, now I know what I need to search. Thanks for your time and help

Sorry, don’t know what you mean

Some persons are using Nethserver with old hardware… which does not support SSL or TLS-enabled SMTP.
So they configure Nethserver for allow unencrypted relay and deliver outside the mailserver the messages.
example here

I think that also Microsoft request for 365 services TLS submission… then NethServer can operate as intermediate. However… a “mail enabled” nethserver.

Thanks. Yes, Microsoft does require TLS submission. My test install is mail enabled and it is working fine.