Loading ...
Sorry, an error occurred while loading the content.

RE: Please I need help on the restrictions

Expand Messages
  • Osmany Goderich
    Thanks. I think I finally got the right configuration. I just wanted to make the smtp authentication to be a must because before this the clients could send
    Message 1 of 4 , Nov 1, 2007
    • 0 Attachment
      Thanks. I think I finally got the right configuration. I just wanted to make the smtp authentication to be a must because before this the clients could send mails whether they authenticate or not, but now they have to otherwise the server returns and 'Relay access denied' error. Now if anybody has seen the configurations I have (I sent it in the last two messages), can anyone clarify the last two rules? The reject_unknow_sender_domain and reject_unauth_destination, what do they do? If those rules are not a match what do they return? Dunno or OK?

      Thanx.

      -----Mensaje original-----
      De: owner-postfix-users@... [mailto:owner-postfix-users@...] En nombre de mouss
      Enviado el: jueves, 01 de noviembre de 2007 3:30
      CC: postfix-users@...
      Asunto: Re: Please I need help on the restrictions

      Osmany Goderich wrote:
      > I know I sent this message already today but I did not get an answer from
      > any one and I really need some help on this. Below I posted the
      > configurations I have in my postfix server. Please tell me what I’m doing
      > wrong and how can I fix things.
      >
      > Ok. So I’ve tried what you have suggested me but now I find that all mails
      > go out even if the user does not authenticate for smtp. It’s not the Dovecot
      > that’s not doing it’s job because I can see it in the maillogs when I
      > configure my mail client for smtp auth the login for smtp happens. I tried
      > to switch places with the permit mynetworks with the permit sasl
      > authenticated rules but either way the mail still goes out. Can anybody help
      > me on this?
      >

      It is hard to tell what is your goal exactly, but here are a few notes.

      - if you send from a client that is in mynetworks, then
      permit_mynetworks will allow mail to be sent anywhere.
      - mail sent to one of your domains will be accepted from anywhere. This
      is how yoy get mail from us.

      if you want to enforce authentication in the case of relay, then set
      mynetworks = 127.0.0.1

      This will still allow people to send mail to _your_ domains without
      authentication. if you want to enforce authentication for your users,
      use smtpd_sender_login_maps with one of the
      reject_*_sender_login_mismatch checks. but this may not be always
      appropriate.

      you may find it better to enable the submission service in master.cf,
      and configure your mailers to use port 587 instead of 25. then setup
      different restrictions for submission.

      if you describe your goal and the problem you are trying to solve, we
      can provide better help.

      __________ NOD32 2631 (20071101) Information __________

      This message was checked by NOD32 antivirus system.
      http://www.eset.com
    • mouss
      ... please do not top post. google if you don t know what this means. (in short, put your replies after the text you reply to). reject_unauth_destination
      Message 2 of 4 , Nov 1, 2007
      • 0 Attachment
        Osmany Goderich wrote:
        > Thanks. I think I finally got the right configuration. I just wanted to make the smtp authentication to be a must because before this the clients could send mails whether they authenticate or not, but now they have to otherwise the server returns and 'Relay access denied' error. Now if anybody has seen the configurations I have (I sent it in the last two messages), can anyone clarify the last two rules? The reject_unknow_sender_domain and reject_unauth_destination, what do they do? If those rules are not a match what do they return? Dunno or OK?
        >


        please do not top post. google if you don't know what this means. (in
        short, put your replies after the text you reply to).

        reject_unauth_destination prevents relay. if you remove it, you become
        an open relay. More precisely, it will reject mail if the recipient
        domain is not one of "yours" (mydestination, virtual_mailbox_domains,
        virtual_alias_domains and relay_domains).

        reject_unknown_sender_domain rejects mail if the sender address is
        "unknown" in DNS (no MX nor A record).
      Your message has been successfully submitted and would be delivered to recipients shortly.