Loading ...
Sorry, an error occurred while loading the content.

Re: Deny SASL authentication not from local IP

Expand Messages
  • mouss
    ... Assuming postfix = 2.2, he could use: smtpd_discard_ehlo_keyword_address_maps = cidr:/etc/postfix/ehlo.cidr == ehlo.cidr 192.169.0.0/16 silent-discard
    Message 1 of 3 , Feb 20, 2010
    • 0 Attachment
      Patrick Ben Koetter a écrit :
      > * Неворотин Вадим <nevorotin@...>:
      >> How can I deny SASL authentication not from local (192.168.0.0/16) IP? Now I
      >> have restrictions in smtpd_recipient_restrictions and other parameters,
      >> which allow send mails to relayhost only from local IPs and only after
      >> authentication. But client from Internet still can authenticate on my
      >> server, but can't send mail. But I need to deny authentication from outer
      >> net at all. It's because my users use very simple passwords, and in my net
      >> each user has only one login/password for all services.
      >
      > If your users also connect from outside, then there's no way to deny SASL
      > authentication.
      >

      Assuming postfix >= 2.2, he could use:

      smtpd_discard_ehlo_keyword_address_maps =
      cidr:/etc/postfix/ehlo.cidr

      == ehlo.cidr
      192.169.0.0/16 silent-discard
      0.0.0.0/0 auth,silent-discard




      > If, however, you can identify your users by network range, split Postfix smtpd
      > into an outside and an inside configuration like this in master.cf:
      >
      >
      > # ==========================================================================
      > # service type private unpriv chroot wakeup maxproc command + args
      > # (yes) (yes) (yes) (never) (100)
      > # ==========================================================================
      > # smtp inet n - - - - smtpd
      > <insideIP>:25 inet n - - - - smtpd
      > -o smtpd_sasl_auth_enable=yes
      > <outsideIP>:25 inet n - - - - smtpd
      >
      >
      > Then remove "smtpd_sasl_auth_enable = yes" from main.cf and restart postfix.
      >
      > p@rick
      >
      >
      >
      >
    Your message has been successfully submitted and would be delivered to recipients shortly.