Loading ...
Sorry, an error occurred while loading the content.

Providing SMTP relay access to roaming laptop without creating an open relay...

Expand Messages
  • Peter L. Berghold
    Hi folks, In pseudo code here s how I want my outside mail exchange system to behave: if mail_sent_by_outside_host_to_inside_user then relay_to_inside_user
    Message 1 of 4 , Aug 1, 2010
    • 0 Attachment
      Hi folks,

      In pseudo code here's how I want my outside mail exchange system to
      behave:

      if mail_sent_by_outside_host_to_inside_user
      then
      relay_to_inside_user
      elsif
      mail_sent_by_inside_host_to_inside_user
      then
      relay_to_inside_user
      elsif
      mail_sent_by_inside_host_to_outside_destination
      then
      relay_to_outside_destination
      elsif mail_being_sent_by_roaming_laptop <-- need this!!!
      relay_where_it_needs_to_go
      else
      reject

      The part that seems broken (and that is probably a good thing) right now
      is the roaming laptop part. Since I travel a lot with my laptop both
      for business and personal purposes and would like my laptop to relay
      mail through my server when "outside the cloud" so to speak, what is the
      best approach to this without breaking the MX functionality for my
      domain?

      I've read "The Book" on this subject about SASL authentication and my
      fear is if I implement that I'll not be able to receive un-authenticated
      hosts (such as the fine server that serves this list) and that would be
      a bad thing.

      Can somebody point me in the right direction and hopefully not screw
      this up?



      --
      Peter L. Berghold, Australian Cattle Dog Owner, Agility Fan, Foodie,
      Salty Old Dog and Old School Unix Hacker.
      Skype: cowdawg
      "Those who fail to learn from history are condemned to repeat it"
    • Magnus Bäck
      On Sunday, August 01, 2010 at 19:15 CEST, ... This is a standard setup. Except for the roaming laptop part, it s the default configuration. Adding
      Message 2 of 4 , Aug 1, 2010
      • 0 Attachment
        On Sunday, August 01, 2010 at 19:15 CEST,
        "Peter L. Berghold" <peter@...> wrote:

        > In pseudo code here's how I want my outside mail exchange system to
        > behave:
        >
        > if mail_sent_by_outside_host_to_inside_user
        > then
        > relay_to_inside_user
        > elsif
        > mail_sent_by_inside_host_to_inside_user
        > then
        > relay_to_inside_user
        > elsif
        > mail_sent_by_inside_host_to_outside_destination
        > then
        > relay_to_outside_destination
        > elsif mail_being_sent_by_roaming_laptop <-- need this!!!
        > relay_where_it_needs_to_go
        > else
        > reject

        This is a standard setup. Except for the roaming laptop part, it's the
        default configuration. Adding authentication for laptops we get this:

        smtpd_recipient_restrictions =
        permit_mynetworks,
        permit_sasl_authenticated,
        reject_unauth_destination

        This means:

        * Permit local clients to send email anywhere.
        * Permit authenticated clients to send email anywhere.
        * Permit other clients to send email to hosted domains.

        > The part that seems broken (and that is probably a good thing) right
        > now is the roaming laptop part. Since I travel a lot with my laptop
        > both for business and personal purposes and would like my laptop to
        > relay mail through my server when "outside the cloud" so to speak,
        > what is the best approach to this without breaking the MX
        > functionality for my domain?
        >
        > I've read "The Book" on this subject about SASL authentication and my
        > fear is if I implement that I'll not be able to receive
        > un-authenticated hosts (such as the fine server that serves this list)
        > and that would be a bad thing.

        No. While you can configure Postfix to always require SASL
        authentication, with the configuration above authentication
        is only required for relay access which is exactly what you want.

        http://www.postfix.org/SASL_README.html#server_sasl

        --
        Magnus Bäck
        magnus@...
      • Wietse Venema
        ... On the Postfix server: /etc/postfix/main.cf: smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated
        Message 3 of 4 , Aug 1, 2010
        • 0 Attachment
          Peter L. Berghold:
          > Hi folks,
          >
          > In pseudo code here's how I want my outside mail exchange system to
          > behave:
          >

          On the Postfix server:

          /etc/postfix/main.cf:
          smtpd_recipient_restrictions =
          permit_mynetworks
          permit_sasl_authenticated <- for the roaming laptop
          ...
          reject_unauth_destination
          ...

          Then configure the Postfix server for SASL (to authenticate the
          roaming laptop) and perhaps TLS encryption (to protect the login
          sequence).

          http://www.postfix.org/SASL_README.html#server_sasl
          http://www.postfix.org/TLS_README.html#server_tls

          Wietse
        • Jonathan Tripathy
          ... Do not underestimate the importance of enabling TLS :)
          Message 4 of 4 , Aug 1, 2010
          • 0 Attachment
            On 01/08/10 18:56, Wietse Venema wrote:
            > and perhaps TLS encryption (to protect the login
            >
            Do not underestimate the importance of enabling TLS :)
          Your message has been successfully submitted and would be delivered to recipients shortly.