|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Verification by both IP address and SASL
From: /dev/rob0 (rob0
gmx.co.uk)
Date: Fri Aug 04 2006 - 08:36:22 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Friday 04 August 2006 06:44, Matt E wrote:
> Is there a way to permit relaying for a certain host only if it both
> matches an IP address and also successfully authenticates by SASL?
> Relaying should be denied from other IP addresses, whether or not
> they can authenticate.
[main.cf]
[...]
smtpd_recipient_restrictions =
check_client_access cidr:$config_directory/allow_auth,
reject_unauth_destination, [...]
[...]
[allow_auth]
192.168.3.191 permit_sasl_authenticated
[...]
Note, no "permit_mynetworks" restriction.
> The reason is, I want to allow relaying for a network behind a single
> NAT address, but I don't want to indiscriminately allow all clients
> on the network to relay. I don't want to rely solely on SASL and not
> on IPs as well.
Shrug ... SASL and permit_mynetworks are good enough for me.
--
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]