OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
RE: Please I need help on the restrictions

From: Osmany Goderich (administradorcha.jovenclub.cu)
Date: Thu Nov 01 2007 - 07:08:47 CDT

Thanks. I think I finally got the right configuration. I just wanted to make the smtp authentication to be a must because before this the clients could send mails whether they authenticate or not, but now they have to otherwise the server returns and 'Relay access denied' error. Now if anybody has seen the configurations I have (I sent it in the last two messages), can anyone clarify the last two rules? The reject_unknow_sender_domain and reject_unauth_destination, what do they do? If those rules are not a match what do they return? Dunno or OK?

Thanx.

-----Mensaje original-----
De: owner-postfix-userspostfix.org [mailto:owner-postfix-userspostfix.org] En nombre de mouss
Enviado el: jueves, 01 de noviembre de 2007 3:30
CC: postfix-userspostfix.org
Asunto: Re: Please I need help on the restrictions

Osmany Goderich wrote:
> I know I sent this message already today but I did not get an answer from
> any one and I really need some help on this. Below I posted the
> configurations I have in my postfix server. Please tell me what I’m doing
> wrong and how can I fix things.
>
> Ok. So I’ve tried what you have suggested me but now I find that all mails
> go out even if the user does not authenticate for smtp. It’s not the Dovecot
> that’s not doing it’s job because I can see it in the maillogs when I
> configure my mail client for smtp auth the login for smtp happens. I tried
> to switch places with the permit mynetworks with the permit sasl
> authenticated rules but either way the mail still goes out. Can anybody help
> me on this?
>

It is hard to tell what is your goal exactly, but here are a few notes.

- if you send from a client that is in mynetworks, then
permit_mynetworks will allow mail to be sent anywhere.
- mail sent to one of your domains will be accepted from anywhere. This
is how yoy get mail from us.

if you want to enforce authentication in the case of relay, then set
mynetworks = 127.0.0.1

This will still allow people to send mail to _your_ domains without
authentication. if you want to enforce authentication for your users,
use smtpd_sender_login_maps with one of the
reject_*_sender_login_mismatch checks. but this may not be always
appropriate.

you may find it better to enable the submission service in master.cf,
and configure your mailers to use port 587 instead of 25. then setup
different restrictions for submission.

if you describe your goal and the problem you are trying to solve, we
can provide better help.

__________ NOD32 2631 (20071101) Information __________

This message was checked by NOD32 antivirus system.
http://www.eset.com