|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: mouss (mouss
netoyen.net)
Date: Fri May 16 2008 - 13:59:23 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Stefan Förster wrote:
> Hallo mouss,
>
> * mouss <moussnetoyen.net> wrote:
>
>> AlxFrag wrote:
>>
>>> All i want to do is to relay emails from users that are SASL
>>> authenticated.
>>>
>>> It is also desired to relay emails from users with the correct "from
>>> address".
>>>
>>> With the current configuration when a user tries to send an email
>>> using a different username that he has used to login, he gets the error:
>>>
>>> Failed to add recipient: testmydomain [SMTP: Invalid response code
>>> received from server (code: 553, response: 5.7.1 <test1mydomain>:
>>> Sender address rejected: not owned by user test)]
>>>
>>> The problem appears when a user has activated a forwarding mechanism
>>> to a different mail server and forwarded messages are sent to my server.
>>>
>> Enforcing authentication breaks forwarding ;-p
>> There is nothing you can do about this except reject the forwarded mail
>> or accepte non authenticated mail...
>>
>> suppose user A sends mail to an external account which forwards to user
>> B (both A and B are in your domains). then your server will get mail
>> with A as sender from an external MTA (which won't auth because). and
>> the problem is related to B setup, so you can't just exclude A from your
>> sender login maps.
>>
>> you can however accept unauthenticated mail from a list of MTAs, but
>> that may be a lot of work...
>>
>>
>>> I don't know if it is possible with postfix to:
>>>
>>> 1) Relay emails only from sasl authenticated users,
>>> 2) force the users to use their real username for sending emails,
>>> 3) accept forwarded messages from other mail servers.
>>>
>
> I may be a bit off here, but if your Postfix version is recent enough,
> you could try:
>
> ,----[ man 5 postconf | less +/reject_authenticated_sender_login_mismatch ]
> | reject_authenticated_sender_login_mismatch
> | Enforces the reject_sender_login_mismatch restriction
> | for authenticated clients only. This feature is
> | available in Postfix version 2.1 and later.
> `----
>
> This way, SASL authenticated users would still have to use "their"
> email address (given that reject_authenticated_sender_login_mismatch
> is placed _before_ permit_sasl_authenticated). If you set mynetworks
> and configure the destinations postfix is responsible for, you could
> still enforce your users to do SASL and use the right sender address,
> but bounces could be delivered...
>
he is already aware of this. see his config (if you don't see, look more:).
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]