On Mon, Jun 6, 2011 at 1:35 AM, Rony <[email protected]> wrote: > I have been going through various docs on the net about sasl > authentication in postfix.
I hope you are referring to postfix's docs and references. Your scenario is a common setup and IIRC there are examples on postifx's site on how to do this. > In the system that I have set up at a > client's place, mails are going fine but there is a small issue that > needs to be corrected. The setup is a group of machines on LAN running > Outlook Express mail clients and a Linux box running postfix pushing all > mails to the main ISP's smtp server. Since It is a relay server, I have > used the parameter relayhost = [smtp_of_ISP]:25 in the main.cf file. The > sasl auth is using smtp_auth_enable and not smtpd_auth_enable and the > user names/passwords are listed in the /etc/postfix/sasl_password file. Have you also enabled relay for the "local" LAN? If yes, then this needs to be disabled. *All* "local" users need to provide credentials to postfix for accepting emails from local clients. This is a good place to start <http://www.postfix.org/SASL_README.html> if you have not read it. Also you have not mentioned which SASL mechanism you are using. In Cyrus SASL, the sasl_authd (sp?) service needs to be active. This is what I recall from what I had done in a postfix setup looooong time ago :) > The only *smtpd* related entry is smtpd_recipient_restrictions = > check_recipient_access hash:/etc/postfix/recipient_access, reject. > > Mails are going as required and only to those in the recipient_access > list as required. Now if an employee has left and his/her entries are > removed from the postfix box as well as the ISP server mail accounts, > the Outlook Express mailer can still send mails as that non-existent > user. What I found through more reading of docs is that my OE accounts > can send mails even without authentication as I don't have > smtpd_auth_enable and the LAN is in my mynetworks parameter. Not a big > problem as it is local and under control and the OE account can be > deleted for that user. However, why is the ISP allowing this unknown > user which postfix is relaying when I have everything set in the > smtp_auth_ part of postfix? After deleting the user did you regenerate the hash file? > Suppose there is a flaw in my settings, > shouldn't the ISP's mail server reject those mails when the username and > password do not match with their list? That user has been deleted from > their server. No. You are probably authenticating your postfix server with that of our ISP SMTP, with a "particular" username/password or you have requested your ISP to allow relay from your WAN IP (static). In either case the onus is on your smtp server to allow/reject messages at the time when the local smtp client connects to the postfix smtp server in the LAN. -- Arun Khan A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail? -- http://mm.glug-bom.org/mailman/listinfo/linuxers
