I believe they are treated as local users. I've never used the "authenticated" keyword, so I'm not sure how to implement it correctly. I think my current setup I tag the incoming messages on submission port and use the tag in my relay rule.
Sent from BlueMail On May 4, 2017, 3:02 AM, at 3:02 AM, Joerg Jung <[email protected]> wrote: > >> On 3. May 2017, at 15:05, Frank Timmers <[email protected]> >wrote: >> >> Hi, >> >> I’m trying to allow relay for authenticated users, however “smtpd -n” >gives a syntax error on the last line (with the authenticated) keyword. >As far as I understand the documentation [1], this should be the >correct syntax. I’ve included my config below. Any hints on why this >isn’t working? I’m using OpenSMTPD version 6.0.2p1. >> >> In the config below, i differentiate between hosts which can only >mail to internal domains and hosts which can relay to any domain. It >would be great to be able to do the same for authenticated users. For >example with “accept from any user <allowed_to_relay_internally> for >domain <internal_domains>”. I don’t see how I would be able to do that >with the current options. >> >> Thanks and Kind regards, >> Frank. >> >> >> >> 1: http://man.openbsd.org/smtpd.conf >> >> — >> # PKI >> pki mail.example.com certificate "/etc/opensmtpd/ssl.crt" >> pki mail.example.com key "/etc/opensmtpd/ssl.key" >> >> # If you edit the file, you have to run "smtpctl update table ><tablename>" >> table internal_domains file:/etc/opensmtpd/tables/internal_domains >> table sender_domains file:/etc/opensmtpd/tables/sender_domains >> table can_relay_internally >file:/etc/opensmtpd/tables/can_relay_internally >> table can_relay_externally >file:/etc/opensmtpd/tables/can_relay_externally >> table recipient_whitelist >file:/etc/opensmtpd/tables/recipient_whitelist >> table smtp_users file:/etc/opensmtpd/tables/smtp_users >> >> # Interface to listen on any address (needed for failover) >> listen on 0.0.0.0 secure auth-optional <smtp_users> pki >mail.example.com >> >> # Listen on localhost for DKIM signed mail >> listen on 127.0.0.1 port 10028 tag DKIM >> >> # Relay all DKIM signed mails >> accept tagged DKIM for any relay >> >> # accept all mail for whitelisted recipients and relay to dkimproxy >> accept from any for any recipient <recipient_whitelist> relay via >smtp://127.0.0.1:10027 >> >> # Hosts in table <can_relay_externally> are allowed to relay to any >from approved sender domains >> accept from source <can_relay_externally> sender <sender_domains> for >any relay via smtp://127.0.0.1:10027 >> >> # Hosts in table <can_relay_internally> are allowed to relay to any >from approved sender domains >> accept from source <can_relay_internally> sender <sender_domains> for >domain <internal_domains> relay via smtp://127.0.0.1:10027 >> >> # Authenticated users are allowed to relay >> accept authenticated from any relay >> — > >If I remember correctly, authenticated users are treated like “local” >users, so > accept rom local for any relay >might work. > >-- >You received this mail because you are subscribed to [email protected] >To unsubscribe, send a mail to: [email protected]
