Hi, I just started with OpenSMTPD and I was able to get it up and
running (with Dovecot) in just one day. It's a real pleasure to use and
configure, so thank you!
My question is: how do I only allow relay for authenticated users? Below
is my current configuration largely based on the example1 from the FAQ.
I'm running from source with opensmtpd-201702130941p1.
table aliases file:/etc/mail/aliases
table domains file:/etc/mail/domains
table passwd passwd:/etc/mail/passwd
table users file:/etc/mail/users
table secrets file:/etc/mail/secrets
pki ${cubevar_app_email_host} certificate
"/etc/letsencrypt/live/${cubevar_app_email_host}/fullchain.pem"
pki ${cubevar_app_email_host} key
"/etc/letsencrypt/live/${cubevar_app_email_host}/privkey.pem"
listen on eth0 inet4 port 25 tls pki ${cubevar_app_email_host}
auth-optional <users>
listen on eth0 inet4 port 465 tls-require pki ${cubevar_app_email_host}
auth <users>
listen on eth0 inet4 port 587 tls-require pki ${cubevar_app_email_host}
auth <users>
accept from local for local alias <aliases> deliver to lmtp
"/run/dovecot/lmtp" rcpt-to
accept from any for domain <domains> virtual <users> deliver to lmtp
"/run/dovecot/lmtp" rcpt-to
#accept from any for any relay via tls+auth://[email protected]
auth <secrets>
If I understand the above correctly, somebody could connect to port 25,
not authenticate, but still send an email which would relay to sendgrid.
However, I don't want to enforce authentication on 25 because then I
can't receive email for my domains as an MX server.
--
Kevin
--
You received this mail because you are subscribed to [email protected]
To unsubscribe, send a mail to: [email protected]
