Hello!

I run a simple OpenSMTPD mail server for my own domain on my custom
Linux machine. The mail server should dispatch mails for @486.hu
addresses locally on the machine. If the recipient is not in the 486.hu
domain, it must use my ISP's smarthost to relay.

I've successfully managed to create a simple config file to handle
these. Unfortunately, relaying is configured so badly that external
"visitors" without SMTP authentication can send mails (spams actually)
using my OpenSMPTD instance (which happily sends out the mails using my
ISP's smarthost, which uses TLS encryption and authentication).

I'd like to change somehow the config to let authenticated users only
use my OpenSMPTD as a relay. Authentication should be based on the
machine's local user and password table (/etc/passwd).

I tried "listen on ... auth ..." but it complained about the lack of
TLS/smtps.

I also tried "accept authenticated ..." without any use (and I believe
this is not exactly meant for what I want).

Tried "reject ! authenticated ..." without any success.

Please help me to assemble a correct config file. I want all SMTP
accesses to be rejected if authentication fails against the
machine's local user/password table. It shouldn't be possible to use my
machine as a relay without successful authentication...

Thanks, regards,

---------------------------------------------------------
/etc/smtpd/smtpd.conf:

table cred file:/etc/smtpd/cred

listen on eth0      port 25 hostname mail.486.hu
listen on localhost port 25 hostname mail.486.hu

# Storing mails arriving at the domain '486.hu'.
accept from any for domain 486.hu deliver to mbox

# If the recipient is out of domain '486.hu', the mail is relayed through the
# smarthost using TLS and authentication, see 'cred' file.
accept from any for ! domain 486.hu relay via
tls+auth://t-onl...@mail.t-online.hu auth <cred>

---------------------------------------------------------
/etc/smtpd/cred (for smarthost authentication):

t-online        usern...@t-online.hu:VERY_SECURE_PASSWORD

-- 
Selmeci Tamás
http://www.486.hu/

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Reply via email to