In brief: STARTTLS is enabled, there is a self-signed certificate for
encryption (better than nothing), smarthost is used to send mails from
my domain. My problem is that it still accepts SMTP connections (over
TLS) without authentication. What I want:
- anybody can send email to my email address in my domain (now it's
- relaying through my SMTP server is allowed only after successful
authentication (now anybody can relay through my server without
authentication, e.g. to send spams). Authentication should be based on
regular /etc/passwd file (local users of the computer). In order to
hide the passwords, STARTTLS should be used;

It's a rather simple configuration, but I wasn't able to set it up. If
I put 'auth' into the 'listen on' line, it needs authentication to any
access of the SMTP server, so other machines (e.g. from google.com)
can't send me mails. Using 'authenticated' in 'accept from' directives
also didn't do the trick appropriately (it wasn't able to receive any
mails at all).

Could you please help me out with this?

Thanks, regards,
pki mail.486.hu certificate "/etc/smtpd/mail.486.hu.crt"
pki mail.486.hu key "/etc/smtpd/mail.486.hu.key"

table cred file:/etc/smtpd/cred

listen on eth0      port 25 hostname mail.486.hu tls-require
listen on localhost port 25 hostname mail.486.hu tls-require

# Storing mails arriving at the domain '486.hu'.
accept from any for domain 486.hu deliver to mbox

# If the recipient is out of domain '486.hu', the mail is relayed through the
# smarthost using TLS and authentication, see 'cred' file.
accept from any for ! domain 486.hu relay via
tls+auth://t-onl...@mail.t-online.hu auth <cred> 

Reply via email to