Re: How do I only allow relay for authenticated users?

[Kevin]

Hi,

On 09/24/2017 12:12 PM, Bruno Pagani wrote:

Hi,

Le 24/09/2017 à 20:48, Kevin a écrit :

My question is: how do I only allow relay for authenticated users?

#accept from any for any relay via tls+auth://la...@smtp.sendgrid.net
auth 

Just `accept from local` instead of `from any` in the line I’ve left
above, and it should work the way you want. ;)


Ah! I see now in the man page: "Any remote sender that passed SMTPAUTH 
is treated as if it was the server's local user that was sending the 
mail. This means that filter rules using from local will be matched."


Thank you.

--
Kevin


--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: How do I only allow relay for authenticated users?

[Bruno Pagani]

Hi,

Le 24/09/2017 à 20:48, Kevin a écrit :
> Hi, I just started with OpenSMTPD and I was able to get it up and
> running (with Dovecot) in just one day. It's a real pleasure to use
> and configure, so thank you!
>
> My question is: how do I only allow relay for authenticated users?
>
> #accept from any for any relay via tls+auth://la...@smtp.sendgrid.net
> auth 
>
> If I understand the above correctly, somebody could connect to port
> 25, not authenticate, but still send an email which would relay to
> sendgrid. However, I don't want to enforce authentication on 25
> because then I can't receive email for my domains as an MX server.

Just `accept from local` instead of `from any` in the line I’ve left
above, and it should work the way you want. ;)

Which is what examples do btw, except that `from local` being the
default it’s not specified.

Bruno



signature.asc
Description: OpenPGP digital signature

How do I only allow relay for authenticated users?

[Kevin]

Hi, I just started with OpenSMTPD and I was able to get it up and 
running (with Dovecot) in just one day. It's a real pleasure to use and 
configure, so thank you!


My question is: how do I only allow relay for authenticated users? Below 
is my current configuration largely based on the example1 from the FAQ. 
I'm running from source with opensmtpd-201702130941p1.


table aliases file:/etc/mail/aliases
table domains file:/etc/mail/domains
table passwd passwd:/etc/mail/passwd
table users file:/etc/mail/users
table secrets file:/etc/mail/secrets

pki ${cubevar_app_email_host} certificate 
"/etc/letsencrypt/live/${cubevar_app_email_host}/fullchain.pem"
pki ${cubevar_app_email_host} key 
"/etc/letsencrypt/live/${cubevar_app_email_host}/privkey.pem"


listen on eth0 inet4 port  25 tls pki ${cubevar_app_email_host} 
auth-optional 
listen on eth0 inet4 port 465 tls-require pki ${cubevar_app_email_host} 
auth 
listen on eth0 inet4 port 587 tls-require pki ${cubevar_app_email_host} 
auth 


accept from local for local alias  deliver to lmtp 
"/run/dovecot/lmtp" rcpt-to
accept from any for domain  virtual  deliver to lmtp 
"/run/dovecot/lmtp" rcpt-to
#accept from any for any relay via tls+auth://la...@smtp.sendgrid.net 
auth 


If I understand the above correctly, somebody could connect to port 25, 
not authenticate, but still send an email which would relay to sendgrid. 
However, I don't want to enforce authentication on 25 because then I 
can't receive email for my domains as an MX server.


--
Kevin


--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org