Re: How do I only allow relay for authenticated users?
Hi, On 09/24/2017 12:12 PM, Bruno Pagani wrote: Hi, Le 24/09/2017 à 20:48, Kevin a écrit : My question is: how do I only allow relay for authenticated users? #accept from any for any relay via tls+auth://la...@smtp.sendgrid.net auth Just `accept from local` instead of `from any` in the line I’ve left above, and it should work the way you want. ;) Ah! I see now in the man page: "Any remote sender that passed SMTPAUTH is treated as if it was the server's local user that was sending the mail. This means that filter rules using from local will be matched." Thank you. -- Kevin -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: How do I only allow relay for authenticated users?
Hi, Le 24/09/2017 à 20:48, Kevin a écrit : > Hi, I just started with OpenSMTPD and I was able to get it up and > running (with Dovecot) in just one day. It's a real pleasure to use > and configure, so thank you! > > My question is: how do I only allow relay for authenticated users? > > #accept from any for any relay via tls+auth://la...@smtp.sendgrid.net > auth > > If I understand the above correctly, somebody could connect to port > 25, not authenticate, but still send an email which would relay to > sendgrid. However, I don't want to enforce authentication on 25 > because then I can't receive email for my domains as an MX server. Just `accept from local` instead of `from any` in the line I’ve left above, and it should work the way you want. ;) Which is what examples do btw, except that `from local` being the default it’s not specified. Bruno signature.asc Description: OpenPGP digital signature
How do I only allow relay for authenticated users?
Hi, I just started with OpenSMTPD and I was able to get it up and running (with Dovecot) in just one day. It's a real pleasure to use and configure, so thank you! My question is: how do I only allow relay for authenticated users? Below is my current configuration largely based on the example1 from the FAQ. I'm running from source with opensmtpd-201702130941p1. table aliases file:/etc/mail/aliases table domains file:/etc/mail/domains table passwd passwd:/etc/mail/passwd table users file:/etc/mail/users table secrets file:/etc/mail/secrets pki ${cubevar_app_email_host} certificate "/etc/letsencrypt/live/${cubevar_app_email_host}/fullchain.pem" pki ${cubevar_app_email_host} key "/etc/letsencrypt/live/${cubevar_app_email_host}/privkey.pem" listen on eth0 inet4 port 25 tls pki ${cubevar_app_email_host} auth-optional listen on eth0 inet4 port 465 tls-require pki ${cubevar_app_email_host} auth listen on eth0 inet4 port 587 tls-require pki ${cubevar_app_email_host} auth accept from local for local alias deliver to lmtp "/run/dovecot/lmtp" rcpt-to accept from any for domain virtual deliver to lmtp "/run/dovecot/lmtp" rcpt-to #accept from any for any relay via tls+auth://la...@smtp.sendgrid.net auth If I understand the above correctly, somebody could connect to port 25, not authenticate, but still send an email which would relay to sendgrid. However, I don't want to enforce authentication on 25 because then I can't receive email for my domains as an MX server. -- Kevin -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org