Re: relay from authenticated users only
Den 2019-07-03 kl. 11:06, skrev Selmeci Tamás: That's the answer to my question. So there's no easy way for me to force plain text auth with OpenSMTPD. I'll consider setting up at least self-signed certificates etc. Have you considered using letsencypt certificates instead of self-signed? Regards, Oscar -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: relay from authenticated users only
On Wed, 3 Jul 2019 10:22:48 +0200 Gilles Chehade wrote: > i don't know what version you are using, what system you are using, if a > package was used or if you built yourself, etc... so i'll just guess the > configure options used to build opensmtpd were not correct if auth isn't > using your system users out of the box. OpenSMTPD-6.0.3p1 compiled by me, self-made embedded linux distribution (kernel 4.18.9) on an Itead-A20 ARM board. I believe auth uses /etc/passwd as it should, but not for plain text attempts. > no, OpenSMTPD will not advertise AUTH over plaintext channels. > > it is not an SMTP limitation, it is a decision we made years ago and you > will not have a work-around for this. That's the answer to my question. So there's no easy way for me to force plain text auth with OpenSMTPD. I'll consider setting up at least self-signed certificates etc. Regards, -- Selmeci Tamás http://www.486.hu/ -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: relay from authenticated users only
On Wed, Jul 03, 2019 at 07:36:43AM +0200, Selmeci Tam?s wrote: > Somebody suggested me to have a look at OpenSMTPD-extras. It contains > table-passwd. I've got an idea. What if I wrote a custom module that is > about to be called by OpenSMTPD upon authentication like table-passwd? > (table-passwd requires another file to store credentials in, and I > insist on using /etc/passwd only). > auth uses the system users by default so you don't need a custom module. i don't know what version you are using, what system you are using, if a package was used or if you built yourself, etc... so i'll just guess the configure options used to build opensmtpd were not correct if auth isn't using your system users out of the box. > The only question is that is it possible to perform this kind of > authentication in plain text? In other words, will OpenSMTPD call my > module if plain text authentication is tried by the client? (I don't > have enough capacity now to play with self-signed certificates, TLS > etc) Yes, I know, there are security concerns... But technically, is it > possible with OpenSMTPD? > no, OpenSMTPD will not advertise AUTH over plaintext channels. it is not an SMTP limitation, it is a decision we made years ago and you will not have a work-around for this. there's no excuse in 2019 to allow AUTH over plaintext :-) -- Gilles Chehade @poolpOrg https://www.poolp.orgpatreon: https://www.patreon.com/gilles -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: relay from authenticated users only
Somebody suggested me to have a look at OpenSMTPD-extras. It contains table-passwd. I've got an idea. What if I wrote a custom module that is about to be called by OpenSMTPD upon authentication like table-passwd? (table-passwd requires another file to store credentials in, and I insist on using /etc/passwd only). The only question is that is it possible to perform this kind of authentication in plain text? In other words, will OpenSMTPD call my module if plain text authentication is tried by the client? (I don't have enough capacity now to play with self-signed certificates, TLS etc) Yes, I know, there are security concerns... But technically, is it possible with OpenSMTPD? -- Selmeci Tamás http://www.486.hu/ -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: relay from authenticated users only
On Tue, 2 Jul 2019 19:53:03 +0200 Thomas Bohl wrote: > > I tried "listen on ... auth ..." but it complained about the lack of > > TLS/smtps. > > That is because you can't use authentication without encryption. Best > you start looking into Let’s Encrypt. Though you could start with a > self-signed certificate. Like it is shown in man smtpd.conf I thought SMTP can be used with plain text authentication too, although it's far from secure. Maybe OpenSMTPD doesn't support this? (due to security reasons...?) > > accept from any for ! domain 486.hu relay via > > tls+auth://t-onl...@mail.t-online.hu auth > > accept from local for any relay via \ > tls+auth://t-onl...@mail.t-online.hu auth > > > That should stop the visitors for now. Yeah, but I can't send mails from my domain to other than 486.hu... -- Selmeci Tamás http://www.486.hu/ -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: relay from authenticated users only
Hello, I'd like to change somehow the config to let authenticated users only use my OpenSMPTD as a relay. Authentication should be based on the machine's local user and password table (/etc/passwd). I tried "listen on ... auth ..." but it complained about the lack of TLS/smtps. That is because you can't use authentication without encryption. Best you start looking into Let’s Encrypt. Though you could start with a self-signed certificate. Like it is shown in man smtpd.conf accept from any for ! domain 486.hu relay via tls+auth://t-onl...@mail.t-online.hu auth accept from local for any relay via \ tls+auth://t-onl...@mail.t-online.hu auth That should stop the visitors for now. -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
relay from authenticated users only
Hello! I run a simple OpenSMTPD mail server for my own domain on my custom Linux machine. The mail server should dispatch mails for @486.hu addresses locally on the machine. If the recipient is not in the 486.hu domain, it must use my ISP's smarthost to relay. I've successfully managed to create a simple config file to handle these. Unfortunately, relaying is configured so badly that external "visitors" without SMTP authentication can send mails (spams actually) using my OpenSMPTD instance (which happily sends out the mails using my ISP's smarthost, which uses TLS encryption and authentication). I'd like to change somehow the config to let authenticated users only use my OpenSMPTD as a relay. Authentication should be based on the machine's local user and password table (/etc/passwd). I tried "listen on ... auth ..." but it complained about the lack of TLS/smtps. I also tried "accept authenticated ..." without any use (and I believe this is not exactly meant for what I want). Tried "reject ! authenticated ..." without any success. Please help me to assemble a correct config file. I want all SMTP accesses to be rejected if authentication fails against the machine's local user/password table. It shouldn't be possible to use my machine as a relay without successful authentication... Thanks, regards, - /etc/smtpd/smtpd.conf: table cred file:/etc/smtpd/cred listen on eth0 port 25 hostname mail.486.hu listen on localhost port 25 hostname mail.486.hu # Storing mails arriving at the domain '486.hu'. accept from any for domain 486.hu deliver to mbox # If the recipient is out of domain '486.hu', the mail is relayed through the # smarthost using TLS and authentication, see 'cred' file. accept from any for ! domain 486.hu relay via tls+auth://t-onl...@mail.t-online.hu auth - /etc/smtpd/cred (for smarthost authentication): t-onlineusern...@t-online.hu:VERY_SECURE_PASSWORD -- Selmeci Tamás http://www.486.hu/ -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: How do I only allow relay for authenticated users?
Hi, On 09/24/2017 12:12 PM, Bruno Pagani wrote: Hi, Le 24/09/2017 à 20:48, Kevin a écrit : My question is: how do I only allow relay for authenticated users? #accept from any for any relay via tls+auth://la...@smtp.sendgrid.net auth Just `accept from local` instead of `from any` in the line I’ve left above, and it should work the way you want. ;) Ah! I see now in the man page: "Any remote sender that passed SMTPAUTH is treated as if it was the server's local user that was sending the mail. This means that filter rules using from local will be matched." Thank you. -- Kevin -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: How do I only allow relay for authenticated users?
Hi, Le 24/09/2017 à 20:48, Kevin a écrit : > Hi, I just started with OpenSMTPD and I was able to get it up and > running (with Dovecot) in just one day. It's a real pleasure to use > and configure, so thank you! > > My question is: how do I only allow relay for authenticated users? > > #accept from any for any relay via tls+auth://la...@smtp.sendgrid.net > auth > > If I understand the above correctly, somebody could connect to port > 25, not authenticate, but still send an email which would relay to > sendgrid. However, I don't want to enforce authentication on 25 > because then I can't receive email for my domains as an MX server. Just `accept from local` instead of `from any` in the line I’ve left above, and it should work the way you want. ;) Which is what examples do btw, except that `from local` being the default it’s not specified. Bruno signature.asc Description: OpenPGP digital signature
How do I only allow relay for authenticated users?
Hi, I just started with OpenSMTPD and I was able to get it up and
running (with Dovecot) in just one day. It's a real pleasure to use and
configure, so thank you!
My question is: how do I only allow relay for authenticated users? Below
is my current configuration largely based on the example1 from the FAQ.
I'm running from source with opensmtpd-201702130941p1.
table aliases file:/etc/mail/aliases
table domains file:/etc/mail/domains
table passwd passwd:/etc/mail/passwd
table users file:/etc/mail/users
table secrets file:/etc/mail/secrets
pki ${cubevar_app_email_host} certificate
"/etc/letsencrypt/live/${cubevar_app_email_host}/fullchain.pem"
pki ${cubevar_app_email_host} key
"/etc/letsencrypt/live/${cubevar_app_email_host}/privkey.pem"
listen on eth0 inet4 port 25 tls pki ${cubevar_app_email_host}
auth-optional
listen on eth0 inet4 port 465 tls-require pki ${cubevar_app_email_host}
auth
listen on eth0 inet4 port 587 tls-require pki ${cubevar_app_email_host}
auth
accept from local for local alias deliver to lmtp
"/run/dovecot/lmtp" rcpt-to
accept from any for domain virtual deliver to lmtp
"/run/dovecot/lmtp" rcpt-to
#accept from any for any relay via tls+auth://la...@smtp.sendgrid.net
auth
If I understand the above correctly, somebody could connect to port 25,
not authenticate, but still send an email which would relay to sendgrid.
However, I don't want to enforce authentication on 25 because then I
can't receive email for my domains as an MX server.
--
Kevin
--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: Relay for authenticated users
Hi Jourg, > Op 4 mei 2017, om 10:02 heeft Joerg Jung <m...@umaxx.net> het volgende > geschreven: > > >> On 3. May 2017, at 15:05, Frank Timmers <opensm...@geen-reclame.nl> wrote: >> >> Hi, >> >> I’m trying to allow relay for authenticated users, however “smtpd -n” gives >> a syntax error on the last line (with the authenticated) keyword. As far as >> I understand the documentation [1], this should be the correct syntax. I’ve >> included my config below. Any hints on why this isn’t working? I’m using >> OpenSMTPD version 6.0.2p1. >> >> In the config below, i differentiate between hosts which can only mail to >> internal domains and hosts which can relay to any domain. It would be great >> to be able to do the same for authenticated users. For example with “accept >> from any user for domain ”. >> I don’t see how I would be able to do that with the current options. >> >> Thanks and Kind regards, >> Frank. >> >> >> >> 1: http://man.openbsd.org/smtpd.conf >> >> — >> # PKI >> pki mail.example.com certificate "/etc/opensmtpd/ssl.crt" >> pki mail.example.com key "/etc/opensmtpd/ssl.key" >> >> # If you edit the file, you have to run "smtpctl update table " >> table internal_domains file:/etc/opensmtpd/tables/internal_domains >> table sender_domains file:/etc/opensmtpd/tables/sender_domains >> table can_relay_internally file:/etc/opensmtpd/tables/can_relay_internally >> table can_relay_externally file:/etc/opensmtpd/tables/can_relay_externally >> table recipient_whitelist file:/etc/opensmtpd/tables/recipient_whitelist >> table smtp_users file:/etc/opensmtpd/tables/smtp_users >> >> # Interface to listen on any address (needed for failover) >> listen on 0.0.0.0 secure auth-optional pki mail.example.com >> >> # Listen on localhost for DKIM signed mail >> listen on 127.0.0.1 port 10028 tag DKIM >> >> # Relay all DKIM signed mails >> accept tagged DKIM for any relay >> >> # accept all mail for whitelisted recipients and relay to dkimproxy >> accept from any for any recipient relay via >> smtp://127.0.0.1:10027 >> >> # Hosts in table are allowed to relay to any from >> approved sender domains >> accept from source sender for any >> relay via smtp://127.0.0.1:10027 >> >> # Hosts in table are allowed to relay to any from >> approved sender domains >> accept from source sender for domain >> relay via smtp://127.0.0.1:10027 >> >> # Authenticated users are allowed to relay >> accept authenticated from any relay >> — > > If I remember correctly, authenticated users are treated like “local” users, > so > accept rom local for any relay > might work. "accept from local for any relay” does seem to work. However this is for my situation not sufficient. In the config above, I differentiate between hosts which are allowed to relay and hosts which are allowed only to relay to a limited set of destination domains. I’d like to do this for authenticated users as well. with the authenticated keyword as mentioned in the documentation, I could construct something like: accept authenticated from source 10.1.0.0/24 for any relay accept authenticated from source 10.2.0.0/24 for domain relay As far I understand the documentation (http://man.openbsd.org/smtpd.conf), the above two lines should work. Ideally I’d prefer the ruleset below, could this be considered a feature request? — # PKI pki mail.example.com certificate "/etc/opensmtpd/ssl.crt" pki mail.example.com key "/etc/opensmtpd/ssl.key" # Tables table domain_list file:/etc/opensmtpd/tables/domain_list table restricted_users file:/etc/opensmtpd/tables/restricted_users table relay_users file:/etc/opensmtpd/tables/relay_users # Interface to listen on. listen on 0.0.0.0 secure auth-optional pki mail.example.com # Ruleset accept authenticated user from any for any relay accept authenticated user from any for domain relay — Kind regards, Frank. -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: Relay for authenticated users
I believe they are treated as local users. I've never used the "authenticated" keyword, so I'm not sure how to implement it correctly. I think my current setup I tag the incoming messages on submission port and use the tag in my relay rule. Sent from BlueMail On May 4, 2017, 3:02 AM, at 3:02 AM, Joerg Jung <m...@umaxx.net> wrote: > >> On 3. May 2017, at 15:05, Frank Timmers <opensm...@geen-reclame.nl> >wrote: >> >> Hi, >> >> I’m trying to allow relay for authenticated users, however “smtpd -n” >gives a syntax error on the last line (with the authenticated) keyword. >As far as I understand the documentation [1], this should be the >correct syntax. I’ve included my config below. Any hints on why this >isn’t working? I’m using OpenSMTPD version 6.0.2p1. >> >> In the config below, i differentiate between hosts which can only >mail to internal domains and hosts which can relay to any domain. It >would be great to be able to do the same for authenticated users. For >example with “accept from any user for >domain ”. I don’t see how I would be able to do that >with the current options. >> >> Thanks and Kind regards, >> Frank. >> >> >> >> 1: http://man.openbsd.org/smtpd.conf >> >> — >> # PKI >> pki mail.example.com certificate "/etc/opensmtpd/ssl.crt" >> pki mail.example.com key "/etc/opensmtpd/ssl.key" >> >> # If you edit the file, you have to run "smtpctl update table >" >> table internal_domains file:/etc/opensmtpd/tables/internal_domains >> table sender_domains file:/etc/opensmtpd/tables/sender_domains >> table can_relay_internally >file:/etc/opensmtpd/tables/can_relay_internally >> table can_relay_externally >file:/etc/opensmtpd/tables/can_relay_externally >> table recipient_whitelist >file:/etc/opensmtpd/tables/recipient_whitelist >> table smtp_users file:/etc/opensmtpd/tables/smtp_users >> >> # Interface to listen on any address (needed for failover) >> listen on 0.0.0.0 secure auth-optional pki >mail.example.com >> >> # Listen on localhost for DKIM signed mail >> listen on 127.0.0.1 port 10028 tag DKIM >> >> # Relay all DKIM signed mails >> accept tagged DKIM for any relay >> >> # accept all mail for whitelisted recipients and relay to dkimproxy >> accept from any for any recipient relay via >smtp://127.0.0.1:10027 >> >> # Hosts in table are allowed to relay to any >from approved sender domains >> accept from source sender for >any relay via smtp://127.0.0.1:10027 >> >> # Hosts in table are allowed to relay to any >from approved sender domains >> accept from source sender for >domain relay via smtp://127.0.0.1:10027 >> >> # Authenticated users are allowed to relay >> accept authenticated from any relay >> — > >If I remember correctly, authenticated users are treated like “local” >users, so > accept rom local for any relay >might work. > >-- >You received this mail because you are subscribed to misc@opensmtpd.org >To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: Relay for authenticated users
> On 3. May 2017, at 15:05, Frank Timmers <opensm...@geen-reclame.nl> wrote: > > Hi, > > I’m trying to allow relay for authenticated users, however “smtpd -n” gives a > syntax error on the last line (with the authenticated) keyword. As far as I > understand the documentation [1], this should be the correct syntax. I’ve > included my config below. Any hints on why this isn’t working? I’m using > OpenSMTPD version 6.0.2p1. > > In the config below, i differentiate between hosts which can only mail to > internal domains and hosts which can relay to any domain. It would be great > to be able to do the same for authenticated users. For example with “accept > from any user for domain ”. I > don’t see how I would be able to do that with the current options. > > Thanks and Kind regards, > Frank. > > > > 1: http://man.openbsd.org/smtpd.conf > > — > # PKI > pki mail.example.com certificate "/etc/opensmtpd/ssl.crt" > pki mail.example.com key "/etc/opensmtpd/ssl.key" > > # If you edit the file, you have to run "smtpctl update table " > table internal_domains file:/etc/opensmtpd/tables/internal_domains > table sender_domains file:/etc/opensmtpd/tables/sender_domains > table can_relay_internally file:/etc/opensmtpd/tables/can_relay_internally > table can_relay_externally file:/etc/opensmtpd/tables/can_relay_externally > table recipient_whitelist file:/etc/opensmtpd/tables/recipient_whitelist > table smtp_users file:/etc/opensmtpd/tables/smtp_users > > # Interface to listen on any address (needed for failover) > listen on 0.0.0.0 secure auth-optional pki mail.example.com > > # Listen on localhost for DKIM signed mail > listen on 127.0.0.1 port 10028 tag DKIM > > # Relay all DKIM signed mails > accept tagged DKIM for any relay > > # accept all mail for whitelisted recipients and relay to dkimproxy > accept from any for any recipient relay via > smtp://127.0.0.1:10027 > > # Hosts in table are allowed to relay to any from > approved sender domains > accept from source sender for any > relay via smtp://127.0.0.1:10027 > > # Hosts in table are allowed to relay to any from > approved sender domains > accept from source sender for domain > relay via smtp://127.0.0.1:10027 > > # Authenticated users are allowed to relay > accept authenticated from any relay > — If I remember correctly, authenticated users are treated like “local” users, so accept rom local for any relay might work. -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: Relay for authenticated users
On 05/03/17 16:27, Frank Timmers wrote: Hi Edgar, Op 3 mei 2017, om 23:04 heeft Edgar Pettijohn <ed...@pettijohn-web.com> het volgende geschreven: On 05/03/17 08:05, Frank Timmers wrote: Hi, I’m trying to allow relay for authenticated users, however “smtpd -n” gives a syntax error on the last line (with the authenticated) keyword. As far as I understand the documentation [1], this should be the correct syntax. I’ve included my config below. Any hints on why this isn’t working? I’m using OpenSMTPD version 6.0.2p1. In the config below, i differentiate between hosts which can only mail to internal domains and hosts which can relay to any domain. It would be great to be able to do the same for authenticated users. For example with “accept from any user for domain ”. I don’t see how I would be able to do that with the current options. Thanks and Kind regards, Frank. 1: http://man.openbsd.org/smtpd.conf — # PKI pki mail.example.com certificate "/etc/opensmtpd/ssl.crt" pki mail.example.com key "/etc/opensmtpd/ssl.key" # If you edit the file, you have to run "smtpctl update table " table internal_domains file:/etc/opensmtpd/tables/internal_domains table sender_domains file:/etc/opensmtpd/tables/sender_domains table can_relay_internally file:/etc/opensmtpd/tables/can_relay_internally table can_relay_externally file:/etc/opensmtpd/tables/can_relay_externally table recipient_whitelist file:/etc/opensmtpd/tables/recipient_whitelist table smtp_users file:/etc/opensmtpd/tables/smtp_users # Interface to listen on any address (needed for failover) listen on 0.0.0.0 secure auth-optional pki mail.example.com # Listen on localhost for DKIM signed mail listen on 127.0.0.1 port 10028 tag DKIM # Relay all DKIM signed mails accept tagged DKIM for any relay # accept all mail for whitelisted recipients and relay to dkimproxy accept from any for any recipient relay via smtp://127.0.0.1:10027 # Hosts in table are allowed to relay to any from approved sender domains accept from source sender for any relay via smtp://127.0.0.1:10027 # Hosts in table are allowed to relay to any from approved sender domains accept from source sender for domain relay via smtp://127.0.0.1:10027 # Authenticated users are allowed to relay accept authenticated from any relay — try: accept authenticated for any relay Thanks for the response. This also produces a syntax error message. Regards, Frank I was thinking you may also need to switch from auth-optional to auth. I believe they are treated differently. -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: Relay for authenticated users
Hi Edgar, > Op 3 mei 2017, om 23:04 heeft Edgar Pettijohn <ed...@pettijohn-web.com> het > volgende geschreven: > > > > On 05/03/17 08:05, Frank Timmers wrote: >> Hi, >> >> I’m trying to allow relay for authenticated users, however “smtpd -n” gives >> a syntax error on the last line (with the authenticated) keyword. As far as >> I understand the documentation [1], this should be the correct syntax. I’ve >> included my config below. Any hints on why this isn’t working? I’m using >> OpenSMTPD version 6.0.2p1. >> >> In the config below, i differentiate between hosts which can only mail to >> internal domains and hosts which can relay to any domain. It would be great >> to be able to do the same for authenticated users. For example with “accept >> from any user for domain ”. >> I don’t see how I would be able to do that with the current options. >> >> Thanks and Kind regards, >> Frank. >> >> >> >> 1: http://man.openbsd.org/smtpd.conf >> >> — >> # PKI >> pki mail.example.com certificate "/etc/opensmtpd/ssl.crt" >> pki mail.example.com key "/etc/opensmtpd/ssl.key" >> >> # If you edit the file, you have to run "smtpctl update table " >> table internal_domains file:/etc/opensmtpd/tables/internal_domains >> table sender_domains file:/etc/opensmtpd/tables/sender_domains >> table can_relay_internally file:/etc/opensmtpd/tables/can_relay_internally >> table can_relay_externally file:/etc/opensmtpd/tables/can_relay_externally >> table recipient_whitelist file:/etc/opensmtpd/tables/recipient_whitelist >> table smtp_users file:/etc/opensmtpd/tables/smtp_users >> >> # Interface to listen on any address (needed for failover) >> listen on 0.0.0.0 secure auth-optional pki mail.example.com >> >> # Listen on localhost for DKIM signed mail >> listen on 127.0.0.1 port 10028 tag DKIM >> >> # Relay all DKIM signed mails >> accept tagged DKIM for any relay >> >> # accept all mail for whitelisted recipients and relay to dkimproxy >> accept from any for any recipient relay via >> smtp://127.0.0.1:10027 >> >> # Hosts in table are allowed to relay to any from >> approved sender domains >> accept from source sender for any >> relay via smtp://127.0.0.1:10027 >> >> # Hosts in table are allowed to relay to any from >> approved sender domains >> accept from source sender for domain >> relay via smtp://127.0.0.1:10027 >> >> # Authenticated users are allowed to relay >> accept authenticated from any relay >> — >> >> > try: > accept authenticated for any relay Thanks for the response. This also produces a syntax error message. Regards, Frank -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Relay for authenticated users
Hi, I’m trying to allow relay for authenticated users, however “smtpd -n” gives a syntax error on the last line (with the authenticated) keyword. As far as I understand the documentation [1], this should be the correct syntax. I’ve included my config below. Any hints on why this isn’t working? I’m using OpenSMTPD version 6.0.2p1. In the config below, i differentiate between hosts which can only mail to internal domains and hosts which can relay to any domain. It would be great to be able to do the same for authenticated users. For example with “accept from any user for domain ”. I don’t see how I would be able to do that with the current options. Thanks and Kind regards, Frank. 1: http://man.openbsd.org/smtpd.conf — # PKI pki mail.example.com certificate "/etc/opensmtpd/ssl.crt" pki mail.example.com key "/etc/opensmtpd/ssl.key" # If you edit the file, you have to run "smtpctl update table " table internal_domains file:/etc/opensmtpd/tables/internal_domains table sender_domains file:/etc/opensmtpd/tables/sender_domains table can_relay_internally file:/etc/opensmtpd/tables/can_relay_internally table can_relay_externally file:/etc/opensmtpd/tables/can_relay_externally table recipient_whitelist file:/etc/opensmtpd/tables/recipient_whitelist table smtp_users file:/etc/opensmtpd/tables/smtp_users # Interface to listen on any address (needed for failover) listen on 0.0.0.0 secure auth-optional pki mail.example.com # Listen on localhost for DKIM signed mail listen on 127.0.0.1 port 10028 tag DKIM # Relay all DKIM signed mails accept tagged DKIM for any relay # accept all mail for whitelisted recipients and relay to dkimproxy accept from any for any recipient relay via smtp://127.0.0.1:10027 # Hosts in table are allowed to relay to any from approved sender domains accept from source sender for any relay via smtp://127.0.0.1:10027 # Hosts in table are allowed to relay to any from approved sender domains accept from source sender for domain relay via smtp://127.0.0.1:10027 # Authenticated users are allowed to relay accept authenticated from any relay — -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
