Hi Jourg, > Op 4 mei 2017, om 10:02 heeft Joerg Jung <m...@umaxx.net> het volgende > geschreven: > > >> On 3. May 2017, at 15:05, Frank Timmers <opensm...@geen-reclame.nl> wrote: >> >> Hi, >> >> I’m trying to allow relay for authenticated users, however “smtpd -n” gives >> a syntax error on the last line (with the authenticated) keyword. As far as >> I understand the documentation [1], this should be the correct syntax. I’ve >> included my config below. Any hints on why this isn’t working? I’m using >> OpenSMTPD version 6.0.2p1. >> >> In the config below, i differentiate between hosts which can only mail to >> internal domains and hosts which can relay to any domain. It would be great >> to be able to do the same for authenticated users. For example with “accept >> from any user <allowed_to_relay_internally> for domain <internal_domains>”. >> I don’t see how I would be able to do that with the current options. >> >> Thanks and Kind regards, >> Frank. >> >> >> >> 1: http://man.openbsd.org/smtpd.conf >> >> — >> # PKI >> pki mail.example.com certificate "/etc/opensmtpd/ssl.crt" >> pki mail.example.com key "/etc/opensmtpd/ssl.key" >> >> # If you edit the file, you have to run "smtpctl update table <tablename>" >> table internal_domains file:/etc/opensmtpd/tables/internal_domains >> table sender_domains file:/etc/opensmtpd/tables/sender_domains >> table can_relay_internally file:/etc/opensmtpd/tables/can_relay_internally >> table can_relay_externally file:/etc/opensmtpd/tables/can_relay_externally >> table recipient_whitelist file:/etc/opensmtpd/tables/recipient_whitelist >> table smtp_users file:/etc/opensmtpd/tables/smtp_users >> >> # Interface to listen on any address (needed for failover) >> listen on 0.0.0.0 secure auth-optional <smtp_users> pki mail.example.com >> >> # Listen on localhost for DKIM signed mail >> listen on 127.0.0.1 port 10028 tag DKIM >> >> # Relay all DKIM signed mails >> accept tagged DKIM for any relay >> >> # accept all mail for whitelisted recipients and relay to dkimproxy >> accept from any for any recipient <recipient_whitelist> relay via >> smtp://127.0.0.1:10027 >> >> # Hosts in table <can_relay_externally> are allowed to relay to any from >> approved sender domains >> accept from source <can_relay_externally> sender <sender_domains> for any >> relay via smtp://127.0.0.1:10027 >> >> # Hosts in table <can_relay_internally> are allowed to relay to any from >> approved sender domains >> accept from source <can_relay_internally> sender <sender_domains> for domain >> <internal_domains> relay via smtp://127.0.0.1:10027 >> >> # Authenticated users are allowed to relay >> accept authenticated from any relay >> — > > If I remember correctly, authenticated users are treated like “local” users, > so > accept rom local for any relay > might work.
"accept from local for any relay” does seem to work. However this is for my situation not sufficient. In the config above, I differentiate between hosts which are allowed to relay and hosts which are allowed only to relay to a limited set of destination domains. I’d like to do this for authenticated users as well. with the authenticated keyword as mentioned in the documentation, I could construct something like: accept authenticated from source 10.1.0.0/24 for any relay accept authenticated from source 10.2.0.0/24 for domain <domain_list> relay As far I understand the documentation (http://man.openbsd.org/smtpd.conf), the above two lines should work. Ideally I’d prefer the ruleset below, could this be considered a feature request? — # PKI pki mail.example.com certificate "/etc/opensmtpd/ssl.crt" pki mail.example.com key "/etc/opensmtpd/ssl.key" # Tables table domain_list file:/etc/opensmtpd/tables/domain_list table restricted_users file:/etc/opensmtpd/tables/restricted_users table relay_users file:/etc/opensmtpd/tables/relay_users # Interface to listen on. listen on 0.0.0.0 secure auth-optional <smtp_users> pki mail.example.com # Ruleset accept authenticated user <relay_users> from any for any relay accept authenticated user <restricted_users> from any for domain <domain_list> relay — Kind regards, Frank. -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
