Dear all! Is it possible to set up postfix in the following way, so that it would permit sending mail with unathorized access from internal private network, and at the same time serve as secured password-authorized SMTP to external public network in other words: if i would like to send mail from internal netwrok, i just specify my server as usual SMPT without auth, and if i want to use it from outside, i configure my mail client to use it with SSL enabled and with user/password auth. Any ideas will be highly welcomed!
On Sat, 19 Jul 2003 you said:
Dear all!
Is it possible to set up postfix in the following way, so that it would permit sending mail with unathorized access from internal private network, and at the same time serve as secured password-authorized SMTP to external public network
in other words: if i would like to send mail from internal netwrok, i just specify my server as usual SMPT without auth, and if i want to use it from outside, i configure my mail client to use it with SSL enabled and with user/password auth.
Any ideas will be highly welcomed!
Create another instance of Postfix, which handles the un-authenticated mail for the LAN. http://advosys.ca/papers/postfix-instance.html Theo -- Theo v. Werkhoven Registered Linux user# 99872 http://counter.li.org Voorhout ICBM 52 13 27N , 4 29 45E. Voor GNUpg/pgp zie headers.
Theo v. Werkhoven wrote:
Is it possible to set up postfix in the following way, so that it would permit sending mail with unathorized access from internal private network, and at the same time serve as secured password-authorized SMTP to external public network
in other words: if i would like to send mail from internal netwrok, i just specify my server as usual SMPT without auth, and if i want to use it from outside, i configure my mail client to use it with SSL enabled and with user/password auth.
Any ideas will be highly welcomed!
Create another instance of Postfix, which handles the un-authenticated mail for the LAN. http://advosys.ca/papers/postfix-instance.html
Kanons on birds ;) it's not needed to have two instances: setup sasl to do the auth stuff for external users, set: mynetworks = 10.0.0.0/24, 127.0.0.0/8 smtpd_recipient_restrictions = reject_non_fqdn_recipient, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unknown_recipient_domain, permit_mynetworks, permit_sasl_authenticated, check_relay_domains And you'll get what you need. (thats just a example, you need the order of permit_mynetworks and sasl_authenticated to get what you want) Of course you have to setup sasl to do that. Regards, Sven
Is it possible to set up postfix in the following way, so that it would permit sending mail with unathorized access from internal private network, and at the same time serve as secured password-authorized SMTP to external public network
in other words: if i would like to send mail from internal netwrok, i just specify my server as usual SMPT without auth, and if i want to use it from outside, i configure my mail client to use it with SSL enabled and with user/password auth.
Any ideas will be highly welcomed!
Create another instance of Postfix, which handles the un-authenticated mail for the LAN. http://advosys.ca/papers/postfix-instance.html
Kanons on birds ;) it's not needed to have two instances: setup sasl to do the auth stuff for external users, set: mynetworks = 10.0.0.0/24, 127.0.0.0/8
smtpd_recipient_restrictions = reject_non_fqdn_recipient, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unknown_recipient_domain, permit_mynetworks, permit_sasl_authenticated, check_relay_domains
And you'll get what you need.
(thats just a example, you need the order of permit_mynetworks and sasl_authenticated to get what you want)
Of course you have to setup sasl to do that.
Remark: This is only for you, if you don't know how to setup ssl/tls on
postfix.
That's not all, you have to enable ssl/tls on postfix (no second instance).
Don't foget to make backups of your config, if something runs wrong!!!
You have to edit main.cf and add this extra options (you can find this in
the documentation of postfix in the exapmleconfig).
Don't forget to make ssl-certivicates for the server (server.crt,
server.pem, server.key, tls: 1024 & 512 bit dh_1024.pem, dh_512.pem)!
Philippe Vogel wrote:
Remark: This is only for you, if you don't know how to setup ssl/tls on postfix.
That's not all, you have to enable ssl/tls on postfix (no second instance).
take care, ssl/tls is _not_ needed if you just want to do authentication but it is RECOMMENDED cause many auth methods (login,plain etc.) are NOT encrypted and CAN be sniffed (and then abused). regards, Sven BTW: you can also relay based on certs ;)
participants (4)
-
Philippe Vogel
-
Sven 'Darkman' Michels
-
Theo v. Werkhoven
-
Vitaly Shishakov