Re: [suse-security] SuSE 9.0: postfix sasl authentikation fails
-----Original Message----- From: Markus Feilner [mailto:lists@feilner-it.net] Sent: Friday, January 09, 2004 2:53 PM To: suse-security@suse.com
Andreas, thanks a lot!!
yep hes really good isn't he? ;)
Two typos and the thing about the realm! One more question ... I want _only_ sasl-auth'd Users to be allowed to send. According to http://postfix.state-of-mind.de/patrick.koetter/smtpauth/ smtp_auth_mailclients.html I put in /etc/postfix/main.cf:
mydomain = somewhere myorigin = Mailserver.somewhere mydestination = $myhostname, localhost.$mydomain relay_domains = somewhere smtpd_sender_restrictions = permit_mynetworks permit_sasl_authenticated reject
are there really no commas here? it should look like smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, reject HTH marc
Am Freitag, 9. Januar 2004 14:59 schrieb Marc Samendinger:
-----Original Message----- From: Markus Feilner [mailto:lists@feilner-it.net] Sent: Friday, January 09, 2004 2:53 PM To: suse-security@suse.com
Andreas, thanks a lot!!
yep hes really good isn't he? ;)
For Sure he is.
Two typos and the thing about the realm! One more question ... I want _only_ sasl-auth'd Users to be allowed to send. According to http://postfix.state-of-mind.de/patrick.koetter/smtpauth/ smtp_auth_mailclients.html I put in /etc/postfix/main.cf:
mydomain = somewhere myorigin = Mailserver.somewhere mydestination = $myhostname, localhost.$mydomain relay_domains = somewhere smtpd_sender_restrictions = permit_mynetworks permit_sasl_authenticated reject
are there really no commas here? it should look like
smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, reject
HTH marc
The commas don't seem to make a difference, However, the working config is: mynetworks = 192.168.0.0/24 smtpd_sender_restrictions = permit_sasl_authenticated, reject smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_local_domain = Mailserver broken_sasl_auth_clients = yes -- Mit freundlichen Grüßen Markus Feilner -- Linux Solutions, Training, Seminare und Workshops - auch Inhouse Feilner IT Linux & GIS Erlangerstr. 2 93059 Regensburg fon: +49 941 70 65 23 - mobil: +49 170 302 709 2 web: http://feilner-it.net mail: mfeilner@feilner-it.net
On Friday 09 January 2004 14:59, Marc Samendinger wrote:
smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, reject
You would drop virtually all incoming mail from external, non-authenticated users to you. I can't imagine this is what you want. I think the following lines may be more appropriate: smtpd_sender_restrictions = smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, permit_auth_destination, reject The above translates to allow all 'MAIL FROM' sender adresses, but only accept 'RCPT TO' adresses if the client is from 'mynetworks', 'sasl_authenticated' or the recipient is in the list of domains for which we recieve or relay mail. Best regards, Arjen
Am Freitag, 9. Januar 2004 15:21 schrieb Arjen de Korte:
On Friday 09 January 2004 14:59, Marc Samendinger wrote:
smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, reject
You would drop virtually all incoming mail from external, non-authenticated users to you. I can't imagine this is what you want. I think the following lines may be more appropriate:
smtpd_sender_restrictions = smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, permit_auth_destination, reject
The above translates to allow all 'MAIL FROM' sender adresses, but only accept 'RCPT TO' adresses if the client is from 'mynetworks', 'sasl_authenticated' or the recipient is in the list of domains for which we recieve or relay mail.
Best regards, Arjen Of course you're absolutely right, I was just happy I got it working.... ;-) Thanks! (However, my config is even more tricky: The mailserver recieves mail for one domain on interface eth0, passes it to spamd, gets it bak and delivers to an exchange server in the local net.) Outgoing mail is all coming from eth1 (mainly from the exchange server) and is delivered without spam check or similar. So my config would work for the smtpd daemon on eth1... i guess... ;-)
Nevertheless, thanks ! -- Mit freundlichen Grüßen Markus Feilner -- Linux Solutions, Training, Seminare und Workshops - auch Inhouse Feilner IT Linux & GIS Erlangerstr. 2 93059 Regensburg fon: +49 941 70 65 23 - mobil: +49 170 302 709 2 web: http://feilner-it.net mail: mfeilner@feilner-it.net
participants (3)
-
Arjen de Korte
-
Marc Samendinger
-
Markus Feilner