On Fri, May 25, 2018 at 03:58:59PM +0300, Consus wrote: > On 14:31 Fri 25 May, Gilles Chehade wrote: > > On Fri, May 25, 2018 at 02:20:50PM +0200, Walter Alejandro Iglesias wrote: > > > Could someone tell me if my changes below are OK. :-) > > > > > > The part I'm not clear is I read in current.html remote authenticated > > > users need a explicit rule. Do I need to add some "match auth" rule? > > > > > > > yes. > > > > before, "from local" would match authenticated users as if they had sent > > mail from the local machine but this led to being unable to express some > > setups where depending on the source you want to relay to different hubs > > even though users are authenticated. > > > > > > With this: > > > > > match from local for local apply local_users > > > match from any for domain <vdomains> virtual <valiases> apply local_users > > > match from local sender <addresses> for any apply remote_users > > > > you need an additonal rule such as: > > > > match auth from any sender <addresses> for any apply remote_users > > > > > > because: > > > > > #accept from local sender <addresses> for any relay > > > > no longer matches authenticated users > > Ain't it "action local_users" instead of "apply local_users"? The man > page states "action".
I took the "apply" from here: https://undeadly.org/cgi?action=article;sid=20180430122930 Now reading this: https://poolp.org/posts/2018-05-21/switching-to-opensmtpd-new-config/ I see I also have to change the "certificate" keyword to "cert" here: pki $server cert "/etc/ssl/server.crt" Gilles, I also saw the "ca" directive. I've been using the acme certificates in pki directives, can I use them in the "ca" directive too? (any advantage in doing this?) Walter
