rod...@thefrowerts.com wrote:
Hello,
I have Dovecot and Postfix both running Plain SASL Auth. I can send mail
via SASL with no problems as verified by my server logs. However, I can
also still send mail WITHOUT using SASL as well.
I have my mail server on the same subnet as the client computer I am doing
the testing with. When I want to send mail to a system users (i.e. a
domain postfix is receiving mail for) I don't seem to have to use SASL to
send mail to that address. However, it seems that I have to use SASL to
relay mail. Postfix won't let me relay WITHOUT using SASL which is fine.
That is what I want. However, I still need SASL to work when a client is
attempting to send mail to a local user.
I don't have access to my master.cf right now as I am away from the
server. However, I know that I have the mynetworks set as 127.0.0.1/8.
That, to me, would say that anything other than local host would NOT be a
trusted user/connection. However, if I look through my logfile, Postfix
is I.D.'ing the computer connecting to the server as "LOCAL".
Any ideas? Again, without me attaching the master.cf files, it is a shot
in the dark. But I thought someone might have an idea...
Thanks!
Rodman
Yes, anyone can send mail to a domain postfix is responsible
for. Otherwise, you would never get any mail.
If you want to restrict using your own domain as envelope
sender, you can use something like (quick basic example):
#main.cf
smtpd_sender_restrictions =
permit_sasl_authenticated
check_sender_access hash:/etc/postfix/reject_my_domain
# reject_my_domain
# replace example.com with your domain name
example.com
REJECT must authenticate to use this sender address
You can also restrict which sasl account can use which sender
address using
http://www.postfix.org/postconf.5.html#smtpd_sender_login_maps
and some combination of
http://www.postfix.org/postconf.5.html#reject_sender_login_mismatch
http://www.postfix.org/postconf.5.html#reject_authenticated_sender_login_mismatch
http://www.postfix.org/postconf.5.html#reject_unauthenticated_sender_login_mismatch
see the docs above and list archives for examples.
-- Noel Jones
