On Tue, Nov 24, 2009 at 05:53:50PM +0000, K??rlis Repsons wrote:
> Hi to all the list members!
>
> I've been thinkering around postfix for some not very long time, but still
> haven't found an answer to this problem:
>
> 1) let there be host "server" and host "client";
> 2) server must be able to receive any incoming mail (as usually for its own
> domain);
Default Postfix behaviour.
> 3) server only sends relayed mail to not-on-server address if its from
> authenticated client (with the expected certificate);
mynetworks = 127.0.0.1
relay_domains =
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination
... UCE checks ...
> 4) when user U on client sends any mail, it must be first relayed to server,
> which remains responsible for further delivery - it can be to Internet (use
> DNS) or to LAN (don't use DNS, use /etc/hosts!);
If you want Postfix to deliver email to non-DNS nexthops:
smtp_host_lookup = dns, native
> 5) before client actually sends anything to server, it has to check servers
> certificate and make sure, its the same as expected;
This is an MUA, not a Postfix issue.
> 6) before accepting message, server checks clients authenticity in similar
> way, if user U is the source.
You are trying to impose an end-to-end security model (end-user entitlements
to send email, ...) onto a hop-by-hop infrastructure (Internet email).
Generally, you can't impose a naive user authentication policy onto a
hop-by-hop store-and-forward infrastructure, because the party forwarding
a message is often not the original user who injected into the mail system.
This is not a "Postfix" limitation, is it a fundamental part of Internet
email architecure.
If your MTA is in fact an "MSA" and only accepts mail (typically on
port 587), *directly* from an MUA operated by the end-user, with no
local submission by authorized users via the command-line on authorized
null client systems that forward to your server, or other indirect
submission mechanisms, ... Then and only then, can you impose strong
user authentication, unless you want to force S/MIME onto all the MUAs,
and check end-to-end message signatures, ...
Postfix does support obtaining client certificates, but has no support
for directly associating these with a particular sender. We don't have
an analogue of reject_sender_login_mismatch (sender <-> SASL identity
mapping) for TLS client certs. Such a mapping can be implemented in a
"policy service" or milter.
--
Viktor.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:majord...@postfix.org?body=unsubscribe%20postfix-users>
If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
