On 13-04-12 20:47, J Gao wrote: > On 12-04-13 11:35 AM, Tom Hendrikx wrote: >> On 13-04-12 20:24, J Gao wrote: >>> We have a Postfix mail server (CentOS 5.7, Postfix, Courier, Virtual >>> Domain, MailScanner) and I want setup the autoresponder for Postifx. >>> >>> I followed the instruction on >>> http://nefaria.com/project_index/autoresponse/ >>> >>> I looked the maillog and I found that the filter override seems not >>> working. The mail doesn't handle over to the "autoresponder", it always >>> goes to "relay=virtual" >>> >>> Here is the maillog: >>> =============== >>> Apr 13 11:10:51 zeta postfix/smtpd[26079]: 4F5108031: >>> client=unknown[24.207.43.101], sasl_method=PLAIN, >>> sasl_username=j...@veecall.com >> The message arrives from an sasl authenticated client... > Yes, this is required by the autoresponse perl script. > From: http://nefaria.com/project_index/autoresponse/ > "For security reasons, SASL authentication is required in order to > configure autoresponses via e-mail" > >> >>> And mu master.cf: >>> ========================================================================== >>> # service type private unpriv chroot wakeup maxproc command + args >>> # (yes) (yes) (yes) (never) (100) >>> # >>> ========================================================================== >>> smtp inet n - n - - smtpd >>> -o content_filter=autoresponder:dummy >>> submission inet n - n - - smtpd >>> # -o smtpd_enforce_tls=yes >>> -o smtpd_sasl_auth_enable=yes >>> -o smtpd_client_restrictions=permit_sasl_authenticated,reject >> Only submission seems to have sasl enabled, which you are using. >> But you seem to have the autoresponder only on the smtpd interface, not >> on the submission interface. >> > Sorry I am still learning Postfix. So do you mean I should add the > filter to submission as well? > > smtp inet n - n - - smtpd > -o content_filter=autoresponder:dummy > submission inet n - n - - smtpd > # -o smtpd_enforce_tls=yes > -o smtpd_sasl_auth_enable=yes > -o smtpd_client_restrictions=permit_sasl_authenticated,reject > -o content_filter=autoresponder:dummy >
If SASL is required, you should not add it to the smtp line since that does not support sasl (depends on your main.cf which you did not show) but only to submission. Note that Reindls point is true: anyone with a valid sasl account would be able to activate an autoresponder for any other user. If a web gui is the right solution depends on your use case, but issues will arise without more restrictions. As autoresponder seems to require the envelope_sender to be the same as the one you're configuring autoresponder for, this might be a nice job for reject_sender_login_mismatch. See http://www.postfix.org/SASL_README.html#server_sasl_authz -- Tom
