On Thu, Nov 22, 2012 at 11:43:51AM +0100, Patric Falinder wrote: > Patric Falinder skrev 2012-11-22 10:02: > >I need to configure Postfix to be an open relay on a specific > >port, lets say 3326. I already have Postfix configured like a > >normal mailserver that requires authentication etc. but I need it > >to not ask for authentication on port 3326. How do I do this? > > > >I know this isn't safe but this port wont be open for the > >internet, just specific IP's that I specify on my router, so I > >wont be a target for spammers.
Even if safe, it is far from ideal. > >I already have port 3325 open just like port 25, I did that What is the purpose of this smtpd on 3325? > >by just adding this to /etc/services: > >smtp2 3325/tcp (I don't edit services(5). I let IANA handle that. It only gives resolution of the port by name. You could just as well use the number.) > >and in /etc/postfix/master.cf: > >smtp2 inet n - - - - smtpd > > > >So I can do the same for port 3326 but I don't know how to > >disable the authentication part. How can I do this? > It would actually be easier if there's a way to accept > hostnames (mail.example.com) directly on the standard ports > without authentication. This is doable (check_client_access) but not for you, read on. > I use 'mynetworks' to allow different IP numbers to send mail > without authenticating but it doesn't support domain-names/ > hostnames. Or maybe there's another way it should be done? ... And finally, the real goal is stated: > All I actually need to do is to allow a dyndns-adress to send > without authentication. (You really should have started with this.) There are lots of workarounds available to SASL-allergic admins. Mine, years ago, was to set up a site-to-site openvpn(8) tunnel, adding the VPN IP address to mynetworks. This has the additional benefit (FSVO "benefit") of hiding the "real" IP address in the headers. Postfix only sees the VPN IP. check_client_access won't work because it looks up only forward- confirmed reverse DNS names. Your dynamic DNS probably only sets a "forward" name, not the PTR for the IP address. That said, there are a few thousand ways you might manage that, as well. An entry in /etc/hosts(5) for the dynamic address, in most cases, will bypass the PTR lookup. A simple script to edit your /etc/hosts file when the dynamic host changes its address might enable check_client_access. Your script might just as well update a hash: file for mynetworks. And another solution is to reconsider your SASL antipathy. It's well-documented and not that hard to set up. http://www.postfix.org/SOHO_README.html#client_sasl_enable -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
