On 2/3/2014 5:29 AM, Héctor Moreno Blanco wrote: >> H?ctor Moreno Blanco: >>> We have our mail relays. In these relays we check the users aliases in >>> our LDAP. >>> >>> Furthermore, we want other servers to relay on our sides >>> authenticating with a fix user with sasl_password, but I can't make this >>> work. >>> >>> smtpd_sender_login_maps = ldap:matchlogin >>> smtpd_recipient_restrictions = reject_unauth_pipelining, >>> reject_non_fqdn_sender, reject_non_fqdn_recipient, >>> reject_unknown_sender_domain, reject_unknown_recipient_domain, >>> permit_mynetworks, reject_sender_login_mismatch, >>> permit_sasl_authenticated, reject_unauth_destination >> ... >>> Dec 17 16:54:45 relay postfix/smtpd[19444]: NOQUEUE: reject: RCPT from >>> unknown[192.168.13.50]: 553 5.7.1 <u...@my.domain.es>: Sender address >>>> rejected: not logged in; from=<u...@my.domain.es> >>> to=<us...@domain2.com> proto=ESMTP helo=<estafeta2.relay.es> >>> >>> Which is normal, because it can't check the users identity. >>> >>> Is there anything I'm missing in order to communicate between our servers? >> >> Don't use reject_sender_login_mismatch for mail from a trusted relay host. >> >> smtpd_recipient_restrictions = reject_unauth_pipelining, >> reject_non_fqdn_sender, reject_non_fqdn_recipient, >> reject_unknown_sender_domain, reject_unknown_recipient_domain, >> permit_mynetworks, reject_sender_login_mismatch, >> permit_sasl_authenticated, reject_unauth_destination >> >> Add the trusted relay hosts (or better, their network range) to >> main.cf:mynetworks. >> >> Wietse > > Hello Wietse, > > Is it possible to do this connection between relays with certificates?
Yes, you can use certificates to control access. Please see: http://www.postfix.org/TLS_README.html#server_access -- Noel Jones
