Hello Viktor 30. Jan 2015 04:05 by postfix-us...@dukhovni.org:
> Save yourself a lot of complexity and use a different port for this on the > destination system. You could use 587, for example. This automatically > bypasses postscreen. > >> So when it passes to #2 server the mail with relay I want #2 server >> >> ?1. Know for sure that the relay mail comes from the #1 server.? A added >> header can be made fake so I look for a better way that is not possible to >> fake. > > Restrict access to the non-default port via TLS client certs or SASL. > Okay good advise again. With the SASL opportunity is it still true that Postfix with the Dovecot SASL where I am building Postfix with -DUSE_SASL_AUTH -DDEF_SERVER_SASL_TYPE="dovecot" is not possible to use as SASL client but only Cyrus? http://www.postfix.org/SASL_README.html#client_sasl "At this time, the Dovecot SASL implementation does not provide client functionality. " With the TLS client cert opportunity for authenticating my Postfix relay as client to the other mail server that is receiving the relay mail I have some small confusion. When I make the self-signed client certificate for my Postfix relay instance I have read that I must give it the email address of the 'login user' exactly so it can be a match. I do not know which user I must give? Becuase there will be mail for many different users that will be relayed. *S*
