On Thu, May 26, 2016 at 11:40:22PM +0200, Zalezny Niezalezny wrote:
> 1. How to configure relay server which will relay all E-mails from
> authenticated users from any IP.
main.cf:
indexed = ${default_database_type}:${config_directory}/
smtpd_tls_fingerprint_digest = sha256
smtpd_tls_auth_only = yes
# Note Postfix >= 2.10
mua_relay_restrictions =
permit_sasl_authenticated,
check_ccert_access ${indexed}relay-ccerts,
reject
master.cf:
submission inet ... smtpd
-o smtpd_relay_restrictions=$mua_relay_restrictions
-o smtpd_tls_security_level=encrypt
-o smtpd_tls_ask_ccert=yes
...
relay-ccerts:
# <Public key fingerprint> OK
e3:b0:c4:42:98:fc:1c:14:9a:fb:f4:c8:99:6f:b9:24:27:ae:41:e4:64:9b:93:4c:a4:95:99:1b:78:52:b8:55
OK
...
Or configure SASL, but frankly client certs are much easier on the
server side, and simple enough on the client side, at least with
Postfix as the client.
--
Viktor.
