Hi Viktor,
thank You very much for Your hints.
What about user ? Do i need to create simply OS user (/etc/passwd) and it
will be enought ? Or some dedicated configuration file is required ?
Thanks in advance
Zalezny
On Fri, May 27, 2016 at 12:07 AM, Viktor Dukhovni <
postfix-us...@dukhovni.org> wrote:
> On Thu, May 26, 2016 at 11:40:22PM +0200, Zalezny Niezalezny wrote:
>
> > 1. How to configure relay server which will relay all E-mails from
> > authenticated users from any IP.
>
> main.cf:
> indexed = ${default_database_type}:${config_directory}/
> smtpd_tls_fingerprint_digest = sha256
> smtpd_tls_auth_only = yes
> # Note Postfix >= 2.10
> mua_relay_restrictions =
> permit_sasl_authenticated,
> check_ccert_access ${indexed}relay-ccerts,
> reject
>
> master.cf:
> submission inet ... smtpd
> -o smtpd_relay_restrictions=$mua_relay_restrictions
> -o smtpd_tls_security_level=encrypt
> -o smtpd_tls_ask_ccert=yes
> ...
>
> relay-ccerts:
> # <Public key fingerprint> OK
>
> e3:b0:c4:42:98:fc:1c:14:9a:fb:f4:c8:99:6f:b9:24:27:ae:41:e4:64:9b:93:4c:a4:95:99:1b:78:52:b8:55
> OK
> ...
>
> Or configure SASL, but frankly client certs are much easier on the
> server side, and simple enough on the client side, at least with
> Postfix as the client.
>
> --
> Viktor.
>
