Postfix/dovecot smtp auth implementation question
Hi all! With the config lines below, all clients from inside my network MUST authenticate to deliver a message. But all connections from the Internet where "mail from" is @mydomain.com can deliver mail to local users without authenticate. What should I do to force authentication to ALL us...@mydomain.com? smtpd_sasl_authenticated_header = yes broken_sasl_auth_client = yes smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
Re: Postfix/dovecot smtp auth implementation question
Thanks! Now it's clearer. I'll test that + smtpd_reject_unlisted_sender. I'll post my results. mouss wrote: indio a écrit : Hi all! With the config lines below, all clients from inside my network MUST authenticate to deliver a message. But all connections from the Internet where "mail from" is @mydomain.com can deliver mail to local users without authenticate. What should I do to force authentication to ALL us...@mydomain.com? smtpd_sasl_authenticated_header = yes broken_sasl_auth_client = yes smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination http://www.postfix.org/postconf.5.html#smtpd_sender_login_maps http://www.postfix.org/postconf.5.html#reject_sender_login_mismatch
Re: Postfix/dovecot smtp auth implementation question
Tested and working perfect with these 3 lines: smtpd_sender_login_maps = mysql:/etc/postfix/smtpd_sender_login_maps.cf smtpd_sender_restrictions = reject_sender_login_mismatch smtpd_reject_unlisted_sender = yes /etc/postfix/smtpd_sender_login_maps.cf: query = SELECT username FROM mailbox WHERE username='%s' and active='1' Now I'm reading about SPF. Thanks a lot! indio wrote: Thanks! Now it's clearer. I'll test that + smtpd_reject_unlisted_sender. I'll post my results. mouss wrote: indio a écrit : Hi all! With the config lines below, all clients from inside my network MUST authenticate to deliver a message. But all connections from the Internet where "mail from" is @mydomain.com can deliver mail to local users without authenticate. What should I do to force authentication to ALL us...@mydomain.com? smtpd_sasl_authenticated_header = yes broken_sasl_auth_client = yes smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination http://www.postfix.org/postconf.5.html#smtpd_sender_login_maps http://www.postfix.org/postconf.5.html#reject_sender_login_mismatch
Reject subdomains
I want to reject all mails sent from *.mydomain.tld, or at least apply the same restrictions as to mydomain.tld. I tried some parent_domain_matches_subdomains, but wasn't able to make it work. I want u...@mydomain.tld needed to log in to send mails, and I want u...@other.mydomain.tld be treated as any other external mail account mailing me. Aleady tried subdomain_matches_parent_domain, but nothing happened. [...] mynetworks = 127.0.0.1 , 10.111.1.0/24 myhostname = mail.mydomain.tld mydomain = mail.mydomain.tld myorigin = $mydomain mydestination = $myhostname, $mydomain, localhost mynetworks_style = subnet relay_domains = $mydestination smtpd_sender_login_maps = mysql:/etc/postfix/smtpd_sender_login_maps.cf smtpd_sender_restrictions = permit_mynetworks, reject_sender_login_mismatch smtpd_reject_unlisted_sender = yes [...]
