[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Postfix question



Theo v. Werkhoven wrote:

Is it possible to set up postfix in the following way, so that it would permit sending mail with unathorized access from internal private network, and at the same time serve as secured password-authorized SMTP to external public network in other words: if i would like to send mail from internal netwrok, i just specify my server as usual SMPT without auth, and if i want to use it from outside, i configure my mail client to use it with SSL enabled and with user/password auth.
Any ideas will be highly welcomed!


Create another instance of Postfix, which handles the un-authenticated
mail for the LAN.
http://advosys.ca/papers/postfix-instance.html

Kanons on birds ;) it's not needed to have two instances:
setup sasl to do the auth stuff for external users, set:
mynetworks = 10.0.0.0/24, 127.0.0.0/8

smtpd_recipient_restrictions = reject_non_fqdn_recipient,
				reject_non_fqdn_sender,
				reject_unknown_sender_domain,
				reject_unknown_recipient_domain,
				permit_mynetworks,
				permit_sasl_authenticated,
				check_relay_domains

And you'll get what you need.

(thats just a example, you need the order of permit_mynetworks
and sasl_authenticated to get what you want)

Of course you have to setup sasl to do that.

Regards,
Sven


--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here