[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [suse-security] SuSE 9.0: postfix sasl authentikation fails
Am Freitag, 9. Januar 2004 15:34 schrieb Marc Samendinger:
> > -----Original Message-----
> > From: Arjen de Korte [mailto:suse-security@xxxxxxxxxxxx]
> > Sent: Friday, January 09, 2004 3:22 PM
> > On Friday 09 January 2004 14:59, Marc Samendinger wrote:
> > > smtpd_sender_restrictions =
> > > permit_mynetworks,
> > > permit_sasl_authenticated,
> > > reject
> > You would drop virtually all incoming mail from external,
> > non-authenticated
> > users to you. I can't imagine this is what you want. I think
> > the following
> > lines may be more appropriate:
> > smtpd_sender_restrictions =
> > smtpd_recipient_restrictions =
> > permit_mynetworks,
> > permit_sasl_authenticated,
> > permit_auth_destination,
> > reject
> > The above translates to allow all 'MAIL FROM' sender
> > adresses, but only accept
> > 'RCPT TO' adresses if the client is from 'mynetworks',
> > 'sasl_authenticated'
> > or the recipient is in the list of domains for which we
> > recieve or relay
> > mail.
> I really did not check the logic behind the restrictions
> I just saw the "missing" commas and thought they were
> needed but I checked again and see they are optional.
> another suggestion to the smtpd_recipient_restrictions
> smtpd_sender_restrictions =
> smtpd_recipient_restrictions =
> > Best regards,
> > Arjen
My next step is motivating cyrussasl to use Kerberos5
- has anybody done this?
My Mailserver is integrated to an ADS Doman via Samba 3.
either pam and pam_winbind or - and i tend to prefer that - kerberos5
Authentication should provide the following:
Any User from the ADS-Domain should be allowed to send Mail over this
Server. No one else.
My idea is:
At the moment, only sasldb works.
not even pam.
Mit freundlichen Grüßen
Linux Solutions, Training, Seminare und Workshops - auch Inhouse
Feilner IT Linux & GIS Erlangerstr. 2 93059 Regensburg
fon: +49 941 70 65 23 - mobil: +49 170 302 709 2
web: http://feilner-it.net mail: mfeilner@xxxxxxxxxxxxxx
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here