LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   postfix: only accept relay mail from authenticated users (https://www.linuxquestions.org/questions/linux-server-73/postfix-only-accept-relay-mail-from-authenticated-users-673730/)

eantoranz 10-02-2008 08:12 AM
postfix: only accept relay mail from authenticated users
 
hi!

I've set up postfix to get collect mails for a given domain and also relay mail to any other domain (mynetworks = 0.0.0.0/0) so that people is able to send mails using our SMTP, however I want only authenticated users to be able to send mails to other domains and not just anyone. Is there an easy way to ask for that (and at the same time continue accepting any mail to our local domain)?

Thanks in advance.

racracracrac 10-02-2008 08:41 AM
In smtpd_recipient_restrictions, you need to add "permit_sasl_authenticated,reject_unauth_destination" at the first

Here is mine:

smtpd_recipient_restrictions = permit_sasl_authenticated, reject_rbl_client bl.spamcop.net, reject_rbl_client sbl-xbl.spamhaus.org, reject_rbl_client list.dsbl.org, reject_rbl_client rbl.mail-abuse.org, reject_rbl_client spamsources.fabel.dk, permit_mynetworks, reject_invalid_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_destination

eantoranz 10-02-2008 08:46 AM
That's right, racra.

With only this, it worked (I was asking on the irc channel of postfix as well):
smtpd_recipient_restrictions = permit_sasl_authenticated, reject_unauth_destination

Thanks for your kind reply anyway. :-)

Mr. C. 10-04-2008 04:02 AM
Quote:
Originally Posted by racracracrac (Post 3297999)
In smtpd_recipient_restrictions, you need to add "permit_sasl_authenticated,reject_unauth_destination" at the first

Here is mine:

smtpd_recipient_restrictions = permit_sasl_authenticated, reject_rbl_client bl.spamcop.net, reject_rbl_client sbl-xbl.spamhaus.org, reject_rbl_client list.dsbl.org, reject_rbl_client rbl.mail-abuse.org, reject_rbl_client spamsources.fabel.dk, permit_mynetworks, reject_invalid_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_destination
You should reorder your checks:
Code:
smtpd_recipient_restrictions =
  reject_non_fqdn_recipient,
  reject_non_fqdn_sender,
  reject_unlisted_recipient
the above are cheap; perform them first
  permit_mynetworks,
  permit_sasl_authenticated,
now accept your networks and authenticated users
  reject_unauth_destination,
  reject_invalid_hostname,
in >2.3, reject_invalid_hostname is changed to reject_invalid_helo_hostname
  reject_unknown_sender_domain,
  reject_unknown_recipient_domain
your expensive rbl checks should be done last (require dns lookups on external servers)
  reject_rbl_client sbl-xbl.spamhaus.org,
consider replacing with zen.spamhaus.org, which includes sbl + xbl + pbl. In any event, spamhaus is better suited to go before spamcop.
  reject_rbl_client bl.spamcop.net,
  reject_rbl_client list.dsbl.org,
  reject_rbl_client rbl.mail-abuse.org,
  reject_rbl_client spamsources.fabel.dk,
There are helo checks you can perform too before rbl checks which will weed out loads of spam.


All times are GMT -5. The time now is 11:14 PM.