Postfix and sasl-auth causing problems
This is a discussion on Postfix and sasl-auth causing problems within the alt.comp.mail.postfix forums, part of the Mail Servers and Related category; Hi! I'm trying to establish authenticated SMTP-traffic for remote clients on our mailserver. Until now, only local clients ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
11-21-2006
|
|||
|
|||
Postfix and sasl-auth causing problems
Hi!
I'm trying to establish authenticated SMTP-traffic for remote clients on our mailserver. Until now, only local clients needed to be able to relay mail via the server, so I set the following rule in main.cf (actually this is on one line): ~~~~~~~~~~~~~~~ smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, reject_non_fqdn_recipient ~~~~~~~~~~~~~~~ "mynetworks" is correctly set and it worked perfectly, rejecting unauthorized senders while letting our internal users relay. Now that my boss wants to connect to the server from outside, I added SASL-authentication: ~~~~~~~~~~~~~~~~ smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, reject_non_fqdn_recipient, permit_sasl_authenticated smtpd_sasl_auth_enable = yes broken_sasl_auth_clients = yes smtpd_sasl_application_name = smtpd ~~~~~~~~~~~~~~~~ (saslauthd is up and running and already configured) The result of that is that everybody has to specify username and password to relay mail- even local users from "mynetworks". That's not what I want, especially because my local servers use our mailserver for sending warnings and status-mails. I'm using: cyrus-sasl-2.1.22-r1 postfix-2.2.10 on gentoo Linux, kernel 2.6.16 Any ideas on how to solve this problem? TNX in advance, Andreas -- dawin GmbH - Andreas Stallmann - Consultant http://www.dawin.de 
|
|
11-21-2006
|
|||
|
|||
|
Re: Postfix and sasl-auth causing problems
Andreas Stallmann wrote:
> smtpd_recipient_restrictions = permit_mynetworks, > reject_unauth_destination, reject_non_fqdn_recipient, > permit_sasl_authenticated I think the order should be: smtpd_recipient_restrictions = reject_non_fqdn_recipient, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination > The result of that is that everybody has to specify username and > password to relay mail- even local users from "mynetworks". This is an excerpt from "man 5 postconf": "Some clients (Netscape 4 at least) have a bug that causes them to require a login and password whenever AUTH is offered, whether it’s necessary or not." To get around this problem, add: smtpd_sasl_exceptions_networks = $mynetworks -- Greg
|
|
11-22-2006
|
|||
|
|||
|
Re: Postfix and sasl-auth causing problems
Hello!
Here i use: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ smtpd_client_restrictions = permit_sasl_authenticated, hash:/etc/postfix/access, permit_mynetworks ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ (and also same thing with smtpd_sender_restrictions) works fine for me, hope it helps! Best regards, LeMMiNGS "Andreas Stallmann" <andreas.stallmann@web.de> wrote in message news:4sfpa5FvgqikU1@mid.individual.net... > Hi! > > I'm trying to establish authenticated SMTP-traffic for remote clients on > our mailserver. Until now, only local clients needed to be able to relay > mail via the server, so I set the following rule in main.cf (actually this > is on one line): > > ~~~~~~~~~~~~~~~ > > smtpd_recipient_restrictions = permit_mynetworks, > reject_unauth_destination, reject_non_fqdn_recipient > > ~~~~~~~~~~~~~~~ > > "mynetworks" is correctly set and it worked perfectly, rejecting > unauthorized senders while letting our internal users relay. > > Now that my boss wants to connect to the server from outside, I added > SASL-authentication: > > ~~~~~~~~~~~~~~~~ > > smtpd_recipient_restrictions = permit_mynetworks, > reject_unauth_destination, reject_non_fqdn_recipient, > permit_sasl_authenticated > > smtpd_sasl_auth_enable = yes > broken_sasl_auth_clients = yes > smtpd_sasl_application_name = smtpd > > ~~~~~~~~~~~~~~~~ > > (saslauthd is up and running and already configured) > > The result of that is that everybody has to specify username and password > to relay mail- even local users from "mynetworks". > That's not what I want, especially because my local servers use our > mailserver for sending warnings and status-mails. > > I'm using: > > cyrus-sasl-2.1.22-r1 > postfix-2.2.10 > > on gentoo Linux, kernel 2.6.16 > > Any ideas on how to solve this problem? > > TNX in advance, > > Andreas > -- > dawin GmbH - Andreas Stallmann - Consultant > http://www.dawin.de
|
|
11-22-2006
|
|||
|
|||
|
Re: Postfix and sasl-auth causing problems
Hi!
Greg Hackney wrote: > smtpd_recipient_restrictions = > reject_non_fqdn_recipient, > permit_mynetworks, > permit_sasl_authenticated, > reject_unauth_destination > smtpd_sasl_exceptions_networks = $mynetworks That fixed it! Thanx a lot, Andreas -- dawin GmbH - Andreas Stallmann - Consultant http://www.dawin.de
|
|
11-22-2006
|
|||
|
|||
|
Re: Postfix and sasl-auth causing problems
Andreas Stallmann wrote:
> Hi! > > Greg Hackney wrote: >> smtpd_recipient_restrictions = >> reject_non_fqdn_recipient, >> permit_mynetworks, >> permit_sasl_authenticated, >> reject_unauth_destination >> smtpd_sasl_exceptions_networks = $mynetworks > > That fixed it! Thanx a lot, > > Andreas > You are confusing "canonical" with "alias". canonical maps are used to rewrite individual recipient addresses one by one, in the email headers, in order to make the address syntax correct (address mapping). Examples: canonical_maps: @olddomain.com @newdomain.com sender_canonical_maps: user@machine.corp.mydomain.com user@mydomain.com recipient_canonical_maps: user@mydomain.com user@machine.corp.mydomain.com Alias maps are used to redirect mail to one or more recipients. More specifically, alias_maps are used when the domain name of the original recipient is local, and virtual_alias_maps used when the original recipient domain is either local or remote. References: man 5 canonical man 5 aliases man 5 postconf -- Greg
|
Linear Mode
