Limited relay posibilities

Hi


I'm trying to set up a mail-server for a group of people.

The users of this mail-server are not local users on my Linux-box and we
cannot work with authentication, (for a number of somewhat stupid reasons).

It is not my intent to allow for any unauthorised use of this mail-server.

I've been able to set up postfix to receive e-mail for
"virtual_mailbox_domains". The users ("virtual_mailbox_maps") can collect
their e-mail using pop3 or IMAP. I'm using dovecot for that part.
This works just fine.

When the users try sending e-mail they also needs to use this e-mail server
as their SMTP server.
This causes the problem, as Postfix rejects any mail not comming from my
local network, or that is for any domain that have not been listed as a
"relay_domains".

Now I want to be able to allow anyone that is sending from a
"virtual_mailbox_maps" valid e-mail to send e-mail to any domain.

Can anyone please help me achieve this without using authentication?

--
Hilsen

Poul

Poul Lindholm Christiansen wrote:
> Hi
>
>
> I'm trying to set up a mail-server for a group of people.
>
> The users of this mail-server are not local users on my Linux-box and we
> cannot work with authentication, (for a number of somewhat stupid reasons).
>
> It is not my intent to allow for any unauthorised use of this mail-server.
>
> I've been able to set up postfix to receive e-mail for
> "virtual_mailbox_domains". The users ("virtual_mailbox_maps") can
> collect their e-mail using pop3 or IMAP. I'm using dovecot for that part.
> This works just fine.
>
> When the users try sending e-mail they also needs to use this e-mail
> server as their SMTP server.
> This causes the problem, as Postfix rejects any mail not comming from my
> local network, or that is for any domain that have not been listed as a
> "relay_domains".
>
> Now I want to be able to allow anyone that is sending from a
> "virtual_mailbox_maps" valid e-mail to send e-mail to any domain.

set up smtpd_recipient_restrictions the way you need it.

But your complete setup is crappy!
As soon as someone knows a valid address he may use your server to
spread his farts and your server will soon be blacklisted.

> Can anyone please help me achieve this without using authentication?

If you server is reachable from the bad internet you should use auth or
at least popbeforesmtp (have a look at drac).

Klaus


--
Klaus Zerwes
http://zero-sys.net

Poul Lindholm Christiansen wrote:
>
> Now I want to be able to allow anyone that is sending from a
> "virtual_mailbox_maps" valid e-mail to send e-mail to any domain.
>
> Can anyone please help me achieve this without using authentication?
>
Two thoughts:
- if your users are on fixed IPs you could look into using 'mynetworks'
to restrict users by their IP
- as above, but use your firewall rules and/or /etc/allow and /etc/deny
to restrict access by IP as well.
- if you implemented a VPN (virtual private network) would that gain you
anything? Combining a VPN with a private DNS service may allow you to
group all VPN members into a private domain that isn't visible outside
the VPN but that would allow you to restrict access by using
'mydomain'.

I haven't tried any these approaches )(I have no need to do what you're
trying) but they are things I would investigate if I wanted to do the
same thing.

I agree with Klaus: anything that will leave your MTA exposed to abuse
is a bad idea. Don't expose anything, even experimentally, to the public
'net until you've verified that it is secure.


--
martin@ | Martin Gregorie
gregorie. | Essex, UK
org |