Prev: /usr/lib/postfix/smtp: bad command startup -- throttling
Next: Send Message when reject_unknown_hostname is invoked
From: Rachid Abdelkhalak on 13 Aug 2010 12:14

Hello List,

I want to force my users to authenticate using the SMTP auth even if they
are sending emails from computers including in mynetwork range.

Here is a parts from my main.cf

mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mynetworks = 10.78.0.0/16, 10.82.0.0/19, 127.0.0.0/32
relay_domains = $mydestination, $mydomain
relayhost = [192.168.10.2]
smtpd_sender_restrictions =
permit_sasl_authenticated
permit_mynetworks


With that configuration, all emails are relayed through the mail even if i
disable the auth in my email client, it pass through also even if i change
the sender email address with every thing else in my mail client.

Do you have any idea that can help ?

Best regards.


--
|-Rachid Abdelkhalak
|-Network Security Engineer, MTDS
|-in morocco 080200MTDS
|-direct +212(0)537278820
|-mobile +212(0)661173437
|-14, rue 16 novembre
|-Rabat 10080 Kingdom of Morocco

From: Gary Smith on 13 Aug 2010 12:26


> Here is a parts from my main.cf
>
> mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
> mynetworks = 10.78.0.0/16, 10.82.0.0/19, 127.0.0.0/32
> relay_domains = $mydestination, $mydomain
> relayhost = [192.168.10.2]
> smtpd_sender_restrictions =
> permit_sasl_authenticated
> permit_mynetworks
>

mynetworks = 127.0.0.0/32

If you leave in your network range, you are saying they can send without authentication. Permit_sasl_authenticated will fall through to permit_networks.

From: Jan Kohnert on 13 Aug 2010 12:27
Rachid Abdelkhalak schrieb:
> mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
> mynetworks = 10.78.0.0/16, 10.82.0.0/19, 127.0.0.0/32
> relay_domains = $mydestination, $mydomain
> relayhost = [192.168.10.2]
> smtpd_sender_restrictions =
> permit_sasl_authenticated
> permit_mynetworks
>
>
> With that configuration, all emails are relayed through the mail even if i
> disable the auth in my email client, it pass through also even if i change
> the sender email address with every thing else in my mail client.

You are testing from a maschine within the mynetworks range, I suppose. Try
changing mynetworks to 127.0.0.0/8 if you want authentication from all
maschines except localhost.

--
MfG Jan
From: Michael Orlitzky on 13 Aug 2010 15:14
On 08/13/2010 12:14 PM, Rachid Abdelkhalak wrote:
>
> Hello List,
>
> I want to force my users to authenticate using the SMTP auth even if
> they are sending emails from computers including in mynetwork range.

If you do not want to permit the hosts in $mynetworks, do not
permit_mynetworks.

 | 
Pages: 1
Prev: /usr/lib/postfix/smtp: bad command startup -- throttling
Next: Send Message when reject_unknown_hostname is invoked