Prev: limit messages per connection
Next: smtpd_recipient_restrictions has no effect
From: Rich Wales on 30 May 2010 02:24
I'm running Postfix 2.6.5.

Is there any way to specify that sender-dependent SASL password data
should be used only when talking to one specific relay host?

Depending on the destination of a message, I need to use two different
relay hosts (defined in transport_maps). One of these relays demands
authentication via a sender-dependent username and password -- but the
other relay doesn't need (or want) any authentication at all.

Right now, my Postfix setup is insisting on trying to authenticate based
solely on the sender address, no matter which relay host the message is
using -- and this is messing up delivery to the relay that doesn't need
or want to see authentication.

A related question would be how I can specify different sets of sender-
dependent passwords for different relay hosts -- i.e., a given sender
address would use one username/password when sending to one relay, and
a different username/password when sending to another relay. But for
the moment, I'd be content simply to have authentication for one and
only one of the relays I need to use.

--
Rich Wales
richw(a)richw.org

From: Wietse Venema on 30 May 2010 09:02
Rich Wales:
[ Charset UTF-8 unsupported, converting... ]
> I'm running Postfix 2.6.5.
>
> Is there any way to specify that sender-dependent SASL password data
> should be used only when talking to one specific relay host?

The SASL info is per relay host - Postfix isn't going to send the
same password to all ISPs.

> Depending on the destination of a message, I need to use two different
> relay hosts (defined in transport_maps). One of these relays demands
> authentication via a sender-dependent username and password -- but the
> other relay doesn't need (or want) any authentication at all.
>
> Right now, my Postfix setup is insisting on trying to authenticate based
> solely on the sender address, no matter which relay host the message is
> using -- and this is messing up delivery to the relay that doesn't need
> or want to see authentication.

This is not how Postfix works. If you believe otherwise YOU must
provide evidence. I refer to the mailing list welcome message
which you have ignored.

TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail

TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html

Thank you for using Postfix.

From: Wietse Venema on 31 May 2010 08:16
Rich Wales:
> Now, here's my problem. I want to be able to do special handling of
> mail to a subdomain (sandals.richw.org). Mail for this subdomain
> should be relayed via its own server (sandals.richw.org, as shown in
> my "transport" file) -- and this alternate relay host should *not*
> require any authentication.

If sandals.richw.org should not require SASL authentication, then
you should not turn on SASL authentication on sandals.richw.org.

Wietse

From: Rich Wales on 31 May 2010 11:48
> If sandals.richw.org should not require SASL authentication, then
> you should not turn on SASL authentication on sandals.richw.org.

Ah. Indeed, I had inadvertently enabled SASL authentication in the
Sandals SMTP server (smtpd_sasl_auth_enable = yes in that server's
Postfix configuration). This is turned off now. Thanks.

Am I correct, though, in understanding that if I use sender-dependent
authentication (smtp_sender_dependent_authentication = yes), then any
given sender address (with a username / password specified in Postfix's
SASL password map) is always going to use the same sender-dependent
username / password info for *all* relay hosts that need authentication?

In other words, if I need a given sender address to use one username
/ password when sending something to relay host A -- and a different
username / password when that same sender is sending something to relay
host B -- am I currently out of luck?

Rich Wales
richw(a)richw.org

From: Wietse Venema on 31 May 2010 12:09
Rich Wales:
> > If sandals.richw.org should not require SASL authentication, then
> > you should not turn on SASL authentication on sandals.richw.org.
>
> Ah. Indeed, I had inadvertently enabled SASL authentication in the
> Sandals SMTP server (smtpd_sasl_auth_enable = yes in that server's
> Postfix configuration). This is turned off now. Thanks.
>
> Am I correct, though, in understanding that if I use sender-dependent
> authentication (smtp_sender_dependent_authentication = yes), then any
> given sender address (with a username / password specified in Postfix's
> SASL password map) is always going to use the same sender-dependent
> username / password info for *all* relay hosts that need authentication?

You're supposed to use sender-dependent AUTHENTICATION in combination
with sender-dependent RELAYHOST. Otherwise, it makes no sense.

Wietse

 |  Next  |  Last
Pages: 1 2
Prev: limit messages per connection
Next: smtpd_recipient_restrictions has no effect