SMTP auth issues

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

SMTP auth issues

Frank Canaan

Ok, I’ve been reading everything I can, but I seem to be getting nowhere. I am running a centos 5.1 machine with the newest postfix, dovecot ,postfix admin server. I need to allow users in our IP range to connect and send via SMTP without auth on port 25 (I know I know). I also need ONLY USERS to be able to send from outside of the network ONLY WITH auth. That’s it, it seems simple, but has eluded me. I have tried every combination of smtpd_ client_restrictions  and smtp_recipient_restrictions options I can think of! Any ideas? This machine is not defined in DNS as an MX so this shouldn’t piss off the general internet. Thanks in advance.

 

Engineering - Frank C.

 

Reply | Threaded
Open this post in threaded view
|

Re: SMTP auth issues

Sahil Tandon
Frank Canaan <[hidden email]> wrote:

> Ok, I've been reading everything I can, but I seem to be getting
> nowhere. I am running a centos 5.1 machine with the newest postfix,
> dovecot ,postfix admin server. I need to allow users in our IP range to
> connect and send via SMTP without auth on port 25 (I know I know). I
> also need ONLY USERS to be able to send from outside of the network ONLY
> WITH auth. That's it, it seems simple, but has eluded me. I have tried
> every combination of smtpd_ client_restrictions  and
> smtp_recipient_restrictions options I can think of! Any ideas? This
> machine is not defined in DNS as an MX so this shouldn't piss off the
> general internet. Thanks in advance.

Allowing users in your IP range to send sans auth is OK.  There are a few
false assumptions in your email but before getting into that, please read
http://www.postfix.org/DEBUG_README.html#mail and provide at least the output
of 'postconf -n'.

--
Sahil Tandon <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: SMTP auth issues

Noel Jones-2
In reply to this post by Frank Canaan
Frank Canaan wrote:

> Ok, I’ve been reading everything I can, but I seem to be getting
> nowhere. I am running a centos 5.1 machine with the newest postfix,
> dovecot ,postfix admin server. I need to allow users in our IP range to
> connect and send via SMTP without auth on port 25 (I know I know). I
> also need ONLY USERS to be able to send from outside of the network ONLY
> WITH auth. That’s it, it seems simple, but has eluded me. I have tried
> every combination of smtpd_ client_restrictions  and
> smtp_recipient_restrictions options I can think of! Any ideas? This
> machine is not defined in DNS as an MX so this shouldn’t piss off the
> general internet. Thanks in advance.
>
>  
>
> Engineering - Frank C.
>
>  
>


Configuring postfix and dovecot to work together is trivial
(this assumes dovecot has already been configured and is
working for IMAP/POP access, which is also fairly trivial, but
outside the scope of this list)
http://www.postfix.org/SASL_README.html#server_dovecot


Once that is working, telling postfix to "allow users in my
local network without authentication, require authentication
for relay access for everyone else" is also pretty trivial

Background information to get you started:
http://www.postfix.org/BASIC_CONFIGURATION_README.html
http://www.postfix.org/SOHO_README.html
http://www.postfix.org/STANDARD_CONFIGURATION_README.html
http://www.postfix.org/postconf.5.html
the http://www.postfix.org/documentation.html page is a wealth
of authoritative information.

If this is a general purpose MTA that accepts local mail from
the general internet, your config would look like:
# main.cf
mynetworks = 127.0.0.0/24, 192.168.1.0/24
smtpd_recipient_restrictions =
   permit_mynetworks
   permit_sasl_authenticated
   reject_unauth_destination
   ... optional UCE controls here ...

smtpd_{client, helo, sender}_restrictions should all be left
empty; all your restrictions go into smtpd_recipient_restrictions.

If you don't want to receive any mail from the internet, it's just
mynetworks = 127.0.0.0/24, 192.168.1.0/24
smtpd_recipient_restrictions =
   permit_mynetworks
   permit_sasl_authenticated
   reject

You may want to encrypt the data stream to protect privacy of
passwords, please see:
http://www.postfix.org/TLS_README.html#quick-start
http://www.postfix.org/postconf.5.html#smtpd_tls_auth_only

You may want to enable the "submission" service on port 587 so
your users can send mail when they are using an ISP that
blocks port 25 access.  Do this by uncommenting the
"submission" line in master.cf then "postfix stop" and
"postfix start".

--
Noel Jones