| View previous topic :: View next topic |
| Author |
Message |
henning_bravo
Apprentice
Joined: 11 Apr 2007
Posts: 197
|
 Posted: Fri Jan 11, 2008 7:40 am Post subject: Allow from where? Postfix |
 |
|
Hello!
I'm following this quide for postfix mailserver. I'm kinda stuck where I shall allow and reject (mynetworks and mynetworks_class) I would rather like to allow all. No matter where they come from. Instead I would like to restrict by username and password. Maybe this is stupid? If not, please tell me how I would do it.
If it make a change the mailserver will only be available to me and a few friends.
Thanks! |
|
| Back to top |
|
 |
kashani
Advocate
Joined: 02 Sep 2002
Posts: 2032
Location: San Francisco
|
| Posted: Fri Jan 11, 2008 8:39 am Post subject: |
|
|
There are a couple of different access controls you need to touch and they are mostly concerned with who is allow to send mail from your server to another. Your server will accept connections from anywhere, but it'll only accept mail bound for one of its configured domains. Here is generally what your config is going to look like.
| Code: |
# local settings
myhostname = host.domain.com
mydomain = domain.com
myorigin = $myhostname
inet_interfaces = all
mydestination = $myhostname, $mydomain, localhost.$mydomain, localhost
mynetworks_style = subnet
mynetworks = 127.0.0.0/8
# attachment filtering, optional and will need to be created
#mime_header_checks = regexp:/etc/postfix/mime_header_checks.regexp
# Size settings, optional and default message size is 10M
#message_size_limit= 112400000
#mailbox_size_limit = 224800000
# SASL settings, to allow remote users to use smpt-auth
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =
smtpd_recipient_restrictions =
reject_non_fqdn_recipient
reject_non_fqdn_sender
reject_unknown_recipient_domain
permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination
permit
smtpd_sender_restrictions = reject_unknown_sender_domain
|
You're going to want to set any domain you want to receive email for in mydestination. For Mynetworks you only want to put IPs that you want to be able to use your mail server to send mail without any authentication. On my server I only allow localhost to do that so that local scripts can send me alerts.
In order to allow other people to send mail through your server, you need to config cyrus-sasl. The Postfix config is included, but you might need to tweak it's config.
Lastly you need to put all this together under smtpd_recipient_restrictions which will tell you server what's allow and not allowed.
kashani
_________________
Will personally fix your server in exchange for motorcycle related shop tools in good shape. |
|
| Back to top |
|
|
henning_bravo
Apprentice
Joined: 11 Apr 2007
Posts: 197
|
| Posted: Fri Jan 11, 2008 11:42 am Post subject: |
|
|
Hey, and thanks!
I will look in to that as soon as I get some other things working which I need help with.
I cant either use SMTP or IMAP. For SMTP my client says that it can't connect. And for IMAP it says that the user or password is invalid.
What do you need from me? |
|
| Back to top |
|
|
|
Networking & Security
