Providing SMTP relay access to roaming laptop without creating anopen relay...
in [Postfix]
|
Prev: Separate Submission Instance on Same IP as MX
Next: Providing SMTP relay access to roaming laptop without creating an open relay...
From: "Peter L. Berghold" on 1 Aug 2010 13:15 Hi folks, In pseudo code here's how I want my outside mail exchange system to behave: if mail_sent_by_outside_host_to_inside_user then relay_to_inside_user elsif mail_sent_by_inside_host_to_inside_user then relay_to_inside_user elsif mail_sent_by_inside_host_to_outside_destination then relay_to_outside_destination elsif mail_being_sent_by_roaming_laptop <-- need this!!! relay_where_it_needs_to_go else reject The part that seems broken (and that is probably a good thing) right now is the roaming laptop part. Since I travel a lot with my laptop both for business and personal purposes and would like my laptop to relay mail through my server when "outside the cloud" so to speak, what is the best approach to this without breaking the MX functionality for my domain? I've read "The Book" on this subject about SASL authentication and my fear is if I implement that I'll not be able to receive un-authenticated hosts (such as the fine server that serves this list) and that would be a bad thing. Can somebody point me in the right direction and hopefully not screw this up? -- Peter L. Berghold, Australian Cattle Dog Owner, Agility Fan, Foodie, Salty Old Dog and Old School Unix Hacker. Skype: cowdawg "Those who fail to learn from history are condemned to repeat it"
From: Wietse Venema on 1 Aug 2010 13:56
Peter L. Berghold: > Hi folks, > > In pseudo code here's how I want my outside mail exchange system to > behave: > On the Postfix server: /etc/postfix/main.cf: smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated <- for the roaming laptop ... reject_unauth_destination ... Then configure the Postfix server for SASL (to authenticate the roaming laptop) and perhaps TLS encryption (to protect the login sequence). http://www.postfix.org/SASL_README.html#server_sasl http://www.postfix.org/TLS_README.html#server_tls Wietse |