Providing SMTP relay access to roaming laptop without creating an open relay...
in [Postfix]
|
Prev: Providing SMTP relay access to roaming laptop without creating anopen relay...
Next: Providing SMTP relay access to roaming laptop without creatingan open relay...
From: Magnus =?iso-8859-1?Q?B=E4ck?= on 1 Aug 2010 13:52 On Sunday, August 01, 2010 at 19:15 CEST, "Peter L. Berghold" <peter(a)berghold.net> wrote: > In pseudo code here's how I want my outside mail exchange system to > behave: > > if mail_sent_by_outside_host_to_inside_user > then > relay_to_inside_user > elsif > mail_sent_by_inside_host_to_inside_user > then > relay_to_inside_user > elsif > mail_sent_by_inside_host_to_outside_destination > then > relay_to_outside_destination > elsif mail_being_sent_by_roaming_laptop <-- need this!!! > relay_where_it_needs_to_go > else > reject This is a standard setup. Except for the roaming laptop part, it's the default configuration. Adding authentication for laptops we get this: smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination This means: * Permit local clients to send email anywhere. * Permit authenticated clients to send email anywhere. * Permit other clients to send email to hosted domains. > The part that seems broken (and that is probably a good thing) right > now is the roaming laptop part. Since I travel a lot with my laptop > both for business and personal purposes and would like my laptop to > relay mail through my server when "outside the cloud" so to speak, > what is the best approach to this without breaking the MX > functionality for my domain? > > I've read "The Book" on this subject about SASL authentication and my > fear is if I implement that I'll not be able to receive > un-authenticated hosts (such as the fine server that serves this list) > and that would be a bad thing. No. While you can configure Postfix to always require SASL authentication, with the configuration above authentication is only required for relay access which is exactly what you want. http://www.postfix.org/SASL_README.html#server_sasl -- Magnus B�ck magnus(a)dsek.lth.se |