AlxRogan
6th February 2007, 19:30
Hi
First off, thanks much to everyone that contributed to the http://www.howtoforge.com/postfix_antispam_mailscanner_clamav_ubuntu article. I have everything up and working great as a postfix gateway to an internal mail server. One thing I have been searching for, though, I have not been able to find. Is it possible for a postfix installation running with a blank mydestination entry to either:
1) relay to an outside network, i.e. not one listed in in the relayhost entry for users that successfully smtp auth. Basically setup postfix to relay mail to the internal server, EXCEPT for someone who can smtp auth. Those users can relay to wherever.
2) pass those smtp auth credentials to the internal mail server so that it can see a valid auth to send outside the domain?
I do have auth working and tested, as well as the relaying to the proper internal mail server. I just need some guidance about letting users relay outside with the proper authorization.
Thanks,
Alx
EDIT: Here is my /etc/postfix/main.cf which has been sanitized
alias_maps = hash:/etc/aliases
myorigin = test.com
myhostname = spam-gw.test.com
mynetworks = 127.0.0.0/8, 10.0.0.0/24, 192.168.0.1/28
message_size_limit = 10485760
local_transport = error:No local mail delivery
mydestination =
local_recipient_maps =
virtual_alias_maps = hash:/etc/postfix/virtual
relayhost = [mail.test.com]
relay_recipient_maps = hash:/etc/postfix/relay_recipients
transport_maps = hash:/etc/postfix/transport
relay_domains = hash:/etc/postfix/relay_domains
recipient_delimiter =
smtpd_sasl_auth_enable = yes
smtpd_helo_required = yes
broken_sasl_auth_clients = yes
smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access, reject_non_fqdn_sender, reject_unknown_sender_domain, permit_sasl_authenticated
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, reject_unauth_pipelining, permit_sasl_authenticated
smtpd_data_restrictions = reject_unauth_pipelining
header_checks = pcre:/etc/postfix/header_checks
body_checks = pcre:/etc/postfix/body_checks
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
First off, thanks much to everyone that contributed to the http://www.howtoforge.com/postfix_antispam_mailscanner_clamav_ubuntu article. I have everything up and working great as a postfix gateway to an internal mail server. One thing I have been searching for, though, I have not been able to find. Is it possible for a postfix installation running with a blank mydestination entry to either:
1) relay to an outside network, i.e. not one listed in in the relayhost entry for users that successfully smtp auth. Basically setup postfix to relay mail to the internal server, EXCEPT for someone who can smtp auth. Those users can relay to wherever.
2) pass those smtp auth credentials to the internal mail server so that it can see a valid auth to send outside the domain?
I do have auth working and tested, as well as the relaying to the proper internal mail server. I just need some guidance about letting users relay outside with the proper authorization.
Thanks,
Alx
EDIT: Here is my /etc/postfix/main.cf which has been sanitized
alias_maps = hash:/etc/aliases
myorigin = test.com
myhostname = spam-gw.test.com
mynetworks = 127.0.0.0/8, 10.0.0.0/24, 192.168.0.1/28
message_size_limit = 10485760
local_transport = error:No local mail delivery
mydestination =
local_recipient_maps =
virtual_alias_maps = hash:/etc/postfix/virtual
relayhost = [mail.test.com]
relay_recipient_maps = hash:/etc/postfix/relay_recipients
transport_maps = hash:/etc/postfix/transport
relay_domains = hash:/etc/postfix/relay_domains
recipient_delimiter =
smtpd_sasl_auth_enable = yes
smtpd_helo_required = yes
broken_sasl_auth_clients = yes
smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access, reject_non_fqdn_sender, reject_unknown_sender_domain, permit_sasl_authenticated
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, reject_unauth_pipelining, permit_sasl_authenticated
smtpd_data_restrictions = reject_unauth_pipelining
header_checks = pcre:/etc/postfix/header_checks
body_checks = pcre:/etc/postfix/body_checks
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom