On 11 Oct 2010, at 17:14, John Baldwin wrote: >> TLS and authenticated email submission by me and my family >> able to forward the email anywhere (maybe just to my ISP but who >> knows) (outgoing) >> non TLS submission from outside to reject all mail not to >> elischer.{org,com} >> and deliver our mail to mailboxes or gmail (or where-ever /etc/aliases >> says.).
I do pretty much this; from my *.mc: 1. Keys as usual - with limited CA trusted define(`confCACERT', `/etc/pikmeer.webweaving.org.pem') define(`confCACERT_PATH', `/etc/ca-trusted') define(`confSERVER_CERT', `/etc/pikmeer.webweaving.org.pem') define(`confSERVER_KEY', `/etc/pikmeer.webweaving.org.key') And then at the bottom: dnl accept signed certs too - equivalent to SASL authenticated LOCAL_RULESETS SLocal_check_rcpt R$* $: $&{verify} ROK $# OK And then in the access file or ct/cw file just allow relay for , in your case, elisher. I do the verify as a local ruleset - as I also allow a SASL TRUST_AUTH_MECH(`DIGEST-MD5 CRAM-MD5') define(`confAUTH_MECHANISMS', `DIGEST-MD5 CRAM-MD5 ') dnl define(`confDEF_AUTH_INFO', `/etc/mail/auth-info') define(`confDONT_BLAME_SENDMAIL',`GroupReadableSASLDBFile') define(`confDONT_BLAME_SENDMAIL',`GroupReadableSASLFile') define(`confRUN_AS_USER',`root:mail') on any SSL inbounds in lieu of a cert. Dw._______________________________________________ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "freebsd-hackers-unsubscr...@freebsd.org"