[2024-09-22 16:04] Christian Schulte <c...@schulte.it> > On 22.09.24 15:35, Christian Schulte wrote: > > On 22.09.24 12:16, Philipp wrote: > >> [2024-09-22 09:39] Christian Schulte <c...@schulte.it> > >>> > >>> [snip] > >>> > >> > >> There are several problems: > >> > >> First of all it's not that simple to know for wich domains your server > >> is reponsible for. Yes you could check MX recourds and lookup the A > >> and AAAA records. But a negativ match isn't true, because you might > >> be a MX later in the chain or run behind some NAT. > >> > >> Next when you have a server for outgoing mails and one for incomming > >> mails the mails within the domain might just be relayed like any other > >> mail. This way the mails for the "own" domain also flowin like other > >> mails from extern. There are other setups where your check wouldn't > >> work. > > If a SMTP daemon does not know about which domains it is responsible > for, I would rate such a setup as broken by design. That would mean > someone has given up lots of control about the setup. Doing all kinds of > routing solely based on network addresses and such giving up on SMTP > semantics, I do not understand why that may make sense.
You miss the point. OpenSMTPD don't differentiate beween domains. It has an envelope and search the first rule which matches. Then handles the envelope acording to the configured action. This match can be configured based on the smtp sender, if you want it this way. But from the smtpd view this is just another match rule not more not less. Requirering auth for some smtp senders doesn't fit in the way OpenSMTPD is programmed. It would require a complete rewrite of the envelope handling and I would say this also would limit the flexibility of the config. No this doesn't give up SMTP semantic. You can route an envelope based on the sender. Some users are just fine with the routing based on the smtp client (mostly localhost or anyone else), if the client is authenticated and the recipient. Philipp > -- > Christian > >