On Fri, May 25, 2018 at 09:37:07PM +0200, Walter Alejandro Iglesias wrote: > On Fri, May 25, 2018 at 03:58:59PM +0300, Consus wrote: > > On 14:31 Fri 25 May, Gilles Chehade wrote: > > > On Fri, May 25, 2018 at 02:20:50PM +0200, Walter Alejandro Iglesias wrote: > > > > Could someone tell me if my changes below are OK. :-) > > > > > > > > The part I'm not clear is I read in current.html remote authenticated > > > > users need a explicit rule. Do I need to add some "match auth" rule? > > > > > > > > > > yes. > > > > > > before, "from local" would match authenticated users as if they had sent > > > mail from the local machine but this led to being unable to express some > > > setups where depending on the source you want to relay to different hubs > > > even though users are authenticated. > > > > > > > > > With this: > > > > > > > match from local for local apply local_users > > > > match from any for domain <vdomains> virtual <valiases> apply > > > > local_users > > > > match from local sender <addresses> for any apply remote_users > > > > > > you need an additonal rule such as: > > > > > > match auth from any sender <addresses> for any apply remote_users > > > > > > > > > because: > > > > > > > #accept from local sender <addresses> for any relay > > > > > > no longer matches authenticated users > > > > Ain't it "action local_users" instead of "apply local_users"? The man > > page states "action". > > I took the "apply" from here: > > https://undeadly.org/cgi?action=article;sid=20180430122930 > > Now reading this: > > https://poolp.org/posts/2018-05-21/switching-to-opensmtpd-new-config/ > > I see I also have to change the "certificate" keyword to "cert" here: > > pki $server cert "/etc/ssl/server.crt" > > > Gilles, I also saw the "ca" directive. I've been using the acme > certificates in pki directives, can I use them in the "ca" directive > too? (any advantage in doing this?) >
don't touch a knob if you don't KNOW that you absolutely need it. I know why some people would like to use a custom CA certificate instead of the one shipped with the system, I don't know why YOU should do it so if you are asking I can only guess you are going to break your setup. -- Gilles Chehade https://www.poolp.org @poolpOrg
