Hello! I run a simple OpenSMTPD mail server for my own domain on my custom Linux machine. The mail server should dispatch mails for @486.hu addresses locally on the machine. If the recipient is not in the 486.hu domain, it must use my ISP's smarthost to relay.
I've successfully managed to create a simple config file to handle these. Unfortunately, relaying is configured so badly that external "visitors" without SMTP authentication can send mails (spams actually) using my OpenSMPTD instance (which happily sends out the mails using my ISP's smarthost, which uses TLS encryption and authentication). I'd like to change somehow the config to let authenticated users only use my OpenSMPTD as a relay. Authentication should be based on the machine's local user and password table (/etc/passwd). I tried "listen on ... auth ..." but it complained about the lack of TLS/smtps. I also tried "accept authenticated ..." without any use (and I believe this is not exactly meant for what I want). Tried "reject ! authenticated ..." without any success. Please help me to assemble a correct config file. I want all SMTP accesses to be rejected if authentication fails against the machine's local user/password table. It shouldn't be possible to use my machine as a relay without successful authentication... Thanks, regards, --------------------------------------------------------- /etc/smtpd/smtpd.conf: table cred file:/etc/smtpd/cred listen on eth0 port 25 hostname mail.486.hu listen on localhost port 25 hostname mail.486.hu # Storing mails arriving at the domain '486.hu'. accept from any for domain 486.hu deliver to mbox # If the recipient is out of domain '486.hu', the mail is relayed through the # smarthost using TLS and authentication, see 'cred' file. accept from any for ! domain 486.hu relay via tls+auth://[email protected] auth <cred> --------------------------------------------------------- /etc/smtpd/cred (for smarthost authentication): t-online [email protected]:VERY_SECURE_PASSWORD -- Selmeci Tamás http://www.486.hu/ -- You received this mail because you are subscribed to [email protected] To unsubscribe, send a mail to: [email protected]
