Hi, I am trying to configure my postfix server to allow two types of users: trusted and authenticated The trusted users are sending from a set of IP addresses and I don't require them to authenticate since this has occurred up stream. The authenticated users are using thirdparty clients like t-bird.
I am running into a problem where the trusted clients are being rejected on the mail from command. I suspect this is because of the reject_sender_login_mismatch configuration which to my understanding is required for authenticated clients. When I add 'smtpd_sasl_exceptions_networks = 2.2.2.2, 3.3.3.3', postfix for those systems no longer advertise the authentication capability. However, I get an error on 'mail from' command - 'Sender address rejected: not logged in'. How can I configure postfix to support both types of users? command_directory = /opt/zimbra/postfix-2.5.1/sbin config_directory = /opt/zimbra/postfix-2.5.1/conf daemon_directory = /opt/zimbra/postfix-2.5.1/libexec data_directory = /opt/zimbra/postfix-2.5.1/data debug_peer_level = 2 disable_vrfy_command = no html_directory = no mail_name = MUA Interface mail_owner = postfix mailq_path = /opt/zimbra/postfix-2.5.1/sbin/mailq manpage_directory = /opt/zimbra/postfix-2.5.1/man message_size_limit = 23000000 mydestination = mynetworks = newaliases_path = /opt/zimbra/postfix-2.5.1/sbin/newaliases queue_directory = /opt/zimbra/postfix-2.5.1/spool readme_directory = no sample_directory = /opt/zimbra/postfix-2.5.1/conf sendmail_path = /opt/zimbra/postfix-2.5.1/sbin/sendmail setgid_group = postdrop smtpd_client_restrictions = permit_sasl_authenticated, reject_unauth_pipelining smtpd_data_restrictions = reject_unauth_pipelining smtpd_delay_reject = no smtpd_etrn_restrictions = reject smtpd_helo_required = yes smtpd_helo_restrictions = smtpd_recipient_limit = 100 smtpd_recipient_restrictions = permit_sasl_authenticated, reject_sender_login_mismatch, reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_exceptions_networks = 2.2.2.2, 3.3.3.3 smtpd_sasl_path = smtpd smtpd_sasl_security_options = noanonymous smtpd_sender_login_maps = ldap:/opt/zimbra/conf/ldap-vam.cf smtpd_sender_restrictions = reject_non_fqdn_sender, reject_unlisted_sender, reject_sender_login_mismatch, check_sender_access ldap:/opt/zimbra/conf/ldap-sender.cf, reject smtpd_tls_CAfile = /opt/zimbra/conf/cacert.pem smtpd_tls_auth_only = no smtpd_tls_cert_file = /opt/zimbra/conf/smtpd.crt smtpd_tls_key_file = /opt/zimbra/conf/smtpd.key smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s smtpd_use_tls = yes tls_random_source = dev:/dev/urandom transport_maps = ldap:/opt/zimbra/conf/ldap-transport.cf unknown_local_recipient_reject_code = 550 virtual_transport = error Any help is greatly appreciated. Charles _________________________________________________________________ Get more out of the Web. Learn 10 hidden secrets of Windows Live. http://windowslive.com/connect/post/jamiethomson.spaces.live.com-Blog-cns!550F681DAD532637!5295.entry?ocid=TXT_TAGLM_WL_domore_092008
