>> And also make sure that local deliveries are only allowed either from
>> authenticated senders OR non-local senders.
>> Put that the other way round, don't accept local senders outside of
>> authenticated sessions.
>>
>> I do this by separating the MUA submissions and inbound messages. MUA on
>> port 587 and normal inbound SMTP on port 25. Adding TLS/SSL as an
>> option, if you like to.
>> On 587 only authenticated sessions are ever allowed to send any messages
>> and on port 25 no messages are allowed to be sent with a sender address
>> out of a local domain.
>
> Hi Oliver,
>
> Do you care to provide some config snippets?
>
Sure, here we go.
Main part of the configuration
# Port 25 for inbound, 587 for submission
daemon_smtp_port = 25 : 587
# Port 25 or local is MTA
IS_MTA_PORT = or{ \
{eq{$interface_port}{25}} \
{eq{$interface_port}{-1}} \
}
# ACL Pointers for MTA and MUA
acl_smtp_rcpt = ${if IS_MTA_PORT {acl_check_rcpt}{acl_check_rcpt_mua}}
For the ACL part, try the easy bits first, MUA, this is pretty much a
complete example which should work.
As you will see, I don't have the submission-mode on, as I allow my
users to use different sender addresses, but I do check that they are
valid. For the empty sender, like automated replays, the null-sender is
accepted as well. No more checks like validity of recipient domain or
the like, as MUA, esp M$ ones, chock on 55x rejects and don't report
back much information about the reason. So send them a "normal" NDM.
acl_check_rcpt_mua:
# MUA must authenticate
deny message = Authentication is required to send messages
log_message = SMTP-SUBMISSION-NO-AUTHENTICATION
!authenticated = *
# If a null-sender is given, go on with it, can't do anything more
accept senders = :
# Accept the message, if the sender email address is from the local system
accept sender_domains = +local_domains
verify = sender
deny message = Sender address not valid.
log_message = SMTP-SUBMISSION-SENDER-NOT-VALID
On the MTA side, I've only included a tiny fragment relevant to the case.
acl_check_rcpt:
[... some initial checks ...]
# Deny if sender is local
deny sender_domains = +local_domains
log_message = SMTP-SENDER-ADDRESS-AUTH-ONLY
message = Sender Domain only allowed on authenticated
submission port sessions
[... loads more checks ...]
Does this help?
Oliver
