Hi First off, thanks much to everyone that contributed to the http://www.howtoforge.com/postfix_antispam_mailscanner_clamav_ubuntu article. I have everything up and working great as a postfix gateway to an internal mail server. One thing I have been searching for, though, I have not been able to find. Is it possible for a postfix installation running with a blank mydestination entry to either: 1) relay to an outside network, i.e. not one listed in in the relayhost entry for users that successfully smtp auth. Basically setup postfix to relay mail to the internal server, EXCEPT for someone who can smtp auth. Those users can relay to wherever. 2) pass those smtp auth credentials to the internal mail server so that it can see a valid auth to send outside the domain? I do have auth working and tested, as well as the relaying to the proper internal mail server. I just need some guidance about letting users relay outside with the proper authorization. Thanks, Alx EDIT: Here is my /etc/postfix/main.cf which has been sanitized alias_maps = hash:/etc/aliases myorigin = test.com myhostname = spam-gw.test.com mynetworks = 127.0.0.0/8, 10.0.0.0/24, 192.168.0.1/28 message_size_limit = 10485760 local_transport = error:No local mail delivery mydestination = local_recipient_maps = virtual_alias_maps = hash:/etc/postfix/virtual relayhost = [mail.test.com] relay_recipient_maps = hash:/etc/postfix/relay_recipients transport_maps = hash:/etc/postfix/transport relay_domains = hash:/etc/postfix/relay_domains recipient_delimiter = smtpd_sasl_auth_enable = yes smtpd_helo_required = yes broken_sasl_auth_clients = yes smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access, reject_non_fqdn_sender, reject_unknown_sender_domain, permit_sasl_authenticated smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, reject_unauth_pipelining, permit_sasl_authenticated smtpd_data_restrictions = reject_unauth_pipelining header_checks = pcre:/etc/postfix/header_checks body_checks = pcre:/etc/postfix/body_checks smtpd_tls_auth_only = no smtp_use_tls = yes smtpd_use_tls = yes smtp_tls_note_starttls_offer = yes smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom
Think I fixed it Sorry for the poor form in replying to my own post, but I think I got it working, and in case someone else can use it, here it is. http://stoilis.blogspot.com/2005/09/postfix-smtp-authentication-against.html I used this page to configure saslauthd to do IMAP authentication against the internal mail server. I also removed the relayhost directive in the main.cf. http://www.postfix.org/SASL_README.html then I did some checking against the Postfix documentation and enabled the Sasl for the right recepients. Below is the main.cf that seems to work. Only authenticated users can send mail outside the domain, everyone else can send mail to the proper domain. root@mail-gateway:/etc/postfix# cat main.cf smtpd_banner = $myhostname ESMTP $mail_name alias_maps = hash:/etc/aliases myorigin = test.com myhostname = gw.test.com mynetworks = 127.0.0.0/8, 192.168.0.0/24 message_size_limit = 10485760 local_transport = error:No local mail delivery mydestination = local_recipient_maps = virtual_alias_maps = hash:/etc/postfix/virtual relayhost = relay_recipient_maps = hash:/etc/postfix/relay_recipients transport_maps = hash:/etc/postfix/transport relay_domains = hash:/etc/postfix/relay_domains recipient_delimiter = smtpd_sasl_auth_enable = yes smtpd_helo_required = yes broken_sasl_auth_clients = yes smtpd_sender_restrictions = permit_sasl_authenticated, check_sender_access hash:/etc/postfix/sender_access, reject_non_fqdn_sender, reject_unknown_sender_domain smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_unauth_pipelining smtpd_data_restrictions = reject_unauth_pipelining header_checks = pcre:/etc/postfix/header_checks body_checks = pcre:/etc/postfix/body_checks smtpd_tls_auth_only = no smtp_use_tls = yes smtpd_use_tls = yes smtp_tls_note_starttls_offer = yes smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom Anyway, thanks again for the great work and apologies for the clutter. Alx
