2015-08-19 08:11:02 -05:00
|
|
|
# Allow user to send email without smtp authentication
|
2014-09-22 21:47:49 -05:00
|
|
|
|
2018-06-01 02:18:07 -05:00
|
|
|
[TOC]
|
|
|
|
|
2016-12-14 06:10:23 -06:00
|
|
|
## Postfix
|
|
|
|
|
2018-06-01 02:18:07 -05:00
|
|
|
Create a plain text file: `/etc/postfix/sender_access.pcre`, list all
|
2015-08-19 08:11:02 -05:00
|
|
|
users' email addresses which are allowed to send email without smtp
|
|
|
|
authentication. We use user email address `user@example.com` for example:
|
2014-09-22 21:47:49 -05:00
|
|
|
|
|
|
|
```
|
2018-06-01 02:18:07 -05:00
|
|
|
/^user@example\.com$/ OK
|
2014-09-22 21:47:49 -05:00
|
|
|
```
|
|
|
|
|
2016-10-31 10:47:55 -06:00
|
|
|
It's ok to use IP address instead like below:
|
|
|
|
|
|
|
|
> For more allowed sender format, please check Postfix manual page: [access(5)](http://www.postfix.org/access.5.html).
|
|
|
|
|
|
|
|
```
|
2018-06-01 02:18:07 -05:00
|
|
|
/^192\.168\.1\.1$/ OK
|
|
|
|
/^192\.168\.2\./ OK
|
|
|
|
/^172\.16\./ OK
|
2016-10-31 10:47:55 -06:00
|
|
|
```
|
|
|
|
|
2018-06-01 02:18:07 -05:00
|
|
|
Update Postfix config file `/etc/postfix/main.cf` to use this pcre file:
|
2014-09-22 21:47:49 -05:00
|
|
|
|
|
|
|
```
|
2019-06-06 02:36:43 -05:00
|
|
|
smtpd_sender_restrictions =
|
2018-06-01 02:18:07 -05:00
|
|
|
check_sender_access pcre:/etc/postfix/sender_access.pcre,
|
2014-09-22 21:47:49 -05:00
|
|
|
[...OTHER RESTRICTIONS HERE...]
|
|
|
|
```
|
|
|
|
|
|
|
|
Restart/reload postfix to make it work:
|
|
|
|
|
|
|
|
```
|
|
|
|
# /etc/init.d/postfix restart
|
|
|
|
```
|
2016-12-14 06:10:23 -06:00
|
|
|
|
|
|
|
## iRedAPD
|
|
|
|
|
|
|
|
iRedAPD plugin `reject_sender_login_mismatch` will check forged sender address.
|
|
|
|
If sender domain is hosted on your server, but no smtp auth, it will be
|
|
|
|
considered as a forged email. In this case, iRedAPD will reject this email
|
|
|
|
(with rejection message: `Policy rejection not logged in`), so we need to
|
2018-04-04 01:33:59 -05:00
|
|
|
bypass the sender email address. If email is sent from an internal network
|
2016-12-14 06:10:23 -06:00
|
|
|
device like printer, fax, we can also its IP address directly.
|
|
|
|
|
|
|
|
* To bypass sender email address `user@example.com`, please add setting in
|
|
|
|
`/opt/iredapd/settings.py` like below:
|
|
|
|
|
|
|
|
```
|
|
|
|
ALLOWED_FORGED_SENDERS = ['user@example.com']
|
|
|
|
```
|
|
|
|
|
2017-04-12 05:11:20 -05:00
|
|
|
* To bypass sender IP address or network, for example, `192.168.0.1` and
|
2017-04-20 11:00:54 -05:00
|
|
|
`192.168.1.0/24`, please add setting in `/opt/iredapd/settings.py` like below:
|
2016-12-14 06:10:23 -06:00
|
|
|
|
|
|
|
```
|
2017-04-12 05:11:20 -05:00
|
|
|
MYNETWORKS = ['192.168.0.1', '192.168.1.0/24']
|
2016-12-14 06:10:23 -06:00
|
|
|
```
|
|
|
|
|
|
|
|
Restarting iRedAPD service is required if you updated `/opt/iredapd/settings.py`.
|
2018-06-01 02:18:07 -05:00
|
|
|
|
|
|
|
## References
|
|
|
|
|
|
|
|
* Postfix documents:
|
|
|
|
* [check_sender_access](http://www.postfix.org/postconf.5.html#check_sender_access)
|
|
|
|
* Manual page: [access(5)](http://www.postfix.org/access.5.html)
|
|
|
|
* Manual page: [pcre_table(5)](http://www.postfix.org/pcre_table.5.html)
|