2015-08-19 08:11:02 -05:00
|
|
|
# Allow user to send email without smtp authentication
|
2014-09-22 21:47:49 -05:00
|
|
|
|
2016-12-14 06:10:23 -06:00
|
|
|
## Postfix
|
|
|
|
|
2015-08-19 08:11:02 -05:00
|
|
|
Create a plain text file: `/etc/postfix/accepted_unauth_senders`, list all
|
|
|
|
users' email addresses which are allowed to send email without smtp
|
|
|
|
authentication. We use user email address `user@example.com` for example:
|
2014-09-22 21:47:49 -05:00
|
|
|
|
|
|
|
```
|
2015-08-19 08:11:02 -05:00
|
|
|
user@example.com OK
|
2014-09-22 21:47:49 -05:00
|
|
|
```
|
|
|
|
|
2016-10-31 10:47:55 -06:00
|
|
|
It's ok to use IP address instead like below:
|
|
|
|
|
|
|
|
> For more allowed sender format, please check Postfix manual page: [access(5)](http://www.postfix.org/access.5.html).
|
|
|
|
|
|
|
|
```
|
|
|
|
192.168.1.1 OK
|
|
|
|
192.168.2 OK
|
|
|
|
172.16 OK
|
|
|
|
```
|
|
|
|
|
2015-08-19 08:11:02 -05:00
|
|
|
Create hash db file with `postmap` command:
|
2014-09-22 21:47:49 -05:00
|
|
|
|
|
|
|
```
|
2014-09-22 22:13:40 -05:00
|
|
|
# postmap hash:/etc/postfix/accepted_unauth_senders
|
2014-09-22 21:47:49 -05:00
|
|
|
```
|
|
|
|
|
2015-08-19 08:11:02 -05:00
|
|
|
Modify Postfix config file `/etc/postfix/main.cf` to use this text file:
|
2014-09-22 21:47:49 -05:00
|
|
|
|
|
|
|
```
|
|
|
|
smtpd_sender_restrictions =
|
|
|
|
check_sender_access hash:/etc/postfix/accepted_unauth_senders,
|
|
|
|
[...OTHER RESTRICTIONS HERE...]
|
|
|
|
```
|
|
|
|
|
|
|
|
Restart/reload postfix to make it work:
|
|
|
|
|
|
|
|
```
|
|
|
|
# /etc/init.d/postfix restart
|
|
|
|
```
|
2016-12-14 06:10:23 -06:00
|
|
|
|
|
|
|
## iRedAPD
|
|
|
|
|
|
|
|
iRedAPD plugin `reject_sender_login_mismatch` will check forged sender address.
|
|
|
|
If sender domain is hosted on your server, but no smtp auth, it will be
|
|
|
|
considered as a forged email. In this case, iRedAPD will reject this email
|
|
|
|
(with rejection message: `Policy rejection not logged in`), so we need to
|
|
|
|
bypass either sender email address. If email is sent by an internal network
|
|
|
|
device like printer, fax, we can also its IP address directly.
|
|
|
|
|
|
|
|
* To bypass sender email address `user@example.com`, please add setting in
|
|
|
|
`/opt/iredapd/settings.py` like below:
|
|
|
|
|
|
|
|
```
|
|
|
|
ALLOWED_FORGED_SENDERS = ['user@example.com']
|
|
|
|
```
|
|
|
|
|
2017-04-12 05:11:20 -05:00
|
|
|
* To bypass sender IP address or network, for example, `192.168.0.1` and
|
2017-04-20 11:00:54 -05:00
|
|
|
`192.168.1.0/24`, please add setting in `/opt/iredapd/settings.py` like below:
|
2016-12-14 06:10:23 -06:00
|
|
|
|
|
|
|
```
|
2017-04-12 05:11:20 -05:00
|
|
|
MYNETWORKS = ['192.168.0.1', '192.168.1.0/24']
|
2016-12-14 06:10:23 -06:00
|
|
|
```
|
|
|
|
|
|
|
|
Restarting iRedAPD service is required if you updated `/opt/iredapd/settings.py`.
|