elmau
/
iredmail-doc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

New: allow.send.without.smtp.auth.html. 

Deprecated: allow.user.to.send.email.without.authentication.html.
This commit is contained in:
Zhang Huangbin 2020-05-02 11:17:28 +08:00
parent 94e8f59dca
commit 520cc8409e
4 changed files with 178 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
en_US/howto/allow.user.to.send.email.without.authentication.md → en_US/howto/0-allow.user.to.send.email.without.authentication.md
View File

@ -2,6 +2,12 @@
[TOC]
!!! attention
This tutorial applies to iRedMail-0.9.9 and earlier releases. If you're
running a later release, please follow
[this tutorial](./allow.send.without.smtp.auth.html) instead.
## Postfix
Create a plain text file: `/etc/postfix/sender_access.pcre`, list all

71
en_US/howto/allow.send.without.smtp.auth.md Normal file
View File

@ -0,0 +1,71 @@
# Allow some user to send email without smtp authentication
[TOC]
!!! attention
This tutorial applies to iRedMail-1.0 and later releases. If you're running
an iRedMail-0.9.9 or earlier release, please follow
[this tutorial](./allow.user.to.send.email.without.authentication.html) instead.
## Postfix
Open file `/etc/postfix/sender_access.pcre` (Linux/OpenBSD) or
`/usr/local/etc/postfix/sender_access.pcre` (FreeBSD), append the user's email
address which you're going to allow to send email without smtp
authentication. We use email address `user@example.com` for example here.
```
/^user@example\.com$/ OK
```
It's ok to use IP address instead like below if you want to allow all emails
sent from this IP address:
```
/^192\.168\.1\.1$/ OK
/^192\.168\.2\./ OK
/^172\.16\./ OK
```
!!! attention
* File `sender_access.pcre` is in pcre format, check Postfix manual page
[PCRE_TABLE(5)](http://www.postfix.org/pcre_table.5.html) for more details.
* For more allowed sender or IP address/network format, please check
Postfix manual page: [access(5)](http://www.postfix.org/access.5.html).
Now restart or reload postfix to make it work:
```
postfix reload
```
## iRedAPD
iRedAPD plugin `reject_sender_login_mismatch` checks forged sender address.
If sender domain is hosted on your server, but email was sent without smtp
auth, it's considered as a forged email, and iRedAPD rejects this email
(with rejection message: `SMTP AUTH is required for users under this sender
domain`).
* To allow sending email without smtp authentication for user
`user@example.com`, please add parameter `ALLOWED_FORGED_SENDERS` in
iRedAPD config file `/opt/iredapd/settings.py` like below. If this parameter
already exists, please append the user email address in the list.
You can find default value and detailed comment about this parameter
in file `/opt/iredapd/libs/default_settings.py`.
```
ALLOWED_FORGED_SENDERS = ['user@example.com']
```
* To bypass sender IP address or network, for example, `192.168.0.1` and
`192.168.1.0/24`, please add setting in `/opt/iredapd/settings.py` like below:
```
MYNETWORKS = ['192.168.0.1', '192.168.1.0/24']
```
Restarting iRedAPD service is required if you updated `/opt/iredapd/settings.py`.

100
html/allow.send.without.smtp.auth.html Normal file
View File

@ -0,0 +1,100 @@
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Allow some user to send email without smtp authentication</title>
<link rel="stylesheet" type="text/css" href="./css/markdown.css" />
</head>
<body>
<div id="navigation">
<a href="https://www.iredmail.org" target="_blank">
<img alt="iRedMail web site"
src="./images/logo-iredmail.png"
style="vertical-align: middle; height: 30px;"
/>&nbsp;
<span>iRedMail</span>
</a>
&nbsp;&nbsp;//&nbsp;&nbsp;<a href="./index.html">Document Index</a></div><h1 id="allow-some-user-to-send-email-without-smtp-authentication">Allow some user to send email without smtp authentication</h1>
<div class="toc">
<ul>
<li><a href="#allow-some-user-to-send-email-without-smtp-authentication">Allow some user to send email without smtp authentication</a><ul>
<li><a href="#postfix">Postfix</a></li>
<li><a href="#iredapd">iRedAPD</a></li>
</ul>
</li>
</ul>
</div>
<div class="admonition attention">
<p class="admonition-title">Attention</p>
<p>This tutorial applies to iRedMail-1.0 and later releases. If you're running
an iRedMail-0.9.9 or earlier release, please follow
<a href="./allow.user.to.send.email.without.authentication.html">this tutorial</a> instead.</p>
</div>
<h2 id="postfix">Postfix</h2>
<p>Open file <code>/etc/postfix/sender_access.pcre</code> (Linux/OpenBSD) or
<code>/usr/local/etc/postfix/sender_access.pcre</code> (FreeBSD), append the user's email
address which you're going to allow to send email without smtp
authentication. We use email address <code>user@example.com</code> for example here.</p>
<pre><code>/^user@example\.com$/ OK
</code></pre>
<p>It's ok to use IP address instead like below if you want to allow all emails
sent from this IP address:</p>
<pre><code>/^192\.168\.1\.1$/ OK
/^192\.168\.2\./ OK
/^172\.16\./ OK
</code></pre>
<div class="admonition attention">
<p class="admonition-title">Attention</p>
<ul>
<li>File <code>sender_access.pcre</code> is in pcre format, check Postfix manual page
<a href="http://www.postfix.org/pcre_table.5.html">PCRE_TABLE(5)</a> for more details.</li>
<li>For more allowed sender or IP address/network format, please check
Postfix manual page: <a href="http://www.postfix.org/access.5.html">access(5)</a>.</li>
</ul>
</div>
<p>Now restart or reload postfix to make it work:</p>
<pre><code>postfix reload
</code></pre>
<h2 id="iredapd">iRedAPD</h2>
<p>iRedAPD plugin <code>reject_sender_login_mismatch</code> checks forged sender address.
If sender domain is hosted on your server, but email was sent without smtp
auth, it's considered as a forged email, and iRedAPD rejects this email
(with rejection message: <code>SMTP AUTH is required for users under this sender
domain</code>).</p>
<ul>
<li>
<p>To allow sending email without smtp authentication for user
<code>user@example.com</code>, please add parameter <code>ALLOWED_FORGED_SENDERS</code> in
iRedAPD config file <code>/opt/iredapd/settings.py</code> like below. If this parameter
already exists, please append the user email address in the list.</p>
<p>You can find default value and detailed comment about this parameter
in file <code>/opt/iredapd/libs/default_settings.py</code>.</p>
</li>
</ul>
<pre><code>ALLOWED_FORGED_SENDERS = ['user@example.com']
</code></pre>
<ul>
<li>To bypass sender IP address or network, for example, <code>192.168.0.1</code> and
<code>192.168.1.0/24</code>, please add setting in <code>/opt/iredapd/settings.py</code> like below:</li>
</ul>
<pre><code>MYNETWORKS = ['192.168.0.1', '192.168.1.0/24']
</code></pre>
<p>Restarting iRedAPD service is required if you updated <code>/opt/iredapd/settings.py</code>.</p><div class="footer">
<p style="text-align: center; color: grey;">All documents are available in <a href="https://github.com/iredmail/docs/">GitHub repository</a>, and published under <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">Creative Commons</a> license. You can <a href="https://github.com/iredmail/docs/archive/master.zip">download the latest version</a> for offline reading. If you found something wrong, please do <a href="https://www.iredmail.org/contact.html">contact us</a> to fix it.</p>
</div>
<!-- Global site tag (gtag.js) - Google Analytics -->
<script async src="https://www.googletagmanager.com/gtag/js?id=UA-3293801-21"></script>
<script>
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
gtag('js', new Date());
gtag('config', 'UA-3293801-21');
</script>
</body></html>

2
html/index.html
View File

@ -107,7 +107,7 @@
<li><a href="allow.insecure.pop3.imap.smtp.connections.html">Allow insecure POP3/IMAP/SMTP connections without STARTTLS</a></li>
<li><a href="additional.smtp.port.html">Allow internal network devices to send email with insecure connection</a></li>
<li><a href="allow.member.to.send.email.as.mail.list.html">Allow member to send email as mailing list or mail alias</a></li>
<li><a href="allow.user.to.send.email.without.authentication.html">Allow user to send email without smtp authentication</a></li>
<li><a href="allow.send.without.smtp.auth.html">Allow some user to send email without smtp authentication</a></li>
<li><a href="amavisd.per-recipient.policy.lookup.html">Amavisd: Enable per-recipient policy lookup</a></li>
<li><a href="authenticate.without.domain.name.html">Authenticate without domain part in email address</a></li>
<li><a href="backupmx.html">How to mark a mail domain as backup MX</a></li>