New: allow.send.without.smtp.auth.html.
Deprecated: allow.user.to.send.email.without.authentication.html.
This commit is contained in:
parent
94e8f59dca
commit
520cc8409e
|
@ -2,6 +2,12 @@
|
|||
|
||||
[TOC]
|
||||
|
||||
!!! attention
|
||||
|
||||
This tutorial applies to iRedMail-0.9.9 and earlier releases. If you're
|
||||
running a later release, please follow
|
||||
[this tutorial](./allow.send.without.smtp.auth.html) instead.
|
||||
|
||||
## Postfix
|
||||
|
||||
Create a plain text file: `/etc/postfix/sender_access.pcre`, list all
|
|
@ -0,0 +1,71 @@
|
|||
# Allow some user to send email without smtp authentication
|
||||
|
||||
[TOC]
|
||||
|
||||
!!! attention
|
||||
|
||||
This tutorial applies to iRedMail-1.0 and later releases. If you're running
|
||||
an iRedMail-0.9.9 or earlier release, please follow
|
||||
[this tutorial](./allow.user.to.send.email.without.authentication.html) instead.
|
||||
|
||||
## Postfix
|
||||
|
||||
Open file `/etc/postfix/sender_access.pcre` (Linux/OpenBSD) or
|
||||
`/usr/local/etc/postfix/sender_access.pcre` (FreeBSD), append the user's email
|
||||
address which you're going to allow to send email without smtp
|
||||
authentication. We use email address `user@example.com` for example here.
|
||||
|
||||
```
|
||||
/^user@example\.com$/ OK
|
||||
```
|
||||
|
||||
It's ok to use IP address instead like below if you want to allow all emails
|
||||
sent from this IP address:
|
||||
|
||||
```
|
||||
/^192\.168\.1\.1$/ OK
|
||||
/^192\.168\.2\./ OK
|
||||
/^172\.16\./ OK
|
||||
```
|
||||
|
||||
!!! attention
|
||||
|
||||
* File `sender_access.pcre` is in pcre format, check Postfix manual page
|
||||
[PCRE_TABLE(5)](http://www.postfix.org/pcre_table.5.html) for more details.
|
||||
* For more allowed sender or IP address/network format, please check
|
||||
Postfix manual page: [access(5)](http://www.postfix.org/access.5.html).
|
||||
|
||||
Now restart or reload postfix to make it work:
|
||||
|
||||
```
|
||||
postfix reload
|
||||
```
|
||||
|
||||
## iRedAPD
|
||||
|
||||
iRedAPD plugin `reject_sender_login_mismatch` checks forged sender address.
|
||||
If sender domain is hosted on your server, but email was sent without smtp
|
||||
auth, it's considered as a forged email, and iRedAPD rejects this email
|
||||
(with rejection message: `SMTP AUTH is required for users under this sender
|
||||
domain`).
|
||||
|
||||
* To allow sending email without smtp authentication for user
|
||||
`user@example.com`, please add parameter `ALLOWED_FORGED_SENDERS` in
|
||||
iRedAPD config file `/opt/iredapd/settings.py` like below. If this parameter
|
||||
already exists, please append the user email address in the list.
|
||||
|
||||
You can find default value and detailed comment about this parameter
|
||||
in file `/opt/iredapd/libs/default_settings.py`.
|
||||
|
||||
```
|
||||
ALLOWED_FORGED_SENDERS = ['user@example.com']
|
||||
```
|
||||
|
||||
* To bypass sender IP address or network, for example, `192.168.0.1` and
|
||||
`192.168.1.0/24`, please add setting in `/opt/iredapd/settings.py` like below:
|
||||
|
||||
```
|
||||
MYNETWORKS = ['192.168.0.1', '192.168.1.0/24']
|
||||
```
|
||||
|
||||
Restarting iRedAPD service is required if you updated `/opt/iredapd/settings.py`.
|
|
@ -0,0 +1,100 @@
|
|||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
||||
<title>Allow some user to send email without smtp authentication</title>
|
||||
<link rel="stylesheet" type="text/css" href="./css/markdown.css" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<div id="navigation">
|
||||
<a href="https://www.iredmail.org" target="_blank">
|
||||
<img alt="iRedMail web site"
|
||||
src="./images/logo-iredmail.png"
|
||||
style="vertical-align: middle; height: 30px;"
|
||||
/>
|
||||
<span>iRedMail</span>
|
||||
</a>
|
||||
// <a href="./index.html">Document Index</a></div><h1 id="allow-some-user-to-send-email-without-smtp-authentication">Allow some user to send email without smtp authentication</h1>
|
||||
<div class="toc">
|
||||
<ul>
|
||||
<li><a href="#allow-some-user-to-send-email-without-smtp-authentication">Allow some user to send email without smtp authentication</a><ul>
|
||||
<li><a href="#postfix">Postfix</a></li>
|
||||
<li><a href="#iredapd">iRedAPD</a></li>
|
||||
</ul>
|
||||
</li>
|
||||
</ul>
|
||||
</div>
|
||||
<div class="admonition attention">
|
||||
<p class="admonition-title">Attention</p>
|
||||
<p>This tutorial applies to iRedMail-1.0 and later releases. If you're running
|
||||
an iRedMail-0.9.9 or earlier release, please follow
|
||||
<a href="./allow.user.to.send.email.without.authentication.html">this tutorial</a> instead.</p>
|
||||
</div>
|
||||
<h2 id="postfix">Postfix</h2>
|
||||
<p>Open file <code>/etc/postfix/sender_access.pcre</code> (Linux/OpenBSD) or
|
||||
<code>/usr/local/etc/postfix/sender_access.pcre</code> (FreeBSD), append the user's email
|
||||
address which you're going to allow to send email without smtp
|
||||
authentication. We use email address <code>user@example.com</code> for example here.</p>
|
||||
<pre><code>/^user@example\.com$/ OK
|
||||
</code></pre>
|
||||
|
||||
<p>It's ok to use IP address instead like below if you want to allow all emails
|
||||
sent from this IP address:</p>
|
||||
<pre><code>/^192\.168\.1\.1$/ OK
|
||||
/^192\.168\.2\./ OK
|
||||
/^172\.16\./ OK
|
||||
</code></pre>
|
||||
|
||||
<div class="admonition attention">
|
||||
<p class="admonition-title">Attention</p>
|
||||
<ul>
|
||||
<li>File <code>sender_access.pcre</code> is in pcre format, check Postfix manual page
|
||||
<a href="http://www.postfix.org/pcre_table.5.html">PCRE_TABLE(5)</a> for more details.</li>
|
||||
<li>For more allowed sender or IP address/network format, please check
|
||||
Postfix manual page: <a href="http://www.postfix.org/access.5.html">access(5)</a>.</li>
|
||||
</ul>
|
||||
</div>
|
||||
<p>Now restart or reload postfix to make it work:</p>
|
||||
<pre><code>postfix reload
|
||||
</code></pre>
|
||||
|
||||
<h2 id="iredapd">iRedAPD</h2>
|
||||
<p>iRedAPD plugin <code>reject_sender_login_mismatch</code> checks forged sender address.
|
||||
If sender domain is hosted on your server, but email was sent without smtp
|
||||
auth, it's considered as a forged email, and iRedAPD rejects this email
|
||||
(with rejection message: <code>SMTP AUTH is required for users under this sender
|
||||
domain</code>).</p>
|
||||
<ul>
|
||||
<li>
|
||||
<p>To allow sending email without smtp authentication for user
|
||||
<code>user@example.com</code>, please add parameter <code>ALLOWED_FORGED_SENDERS</code> in
|
||||
iRedAPD config file <code>/opt/iredapd/settings.py</code> like below. If this parameter
|
||||
already exists, please append the user email address in the list.</p>
|
||||
<p>You can find default value and detailed comment about this parameter
|
||||
in file <code>/opt/iredapd/libs/default_settings.py</code>.</p>
|
||||
</li>
|
||||
</ul>
|
||||
<pre><code>ALLOWED_FORGED_SENDERS = ['user@example.com']
|
||||
</code></pre>
|
||||
|
||||
<ul>
|
||||
<li>To bypass sender IP address or network, for example, <code>192.168.0.1</code> and
|
||||
<code>192.168.1.0/24</code>, please add setting in <code>/opt/iredapd/settings.py</code> like below:</li>
|
||||
</ul>
|
||||
<pre><code>MYNETWORKS = ['192.168.0.1', '192.168.1.0/24']
|
||||
</code></pre>
|
||||
|
||||
<p>Restarting iRedAPD service is required if you updated <code>/opt/iredapd/settings.py</code>.</p><div class="footer">
|
||||
<p style="text-align: center; color: grey;">All documents are available in <a href="https://github.com/iredmail/docs/">GitHub repository</a>, and published under <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">Creative Commons</a> license. You can <a href="https://github.com/iredmail/docs/archive/master.zip">download the latest version</a> for offline reading. If you found something wrong, please do <a href="https://www.iredmail.org/contact.html">contact us</a> to fix it.</p>
|
||||
</div>
|
||||
<!-- Global site tag (gtag.js) - Google Analytics -->
|
||||
<script async src="https://www.googletagmanager.com/gtag/js?id=UA-3293801-21"></script>
|
||||
<script>
|
||||
window.dataLayer = window.dataLayer || [];
|
||||
function gtag(){dataLayer.push(arguments);}
|
||||
gtag('js', new Date());
|
||||
|
||||
gtag('config', 'UA-3293801-21');
|
||||
</script>
|
||||
</body></html>
|
|
@ -107,7 +107,7 @@
|
|||
<li><a href="allow.insecure.pop3.imap.smtp.connections.html">Allow insecure POP3/IMAP/SMTP connections without STARTTLS</a></li>
|
||||
<li><a href="additional.smtp.port.html">Allow internal network devices to send email with insecure connection</a></li>
|
||||
<li><a href="allow.member.to.send.email.as.mail.list.html">Allow member to send email as mailing list or mail alias</a></li>
|
||||
<li><a href="allow.user.to.send.email.without.authentication.html">Allow user to send email without smtp authentication</a></li>
|
||||
<li><a href="allow.send.without.smtp.auth.html">Allow some user to send email without smtp authentication</a></li>
|
||||
<li><a href="amavisd.per-recipient.policy.lookup.html">Amavisd: Enable per-recipient policy lookup</a></li>
|
||||
<li><a href="authenticate.without.domain.name.html">Authenticate without domain part in email address</a></li>
|
||||
<li><a href="backupmx.html">How to mark a mail domain as backup MX</a></li>
|
||||
|
|
Loading…
Reference in New Issue