Postfix check_sender_access: Switch hash map to pcre table.
This commit is contained in:
parent
3981ae43c4
commit
fac8d91516
|
@ -1,13 +1,15 @@
|
|||
# Allow user to send email without smtp authentication
|
||||
|
||||
[TOC]
|
||||
|
||||
## Postfix
|
||||
|
||||
Create a plain text file: `/etc/postfix/accepted_unauth_senders`, list all
|
||||
Create a plain text file: `/etc/postfix/sender_access.pcre`, list all
|
||||
users' email addresses which are allowed to send email without smtp
|
||||
authentication. We use user email address `user@example.com` for example:
|
||||
|
||||
```
|
||||
user@example.com OK
|
||||
/^user@example\.com$/ OK
|
||||
```
|
||||
|
||||
It's ok to use IP address instead like below:
|
||||
|
@ -15,22 +17,16 @@ It's ok to use IP address instead like below:
|
|||
> For more allowed sender format, please check Postfix manual page: [access(5)](http://www.postfix.org/access.5.html).
|
||||
|
||||
```
|
||||
192.168.1.1 OK
|
||||
192.168.2 OK
|
||||
172.16 OK
|
||||
/^192\.168\.1\.1$/ OK
|
||||
/^192\.168\.2\./ OK
|
||||
/^172\.16\./ OK
|
||||
```
|
||||
|
||||
Create hash db file with `postmap` command:
|
||||
|
||||
```
|
||||
# postmap hash:/etc/postfix/accepted_unauth_senders
|
||||
```
|
||||
|
||||
Modify Postfix config file `/etc/postfix/main.cf` to use this text file:
|
||||
Update Postfix config file `/etc/postfix/main.cf` to use this pcre file:
|
||||
|
||||
```
|
||||
smtpd_sender_restrictions =
|
||||
check_sender_access hash:/etc/postfix/accepted_unauth_senders,
|
||||
check_sender_access pcre:/etc/postfix/sender_access.pcre,
|
||||
[...OTHER RESTRICTIONS HERE...]
|
||||
```
|
||||
|
||||
|
@ -64,3 +60,10 @@ MYNETWORKS = ['192.168.0.1', '192.168.1.0/24']
|
|||
```
|
||||
|
||||
Restarting iRedAPD service is required if you updated `/opt/iredapd/settings.py`.
|
||||
|
||||
## References
|
||||
|
||||
* Postfix documents:
|
||||
* [check_sender_access](http://www.postfix.org/postconf.5.html#check_sender_access)
|
||||
* Manual page: [access(5)](http://www.postfix.org/access.5.html)
|
||||
* Manual page: [pcre_table(5)](http://www.postfix.org/pcre_table.5.html)
|
||||
|
|
|
@ -41,7 +41,7 @@ exclude=gnustep*
|
|||
|
||||
```
|
||||
yum clean all
|
||||
yum update sogo* sope*
|
||||
yum update 'sogo*' 'sope*'
|
||||
```
|
||||
|
||||
* Run the script shipped in SOGo-4.x to update SQL structure:
|
||||
|
|
|
@ -21,28 +21,24 @@
|
|||
</div>
|
||||
<h1 id="allow-user-to-send-email-without-smtp-authentication">Allow user to send email without smtp authentication</h1>
|
||||
<h2 id="postfix">Postfix</h2>
|
||||
<p>Create a plain text file: <code>/etc/postfix/accepted_unauth_senders</code>, list all
|
||||
<p>Create a plain text file: <code>/etc/postfix/sender_access.pcre</code>, list all
|
||||
users' email addresses which are allowed to send email without smtp
|
||||
authentication. We use user email address <code>user@example.com</code> for example:</p>
|
||||
<pre><code>user@example.com OK
|
||||
<pre><code>/^user@example\.com$/ OK
|
||||
</code></pre>
|
||||
|
||||
<p>It's ok to use IP address instead like below:</p>
|
||||
<blockquote>
|
||||
<p>For more allowed sender format, please check Postfix manual page: <a href="http://www.postfix.org/access.5.html">access(5)</a>.</p>
|
||||
</blockquote>
|
||||
<pre><code>192.168.1.1 OK
|
||||
192.168.2 OK
|
||||
172.16 OK
|
||||
<pre><code>/^192\.168\.1\.1$/ OK
|
||||
/^192\.168\.2\./ OK
|
||||
/^172\.16\./ OK
|
||||
</code></pre>
|
||||
|
||||
<p>Create hash db file with <code>postmap</code> command:</p>
|
||||
<pre><code># postmap hash:/etc/postfix/accepted_unauth_senders
|
||||
</code></pre>
|
||||
|
||||
<p>Modify Postfix config file <code>/etc/postfix/main.cf</code> to use this text file:</p>
|
||||
<p>Update Postfix config file <code>/etc/postfix/main.cf</code> to use this pcre file:</p>
|
||||
<pre><code>smtpd_sender_restrictions =
|
||||
check_sender_access hash:/etc/postfix/accepted_unauth_senders,
|
||||
check_sender_access pcre:/etc/postfix/sender_access.pcre,
|
||||
[...OTHER RESTRICTIONS HERE...]
|
||||
</code></pre>
|
||||
|
||||
|
@ -71,7 +67,16 @@ device like printer, fax, we can also its IP address directly.</p>
|
|||
<pre><code>MYNETWORKS = ['192.168.0.1', '192.168.1.0/24']
|
||||
</code></pre>
|
||||
|
||||
<p>Restarting iRedAPD service is required if you updated <code>/opt/iredapd/settings.py</code>.</p><div class="footer">
|
||||
<p>Restarting iRedAPD service is required if you updated <code>/opt/iredapd/settings.py</code>.</p>
|
||||
<h2 id="references">References</h2>
|
||||
<ul>
|
||||
<li>Postfix documents:<ul>
|
||||
<li><a href="http://www.postfix.org/postconf.5.html#check_sender_access">check_sender_access</a></li>
|
||||
<li>Manual page: <a href="http://www.postfix.org/access.5.html">access(5)</a></li>
|
||||
<li>Manual page: <a href="http://www.postfix.org/pcre_table.5.html">pcre_table(5)</a></li>
|
||||
</ul>
|
||||
</li>
|
||||
</ul><div class="footer">
|
||||
<p style="text-align: center; color: grey;">All documents are available in <a href="https://bitbucket.org/zhb/iredmail-docs/src">BitBucket repository</a>, and published under <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">Creative Commons</a> license. You can <a href="https://bitbucket.org/zhb/iredmail-docs/get/tip.tar.bz2">download the latest version</a> for offline reading. If you found something wrong, please do <a href="https://www.iredmail.org/contact.html">contact us</a> to fix it.</p>
|
||||
</div>
|
||||
<!-- Global site tag (gtag.js) - Google Analytics -->
|
||||
|
|
|
@ -65,7 +65,7 @@ cp /etc/sysconfig/sogo /root/sogo-backup/sysconfig/
|
|||
<li>Upgrade SOGo packages:</li>
|
||||
</ul>
|
||||
<pre><code>yum clean all
|
||||
yum update sogo* sope*
|
||||
yum update 'sogo*' 'sope*'
|
||||
</code></pre>
|
||||
|
||||
<ul>
|
||||
|
|
Loading…
Reference in New Issue