问题
I want to authenticate our customers' MTAs (Exchange for the most part, pointing to us as its smart host) to our relay server (Postfix 2.11.3, CentOS 6.6) and accept mail from only those authenticated MTAs.
I've looked into SASL, but as far as I can tell, its use case is for authenticating inbound MUAs or outbound MTAs.
How does one authenticate inbound MTAs using Postfix?
Thanks, Nathan
EDIT:
From my main.cf:
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtpd_relay_restrictions = permit_sasl_authenticated, reject_unauth_destination
Other useful info: postconf -a cyrus dovecot
vim /etc/dovecot/conf.d/10-auth.conf auth_mechanisms = plain login
master.cf is virginal
回答1:
SASL is the way to go. Postfix doesn't particularly care of it's an MUA or MTA connecting to it. If you use smtpd_sasl_auth_enable (along with smtpd_relay_restrictions = permit_sasl_authenticated and a proper SASL configuration), only authenticated connections will be able to use your server as a smarthost relay. Exchange supports this sort of thing, and it should be what you want.
回答2:
I'm glad you could get it working with Dovecot - I couldn't! Fortunately, I wasn't married to Dovecot. I found this: http://initrd.org/wiki/SMTP_Relay which I followed and succeeded. Just having cert issues, but I'll take that up separately. Thanks again, Doug
来源:https://stackoverflow.com/questions/27831304/postfix-allow-inbound-relaying-from-only-authenticated-mtas