1 Topic by slapper

  • slapper
  • Member
  • Offline
  • Registered: 2011-10-31
  • Posts: 10

Topic: Open relay from specific ip ( postfix )

- iRedMail version: Iredmail-Pro 0.8.6
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):  Mysql
- Linux/BSD distribution name and version: Centos 6.5
- Related log if you're reporting an issue:
====

Hi to all,

I want to allow specific IP addresses to be open relay in Postfix.I know i need to add the following conf in /etc/postfix/main.cf

mynetworks = 127.0.0.0/8, a.b.c.d/e, x.x.x.x/x

But we want to send emails with accounts that doesn't not exist to the system.
With the configuration above we can send email without authentication but the user must exist to the system.
Is that possible ??

Thanks!

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Open relay from specific ip ( postfix )

You can add a restriction rule in Postfix parameter "smtpd_sender_login_maps" to bypass non-exist sender. But do you really have to use a non-exist sender address? Is it hard to add an email address for this purpose? I don't get it.

3 Reply by slapper

  • slapper
  • Member
  • Offline
  • Registered: 2011-10-31
  • Posts: 10

Re: Open relay from specific ip ( postfix )

Hi Zhang,

Coming back to this post because we want to achieve this setup.
We have an application which use iredmail server to send emails. Application use various from addresses from existing domains to send emails .we don't want to add every time these domains & mailboxes to our mail server.
It would be great if we allow only specific IP address to be open relay to our server

On the other hand we don't wont to brake our production installation. For now we have the default settings under /etc/postfix/main.cf

smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql/sender_login_maps.cf

Thank you again for this great product! smile

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Open relay from specific ip ( postfix )

Try this: http://www.iredmail.org/wiki/index.php? … entication

By the way, why it uses various from addresses? Why not use a hard-coded address (e.g. no-reply@xxx)?

5 Reply by slapper

  • slapper
  • Member
  • Offline
  • Registered: 2011-10-31
  • Posts: 10

Re: Open relay from specific ip ( postfix )

ZhangHuangbin wrote:

Try this: http://www.iredmail.org/wiki/index.php? … entication

By the way, why it uses various from addresses? Why not use a hard-coded address (e.g. no-reply@xxx)?

Hi Zhang,

Thanks for your reply!!
We are sending emails using info@* where * is our clients domains. We have many clients so we don't  want to add every time new accounts to our system ( less administration ). Of course we are adding mail server ip adress to domains SPF records.

I already try http://www.iredmail.org/wiki/index.php? … entication but without success.

I found a solution to change the smtpd_recipient_restrictions sequence

smtpd_recipient_restrictions = permit_mynetworks, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unlisted_recipient, check_policy_service inet:127.0.0.1:7777, check_policy_service inet:127.0.0.1:10031, permit_sasl_authenticated, reject_unauth_destination

But i am not sure if this is secure or break something to iredmail installation

6 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Open relay from specific ip ( postfix )

Personally, i don't think it's hard to add info@ for each domain, especially think about how it reduce your workload to avoid other issue related to non-existing mail user. for example, the time you spent in this forum to ask for help to solve this issue.

This is default value for smtpd_recipient_restrictions in iRedMail:

smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unlisted_recipient, check_policy_service inet:127.0.0.1:7777, check_policy_service inet:127.0.0.1:10031, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination