smtpd.cfg Question

[smmoore]

I have a question about some of the options in smtpd.cfg file. I am attempting to use two ip addresses one with just scalix on port 587.

172.16.1.100:25
127.0.0.1:25

172.16.1.101:587

101 will only accept authenticated requests, 100 will accept any but only with the recpient being *@domain.com. So below is the part of the smtpd.cfg file

LISTEN_PORT=587
ANONYMOUS Log_Reject 172.16.1.101
RECIPIENT accept *@domain.com
RELAY Log_Reject ALL

This does not yield what I am describing and I always get denied by spam list no matter if I am trying to open relay (which is what I want blocked on 101) or send to domain.com which is what scalix handles.

Any/all help appreciated.

Thanks,

Shawn

[ScalixSupport]

Code: Select all

LISTEN_PORT=587
ANONYMOUS Log_Reject 172.16.1.101
RECIPIENT accept *@domain.com
RELAY Log_Reject ALL

Do you have any RELAY accept rules ? The config you have above will reject all relay attempts. The rules are also processed in a first-match fashion.

If this is an edited version, can you post the full one (minus the comments and edited for privacy).

Cheers

Dave

[smmoore]

Here is the full smptd.cfg ommiting all # lines

EXTENSIONS=AUTH,DSN,8BITMIME




LISTEN_PORT=587
ANONYMOUS Log_Reject 172.16.1.101
RECIPIENT accept *@domain.com
RELAY Log_Reject ALL

RECIPIENT Log_Reject *@*@*
RECIPIENT Log_Reject *%*
RECIPIENT Log_Reject *!*

I would like for 172.16.1.100 to only accept mail destined to *@domain.com which is the reason I have

RECIPIENT accept *@domain.com

Would it work to do

RELAY RECIPIENT accept *@domain.com

Thanks,

Shawn

[ScalixSupport]

Would it work to do

RELAY RECIPIENT accept *@domain.com

The rule would be:

Code: Select all

RELAY accept domain.com
RELAY accept .domain.com

This accepts everything in domain.com or a sub-domain of domain.com that does not match with a directory entry in the SYSTEM directory.

Again, make sure that you place this above any reject rules.

Cheers

Dave

[smmoore]

Code: Select all

LISTEN_PORT=587
ANONYMOUS Log_Reject 172.16.1.101 # This would stop clients and SWA from relaying without authenticating
RELAY accept domain.com # This would allow all mail coming in to be accepted to domain.com
RELAY accept 172.16.1.101 # This would allow a person coming in on 101 to relay because they would not get to this rule had they not authenticed
RELAY Log_Reject ALL

So would that yield what I want where I would have people using SWA or a client to send to 172.16.1.101 and that would be able to relay and then have incoming smtp from the net only accept mail on 172.16.1.100 for domain.com ??

Thanks

[ScalixSupport]

Yes. It would (and matches what I am using at home).

There isn't any need to add the Relay accept 172.16.1.101 line because an authenticated connection is implicitly allowed to relay ( given that we know who they are ).

Cheers

Dave

[smmoore]

Thanks Dave, I'll give this a try when I get home. If you remember/know me I hope you didn't think I was asking these questions for the college. This is for me at home with the community edition.

Thanks again

[caribk]

got a related question for SWA outgoing mail.
we have the following setup: internal scalix server (not yet in production) and an external posfix-based smarthost mail relay server.

mail routing works fine for the most part.. spamassassin and clamav is setup with milters and everything works fine. sendmail has the external server as a smarthost but locally delivers mail for the primary domain. SMPTP relay is also setup on 587.

the problem, or more an annoyance during testing, is that all outgoing mail submitted through SWA is *always* routed to the smarthost (which currently means that it is then routed to a different non-Scalix mbox) instead of locally delivered. when testing sendmail on the command line, mail submitted to the local primary domain gets send to scalix, so i know that routing works.

in addition, at first I thought that the problem lied with the SMTP relay so i changed the partner.xml to submit mail directly to sendmail instead of on poert 587 through the relay, as well as checked the audit logs. the SMTP relay hands the mail over to sendmail, but it's still relayed to the smarthost (i assume passed back to SMTP relay again) when sent from SWA.

i have the appropriate RELAY accept domain.com as well as RELAY accept xx.xxx.xx.xx (local ip/subnets) in there.

my question the is, how do I get SWA to deliver locally in this situation? i thought that adding a SUBMIT or RECIPIENT accept line *before* the RELAY lines in smtpd.cfg would do the trick, but nothing change.
like i said, mail routing work but i just want to figure out why this is ony happening through SWA, even when it is submitting outgoing mail through sendmail and sendmail from the command-line delivers directly.

[deyjvu]

Try modifying the swa.email.smtpServer to include at the end of the servername the port you have configured for LISTEN_PORT i.e. " :587 "

NOTE: At version 11 the LISTEN_PORT is disabled and it is now just LISTEN - just found this in another post on the Forum.