[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#794602: TJENER does not accept mails from other Edu client machines on 10.0.0.0/8



Hi Petter,

On  Do 06 Aug 2015 22:46:35 CEST, Petter Reinholdtsen wrote:

This issue is discussed a bit in
<URL: https://lists.debian.org/debian-edu/2014/10/msg00081.html >.

Why not simply change the order of accepts and denies???

Instead of this:

"""
   deny !authenticated = *
message = SMTP server requires authentication. Check your SMTP client configuration. deny condition = ${if eq{$authenticated_id}{$sender_address_local_part@INTERN}{false}{true}} message = Sender address $sender_address conflicts with authentication $authenticated_id.
   accept  hosts = :
   accept  domains = +local_domains
   accept  hosts = +relay_hosts
"""

We should switch to

"""
   accept  hosts = :
   accept  domains = +local_domains
   accept  hosts = +relay_hosts
   deny !authenticated = *
message = SMTP server requires authentication. Check your SMTP client configuration. deny condition = ${if eq{$authenticated_id}{$sender_address_local_part@INTERN}{false}{true}} message = Sender address $sender_address conflicts with authentication $authenticated_id.
"""

I am unsure about the meaning of "hosts = :", but in postfix ways you would permit hosts in the local domain, relay hosts and then deny any other client if not authenticated.

Do I see that right?

Please note, that I don't have time to commit such a change before end of August (I am about to leave for vacation...). So, if you agree, you may happily close this bug with a commit as proposed above.

Greets,
Mike
--

DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148

GnuPG Key ID 0x25771B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de

freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb

Attachment: pgpnv8tzgjcO9.pgp
Description: Digitale PGP-Signatur


Reply to: