Navigation

    Kopano
    • Register
    • Login
    • Search
    • Categories
    • Get Official Kopano Support
    • Recent
    Statement regarding the closure of the Kopano community forum and the end of the community edition

    Allow smtp host

    Kopano Groupware Core
    3
    3
    304
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Handyman
      Handyman last edited by

      For older network devices/ applications, is there a way to allow a trusted hosts based upon its IP address
      To route their email through Kopano ? (so dont do any handshaking, we trust this source ip)

      I’m not sure what the term in kopano would be, in Exchange this was referred to as trusted smtp routing relay.

      externa1 1 Reply Last reply Reply Quote 0
      • externa1
        externa1 @Handyman last edited by

        @Handyman
        SMTP relay is done by the MTA (like postfix) and is not part of Kopano itself - so you have to chech your MTA config to allow sending mails

        rg
        Christian

        1 Reply Last reply Reply Quote 1
        • deajan
          deajan last edited by

          You can definitly tune your postfix to accept specific EHLO clients or IPs without authentication.

          Create a /etc/postfix/helo_client_exceptions file with

          mail.example.org        PERMIT
          XX.XX.XX.XX			PERMIT
          

          Postmap that file with $ /etc/postfix/helo_client_exceptions

          Add it to your /etc/postfix/main.cf file in the smtpd_relay_restrictions section.
          Example, here’s mine, you probably won’t need all those arguments

          smtpd_relay_restrictions =
                  permit_mynetworks,
                  permit_sasl_authenticated,
                  check_client_access hash:/etc/postfix/helo_client_exceptions,
                  check_sender_access hash:/etc/postfix/sender_checks,
                  # This list restricts recipients when client has no authentication
                  #check_recipient_access hash:/etc/postfix/recipient_checks,
                  reject_unauth_destination,
                  reject_invalid_hostname,
                  ### Can cause issues with Auth SMTP, so be weary!
                  reject_non_fqdn_hostname,
                  ###  Basic antispam
                  reject_non_fqdn_sender,
                  reject_non_fqdn_recipient,
                  reject_unknown_sender_domain,
                  reject_unknown_recipient_domain,
                  reject_unknown_client_hostname,
                  permit_mynetworks,
                  reject_unauth_destination,
                  check_client_access
                  hash:/etc/postfix/rbl_client_exceptions,
                  # Aug 2018: sorbs is a bit too harsh, blocks legit IPs (gmail, orange, github...)
                  #reject_rbl_client dnsbl.sorbs.net,
                  reject_rbl_client cbl.abuseat.org,
                  #reject_rbl_client sbl-xbl.spamhaus.org,
                  reject_rbl_client zen.spamhaus.org,
                  reject_rbl_client bl.spamcop.net,
                  reject_rbl_client b.barracudacentral.org,
                  reject_rhsbl_sender    dsn.rfc-ignorant.org,
                  permit
          

          Reload your postfix with systemctl reload postfix and voilà ;)

          1 Reply Last reply Reply Quote 0
          • First post
            Last post