• For older network devices/ applications, is there a way to allow a trusted hosts based upon its IP address
    To route their email through Kopano ? (so dont do any handshaking, we trust this source ip)

    I’m not sure what the term in kopano would be, in Exchange this was referred to as trusted smtp routing relay.


  • @Handyman
    SMTP relay is done by the MTA (like postfix) and is not part of Kopano itself - so you have to chech your MTA config to allow sending mails

    rg
    Christian


  • You can definitly tune your postfix to accept specific EHLO clients or IPs without authentication.

    Create a /etc/postfix/helo_client_exceptions file with

    mail.example.org        PERMIT
    XX.XX.XX.XX			PERMIT
    

    Postmap that file with $ /etc/postfix/helo_client_exceptions

    Add it to your /etc/postfix/main.cf file in the smtpd_relay_restrictions section.
    Example, here’s mine, you probably won’t need all those arguments

    smtpd_relay_restrictions =
            permit_mynetworks,
            permit_sasl_authenticated,
            check_client_access hash:/etc/postfix/helo_client_exceptions,
            check_sender_access hash:/etc/postfix/sender_checks,
            # This list restricts recipients when client has no authentication
            #check_recipient_access hash:/etc/postfix/recipient_checks,
            reject_unauth_destination,
            reject_invalid_hostname,
            ### Can cause issues with Auth SMTP, so be weary!
            reject_non_fqdn_hostname,
            ###  Basic antispam
            reject_non_fqdn_sender,
            reject_non_fqdn_recipient,
            reject_unknown_sender_domain,
            reject_unknown_recipient_domain,
            reject_unknown_client_hostname,
            permit_mynetworks,
            reject_unauth_destination,
            check_client_access
            hash:/etc/postfix/rbl_client_exceptions,
            # Aug 2018: sorbs is a bit too harsh, blocks legit IPs (gmail, orange, github...)
            #reject_rbl_client dnsbl.sorbs.net,
            reject_rbl_client cbl.abuseat.org,
            #reject_rbl_client sbl-xbl.spamhaus.org,
            reject_rbl_client zen.spamhaus.org,
            reject_rbl_client bl.spamcop.net,
            reject_rbl_client b.barracudacentral.org,
            reject_rhsbl_sender    dsn.rfc-ignorant.org,
            permit
    

    Reload your postfix with systemctl reload postfix and voilà ;)