Allow smtp host
-
For older network devices/ applications, is there a way to allow a trusted hosts based upon its IP address
To route their email through Kopano ? (so dont do any handshaking, we trust this source ip)I’m not sure what the term in kopano would be, in Exchange this was referred to as trusted smtp routing relay.
-
@Handyman
SMTP relay is done by the MTA (like postfix) and is not part of Kopano itself - so you have to chech your MTA config to allow sending mailsrg
Christian -
You can definitly tune your postfix to accept specific EHLO clients or IPs without authentication.
Create a
/etc/postfix/helo_client_exceptions
file withmail.example.org PERMIT XX.XX.XX.XX PERMIT
Postmap that file with
$ /etc/postfix/helo_client_exceptions
Add it to your
/etc/postfix/main.cf
file in thesmtpd_relay_restrictions
section.
Example, here’s mine, you probably won’t need all those argumentssmtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, check_client_access hash:/etc/postfix/helo_client_exceptions, check_sender_access hash:/etc/postfix/sender_checks, # This list restricts recipients when client has no authentication #check_recipient_access hash:/etc/postfix/recipient_checks, reject_unauth_destination, reject_invalid_hostname, ### Can cause issues with Auth SMTP, so be weary! reject_non_fqdn_hostname, ### Basic antispam reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unknown_client_hostname, permit_mynetworks, reject_unauth_destination, check_client_access hash:/etc/postfix/rbl_client_exceptions, # Aug 2018: sorbs is a bit too harsh, blocks legit IPs (gmail, orange, github...) #reject_rbl_client dnsbl.sorbs.net, reject_rbl_client cbl.abuseat.org, #reject_rbl_client sbl-xbl.spamhaus.org, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_rbl_client b.barracudacentral.org, reject_rhsbl_sender dsn.rfc-ignorant.org, permit
Reload your postfix with
systemctl reload postfix
and voilà ;)