SMTP relays using MAC address?

classic Classic list List threaded Threaded
13 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

SMTP relays using MAC address?

Carl Hoefs
We have a mail server running OSXS 10.6.8 SL, and we're thinking of upgrading it to Mavericks (or at least to ML).
Does anyone know if either one supports SMTP relays using MAC address?

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list      ([hidden email])
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/macos-x-server/lists%2Bs10970n2h62%40n7.nabble.com

This email sent to [hidden email]
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: SMTP relays using MAC address?

Ansgar Wiechers
On 2013-10-20 Carl Hoefs wrote:
> We have a mail server running OSXS 10.6.8 SL, and we're thinking of
> upgrading it to Mavericks (or at least to ML).
> Does anyone know if either one supports SMTP relays using MAC address?

That question doesn't make sense. SMTP doesn't operate on the data-link
layer. What real-world problem are you trying to solve?

Besides, AFAIK Mountain Lion still comes with Postfix as its MTA, so if
whatever you're trying to do worked before, it should work after as
well.

Regards
Ansgar Wiechers
--
"Another option [for defragmentation] is to back up your important files,
erase the hard disk, then reinstall Mac OS X and your backed up files."
--http://docs.info.apple.com/article.html?artnum=25668

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list      ([hidden email])
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/macos-x-server/lists%2Bs10970n2h62%40n7.nabble.com

This email sent to [hidden email]
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: SMTP relays using MAC address?

Carl Hoefs
Sorry if I wasn't too clear in my original post. The issue I'm having is that the SL OSXS mail server can be set up to restrict remote SMTP relaying of emails by IP address, but not by MAC hardware address. In Server Admin, under Mail --> Relay, there's a list of IP addresses one can add to, titled "Accept SMTP relays only from these hosts and networks:". That works fine for what it is, but if someone is on the road and is coming in on a dynamic IP address, it would be nice to have it look at his laptop's MAC address instead. I'm hoping that a more recent version of OSXS supports this concept?
 
- Carl

On Oct 21, 2013, at 3:55 AM, Ansgar Wiechers <[hidden email]> wrote:

> On 2013-10-20 Carl Hoefs wrote:
>> We have a mail server running OSXS 10.6.8 SL, and we're thinking of
>> upgrading it to Mavericks (or at least to ML).
>> Does anyone know if either one supports SMTP relays using MAC address?
>
> That question doesn't make sense. SMTP doesn't operate on the data-link
> layer. What real-world problem are you trying to solve?
>
> Besides, AFAIK Mountain Lion still comes with Postfix as its MTA, so if
> whatever you're trying to do worked before, it should work after as
> well.
>
> Regards
> Ansgar Wiechers
> --
> "Another option [for defragmentation] is to back up your important files,
> erase the hard disk, then reinstall Mac OS X and your backed up files."
> --http://docs.info.apple.com/article.html?artnum=25668
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Macos-x-server mailing list      ([hidden email])
> Help/Unsubscribe/Update your Subscription:
> https://lists.apple.com/mailman/options/macos-x-server/newslists%40autonomy.caltech.edu
>
> This email sent to [hidden email]



 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list      ([hidden email])
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/macos-x-server/lists%2Bs10970n2h62%40n7.nabble.com

This email sent to [hidden email]
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: SMTP relays using MAC address?

Kevin Windham

On Oct 21, 2013, at 11:47 AM, Carl Hoefs <[hidden email]> wrote:

> Sorry if I wasn't too clear in my original post. The issue I'm having is that the SL OSXS mail server can be set up to restrict remote SMTP relaying of emails by IP address, but not by MAC hardware address. In Server Admin, under Mail --> Relay, there's a list of IP addresses one can add to, titled "Accept SMTP relays only from these hosts and networks:". That works fine for what it is, but if someone is on the road and is coming in on a dynamic IP address, it would be nice to have it look at his laptop's MAC address instead. I'm hoping that a more recent version of OSXS supports this concept?
>
> - Carl

You can allow relaying based on authentication with username and password. I think this is the default in current versions of OS X server. If not I’m sure we could look up the config options that turn it on, but I don’t remember having to change anything for that.

- Kevin

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list      ([hidden email])
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/macos-x-server/lists%2Bs10970n2h62%40n7.nabble.com

This email sent to [hidden email]
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RE: SMTP relays using MAC address?

MEYER, JASON
In reply to this post by Carl Hoefs
For something like that, I'd use SMTP Auth and have the user authenticate with a password. Using the MAC address isn't possible as its never passed via the SMTP protocol, only the IP address. Be very careful with your SMTP relay setup, you could find your server on one of the many blacklists out there and it’s not a very easy process to get off of some.

Jason.

> -----Original Message-----
> From: macos-x-server-bounces+jason.meyer=[hidden email]
> [mailto:macos-x-server-bounces+jason.meyer=[hidden email]]
> On Behalf Of Carl Hoefs
> Sent: Monday, October 21, 2013 11:47 AM
> To: Ansgar Wiechers
> Cc: Mac OSX Server List
> Subject: Re: SMTP relays using MAC address?
>
> Sorry if I wasn't too clear in my original post. The issue I'm having is that the
> SL OSXS mail server can be set up to restrict remote SMTP relaying of emails
> by IP address, but not by MAC hardware address. In Server Admin, under
> Mail --> Relay, there's a list of IP addresses one can add to, titled "Accept
> SMTP relays only from these hosts and networks:". That works fine for what
> it is, but if someone is on the road and is coming in on a dynamic IP address, it
> would be nice to have it look at his laptop's MAC address instead. I'm hoping
> that a more recent version of OSXS supports this concept?
>
> - Carl
>
> On Oct 21, 2013, at 3:55 AM, Ansgar Wiechers <[hidden email]>
> wrote:
>
> > On 2013-10-20 Carl Hoefs wrote:
> >> We have a mail server running OSXS 10.6.8 SL, and we're thinking of
> >> upgrading it to Mavericks (or at least to ML).
> >> Does anyone know if either one supports SMTP relays using MAC
> address?
> >
> > That question doesn't make sense. SMTP doesn't operate on the
> > data-link layer. What real-world problem are you trying to solve?
> >
> > Besides, AFAIK Mountain Lion still comes with Postfix as its MTA, so
> > if whatever you're trying to do worked before, it should work after as
> > well.
> >
> > Regards
> > Ansgar Wiechers
> > --
> > "Another option [for defragmentation] is to back up your important
> > files, erase the hard disk, then reinstall Mac OS X and your backed up files."
> > --http://docs.info.apple.com/article.html?artnum=25668
> >
> > _______________________________________________
> > Do not post admin requests to the list. They will be ignored.
> > Macos-x-server mailing list      ([hidden email])
> > Help/Unsubscribe/Update your Subscription:
> > https://lists.apple.com/mailman/options/macos-x-server/newslists%40aut
> > onomy.caltech.edu
> >
> > This email sent to [hidden email]
>
>
>
>  _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Macos-x-server mailing list      ([hidden email])
> Help/Unsubscribe/Update your Subscription:
> https://lists.apple.com/mailman/options/macos-x-
> server/jason.meyer%40isd623.org
>
> This email sent to [hidden email]

________________________________

This email and any attachments may contain confidential and privileged
information. If you are not the intended recipient, please notify the
sender immediately by return email, delete this email and destroy any
copies. Any views or opinions presented in this email are solely
those of the author and might not represent those of Roseville Area School
District.


 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list      ([hidden email])
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/macos-x-server/lists%2Bs10970n2h62%40n7.nabble.com

This email sent to [hidden email]
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: SMTP relays using MAC address?

Stuart Ramdeen (Toucan)
In reply to this post by Carl Hoefs
Hi Carl

I don't think any version of OS X server will support this. The mail server processes do not know anything about or interact with MAC (network layer 2) addresses and expect to communicate with clients and other servers using IP addresses (layer 3).
To support your mobile users and allow them to send via your Mac OS X server while off your network you have two options - have them use smtp authentication (enabled by default), or have them VPN to the server/network. The former is the most popular and convenient for both the users and you as the admin. Using either of these options, your users will be able to send from any IP address they happen to pick up while out and about.

Regards
Stuart

Sent from my Spectrum +3

> On 21 Oct 2013, at 17:47, Carl Hoefs <[hidden email]> wrote:
>
> Sorry if I wasn't too clear in my original post. The issue I'm having is that the SL OSXS mail server can be set up to restrict remote SMTP relaying of emails by IP address, but not by MAC hardware address. In Server Admin, under Mail --> Relay, there's a list of IP addresses one can add to, titled "Accept SMTP relays only from these hosts and networks:". That works fine for what it is, but if someone is on the road and is coming in on a dynamic IP address, it would be nice to have it look at his laptop's MAC address instead. I'm hoping that a more recent version of OSXS supports this concept?
>
> - Carl
>
>> On Oct 21, 2013, at 3:55 AM, Ansgar Wiechers <[hidden email]> wrote:
>>
>>> On 2013-10-20 Carl Hoefs wrote:
>>> We have a mail server running OSXS 10.6.8 SL, and we're thinking of
>>> upgrading it to Mavericks (or at least to ML).
>>> Does anyone know if either one supports SMTP relays using MAC address?
>>
>> That question doesn't make sense. SMTP doesn't operate on the data-link
>> layer. What real-world problem are you trying to solve?
>>
>> Besides, AFAIK Mountain Lion still comes with Postfix as its MTA, so if
>> whatever you're trying to do worked before, it should work after as
>> well.
>>
>> Regards
>> Ansgar Wiechers
>> --
>> "Another option [for defragmentation] is to back up your important files,
>> erase the hard disk, then reinstall Mac OS X and your backed up files."
>> --http://docs.info.apple.com/article.html?artnum=25668
>>
>> _______________________________________________
>> Do not post admin requests to the list. They will be ignored.
>> Macos-x-server mailing list      ([hidden email])
>> Help/Unsubscribe/Update your Subscription:
>> https://lists.apple.com/mailman/options/macos-x-server/newslists%40autonomy.caltech.edu
>>
>> This email sent to [hidden email]
>
>
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Macos-x-server mailing list      ([hidden email])
> Help/Unsubscribe/Update your Subscription:
> https://lists.apple.com/mailman/options/macos-x-server/stuart%40toucancomputing.co.uk
>
> This email sent to [hidden email]


 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list      ([hidden email])
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/macos-x-server/lists%2Bs10970n2h62%40n7.nabble.com

This email sent to [hidden email]
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: SMTP relays using MAC address?

Carl Hoefs
Thanks for all the great suggestions. I was misinformed about the MAC address, but the SMTP authentication looks to be the most straightforward way to go. Is that possible in OSXS SL?

- Carl


On Oct 21, 2013, at 9:59 AM, Stuart Ramdeen <[hidden email]> wrote:

> Hi Carl
>
> I don't think any version of OS X server will support this. The mail server processes do not know anything about or interact with MAC (network layer 2) addresses and expect to communicate with clients and other servers using IP addresses (layer 3).
> To support your mobile users and allow them to send via your Mac OS X server while off your network you have two options - have them use smtp authentication (enabled by default), or have them VPN to the server/network. The former is the most popular and convenient for both the users and you as the admin. Using either of these options, your users will be able to send from any IP address they happen to pick up while out and about.
>
> Regards
> Stuart
>
> Sent from my Spectrum +3
>
>> On 21 Oct 2013, at 17:47, Carl Hoefs <[hidden email]> wrote:
>>
>> Sorry if I wasn't too clear in my original post. The issue I'm having is that the SL OSXS mail server can be set up to restrict remote SMTP relaying of emails by IP address, but not by MAC hardware address. In Server Admin, under Mail --> Relay, there's a list of IP addresses one can add to, titled "Accept SMTP relays only from these hosts and networks:". That works fine for what it is, but if someone is on the road and is coming in on a dynamic IP address, it would be nice to have it look at his laptop's MAC address instead. I'm hoping that a more recent version of OSXS supports this concept?
>>
>> - Carl
>>
>>> On Oct 21, 2013, at 3:55 AM, Ansgar Wiechers <[hidden email]> wrote:
>>>
>>>> On 2013-10-20 Carl Hoefs wrote:
>>>> We have a mail server running OSXS 10.6.8 SL, and we're thinking of
>>>> upgrading it to Mavericks (or at least to ML).
>>>> Does anyone know if either one supports SMTP relays using MAC address?
>>>
>>> That question doesn't make sense. SMTP doesn't operate on the data-link
>>> layer. What real-world problem are you trying to solve?
>>>
>>> Besides, AFAIK Mountain Lion still comes with Postfix as its MTA, so if
>>> whatever you're trying to do worked before, it should work after as
>>> well.
>>>
>>> Regards
>>> Ansgar Wiechers
>>> --
>>> "Another option [for defragmentation] is to back up your important files,
>>> erase the hard disk, then reinstall Mac OS X and your backed up files."
>>> --http://docs.info.apple.com/article.html?artnum=25668
>>>
>>> _______________________________________________
>>> Do not post admin requests to the list. They will be ignored.
>>> Macos-x-server mailing list      ([hidden email])
>>> Help/Unsubscribe/Update your Subscription:
>>> https://lists.apple.com/mailman/options/macos-x-server/newslists%40autonomy.caltech.edu
>>>
>>> This email sent to [hidden email]
>>
>>
>>
>> _______________________________________________
>> Do not post admin requests to the list. They will be ignored.
>> Macos-x-server mailing list      ([hidden email])
>> Help/Unsubscribe/Update your Subscription:
>> https://lists.apple.com/mailman/options/macos-x-server/stuart%40toucancomputing.co.uk
>>
>> This email sent to [hidden email]



 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list      ([hidden email])
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/macos-x-server/lists%2Bs10970n2h62%40n7.nabble.com

This email sent to [hidden email]
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: SMTP relays using MAC address?

Stuart Ramdeen (Toucan)
Not only possible but the default.

Sent from my Spectrum +3

> On 21 Oct 2013, at 18:10, Carl Hoefs <[hidden email]> wrote:
>
> Thanks for all the great suggestions. I was misinformed about the MAC address, but the SMTP authentication looks to be the most straightforward way to go. Is that possible in OSXS SL?
>
> - Carl
>
>
>> On Oct 21, 2013, at 9:59 AM, Stuart Ramdeen <[hidden email]> wrote:
>>
>> Hi Carl
>>
>> I don't think any version of OS X server will support this. The mail server processes do not know anything about or interact with MAC (network layer 2) addresses and expect to communicate with clients and other servers using IP addresses (layer 3).
>> To support your mobile users and allow them to send via your Mac OS X server while off your network you have two options - have them use smtp authentication (enabled by default), or have them VPN to the server/network. The former is the most popular and convenient for both the users and you as the admin. Using either of these options, your users will be able to send from any IP address they happen to pick up while out and about.
>>
>> Regards
>> Stuart
>>
>> Sent from my Spectrum +3
>>
>>> On 21 Oct 2013, at 17:47, Carl Hoefs <[hidden email]> wrote:
>>>
>>> Sorry if I wasn't too clear in my original post. The issue I'm having is that the SL OSXS mail server can be set up to restrict remote SMTP relaying of emails by IP address, but not by MAC hardware address. In Server Admin, under Mail --> Relay, there's a list of IP addresses one can add to, titled "Accept SMTP relays only from these hosts and networks:". That works fine for what it is, but if someone is on the road and is coming in on a dynamic IP address, it would be nice to have it look at his laptop's MAC address instead. I'm hoping that a more recent version of OSXS supports this concept?
>>>
>>> - Carl
>>>
>>>>> On Oct 21, 2013, at 3:55 AM, Ansgar Wiechers <[hidden email]> wrote:
>>>>>
>>>>> On 2013-10-20 Carl Hoefs wrote:
>>>>> We have a mail server running OSXS 10.6.8 SL, and we're thinking of
>>>>> upgrading it to Mavericks (or at least to ML).
>>>>> Does anyone know if either one supports SMTP relays using MAC address?
>>>>
>>>> That question doesn't make sense. SMTP doesn't operate on the data-link
>>>> layer. What real-world problem are you trying to solve?
>>>>
>>>> Besides, AFAIK Mountain Lion still comes with Postfix as its MTA, so if
>>>> whatever you're trying to do worked before, it should work after as
>>>> well.
>>>>
>>>> Regards
>>>> Ansgar Wiechers
>>>> --
>>>> "Another option [for defragmentation] is to back up your important files,
>>>> erase the hard disk, then reinstall Mac OS X and your backed up files."
>>>> --http://docs.info.apple.com/article.html?artnum=25668
>>>>
>>>> _______________________________________________
>>>> Do not post admin requests to the list. They will be ignored.
>>>> Macos-x-server mailing list      ([hidden email])
>>>> Help/Unsubscribe/Update your Subscription:
>>>> https://lists.apple.com/mailman/options/macos-x-server/newslists%40autonomy.caltech.edu
>>>>
>>>> This email sent to [hidden email]
>>>
>>>
>>>
>>> _______________________________________________
>>> Do not post admin requests to the list. They will be ignored.
>>> Macos-x-server mailing list      ([hidden email])
>>> Help/Unsubscribe/Update your Subscription:
>>> https://lists.apple.com/mailman/options/macos-x-server/stuart%40toucancomputing.co.uk
>>>
>>> This email sent to [hidden email]
>


 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list      ([hidden email])
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/macos-x-server/lists%2Bs10970n2h62%40n7.nabble.com

This email sent to [hidden email]
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: SMTP relays using MAC address?

Carl Hoefs
In reply to this post by Carl Hoefs
I've set the mail server up with no relay restrictions checked at all (in Server Admin), but offsite emails from our users routing through our mail server are still blocked.

Oct 28 19:36:3 postfix/smtpd[18991]: NOQUEUE: reject: RCPT from mobile-166-137-182-108.mycingular.net[166.137.182.108]: 554 5.7.1: Relay access denied; proto=ESMTP helo=<[172.20.10.2]>

I have enabled SMTP authentication (Kerberos, CRAM-MD5, Login, PLAIN), and the users are using CRAM-MD5. What more do I need to do to enable 'default' SMTP authentication relaying?

- Carl


On Oct 21, 2013, at 10:10 AM, Carl Hoefs <[hidden email]> wrote:

> Thanks for all the great suggestions. I was misinformed about the MAC address, but the SMTP authentication looks to be the most straightforward way to go. Is that possible in OSXS SL?
>
> - Carl
>
>
> On Oct 21, 2013, at 9:59 AM, Stuart Ramdeen <[hidden email]> wrote:
>
>> Hi Carl
>>
>> I don't think any version of OS X server will support this. The mail server processes do not know anything about or interact with MAC (network layer 2) addresses and expect to communicate with clients and other servers using IP addresses (layer 3).
>> To support your mobile users and allow them to send via your Mac OS X server while off your network you have two options - have them use smtp authentication (enabled by default), or have them VPN to the server/network. The former is the most popular and convenient for both the users and you as the admin. Using either of these options, your users will be able to send from any IP address they happen to pick up while out and about.
>>
>> Regards
>> Stuart
>>
>> Sent from my Spectrum +3
>>
>>> On 21 Oct 2013, at 17:47, Carl Hoefs <[hidden email]> wrote:
>>>
>>> Sorry if I wasn't too clear in my original post. The issue I'm having is that the SL OSXS mail server can be set up to restrict remote SMTP relaying of emails by IP address, but not by MAC hardware address. In Server Admin, under Mail --> Relay, there's a list of IP addresses one can add to, titled "Accept SMTP relays only from these hosts and networks:". That works fine for what it is, but if someone is on the road and is coming in on a dynamic IP address, it would be nice to have it look at his laptop's MAC address instead. I'm hoping that a more recent version of OSXS supports this concept?
>>>
>>> - Carl
>>>
>>>> On Oct 21, 2013, at 3:55 AM, Ansgar Wiechers <[hidden email]> wrote:
>>>>
>>>>> On 2013-10-20 Carl Hoefs wrote:
>>>>> We have a mail server running OSXS 10.6.8 SL, and we're thinking of
>>>>> upgrading it to Mavericks (or at least to ML).
>>>>> Does anyone know if either one supports SMTP relays using MAC address?
>>>>
>>>> That question doesn't make sense. SMTP doesn't operate on the data-link
>>>> layer. What real-world problem are you trying to solve?
>>>>
>>>> Besides, AFAIK Mountain Lion still comes with Postfix as its MTA, so if
>>>> whatever you're trying to do worked before, it should work after as
>>>> well.
>>>>
>>>> Regards
>>>> Ansgar Wiechers
>>>> --
>>>> "Another option [for defragmentation] is to back up your important files,
>>>> erase the hard disk, then reinstall Mac OS X and your backed up files."
>>>> --http://docs.info.apple.com/article.html?artnum=25668
>>>>
>>>> _______________________________________________
>>>> Do not post admin requests to the list. They will be ignored.
>>>> Macos-x-server mailing list      ([hidden email])
>>>> Help/Unsubscribe/Update your Subscription:
>>>> https://lists.apple.com/mailman/options/macos-x-server/newslists%40autonomy.caltech.edu
>>>>
>>>> This email sent to [hidden email]
>>>
>>>
>>>
>>> _______________________________________________
>>> Do not post admin requests to the list. They will be ignored.
>>> Macos-x-server mailing list      ([hidden email])
>>> Help/Unsubscribe/Update your Subscription:
>>> https://lists.apple.com/mailman/options/macos-x-server/stuart%40toucancomputing.co.uk
>>>
>>> This email sent to [hidden email]
>


 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list      ([hidden email])
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/macos-x-server/lists%2Bs10970n2h62%40n7.nabble.com

This email sent to [hidden email]
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: SMTP relays using MAC address?

David Haines-2
Even though this list is officially dead (wish it were otherwise)…

Please post the unedited result of (via the Terminal on the sever):

postconf -n

as well as

grep -A8 ^submission /etc/postfix/master.cf

The numeric helo seems odd, is the client connecting over vpn ? Looks that way.
I suggest setting up and having your clients use the submission port (with SSL),
as that can afford you far greater restrictions for regular smtp transactions vs. accepted/known & permitted client connections.
I'm not sure if it was enabled as a default in 10.6 server.

That and/or see http://downloads.topicdesk.com/docs/Frontline_Spam_Defense_for_Mail_in_Mac_OS_X.pdf
(No affiliation).

On Oct 28, 2013, at 11:02 PM, Carl Hoefs <[hidden email]> wrote:

> I've set the mail server up with no relay restrictions checked at all (in Server Admin), but offsite emails from our users routing through our mail server are still blocked.
>
> Oct 28 19:36:3 postfix/smtpd[18991]: NOQUEUE: reject: RCPT from mobile-166-137-182-108.mycingular.net[166.137.182.108]: 554 5.7.1: Relay access denied; proto=ESMTP helo=<[172.20.10.2]>
>
> I have enabled SMTP authentication (Kerberos, CRAM-MD5, Login, PLAIN), and the users are using CRAM-MD5. What more do I need to do to enable 'default' SMTP authentication relaying?
>
> - Carl
>
>
> On Oct 21, 2013, at 10:10 AM, Carl Hoefs <[hidden email]> wrote:
>
>> Thanks for all the great suggestions. I was misinformed about the MAC address, but the SMTP authentication looks to be the most straightforward way to go. Is that possible in OSXS SL?
>>
>> - Carl
>>
>>
>> On Oct 21, 2013, at 9:59 AM, Stuart Ramdeen <[hidden email]> wrote:
>>
>>> Hi Carl
>>>
>>> I don't think any version of OS X server will support this. The mail server processes do not know anything about or interact with MAC (network layer 2) addresses and expect to communicate with clients and other servers using IP addresses (layer 3).
>>> To support your mobile users and allow them to send via your Mac OS X server while off your network you have two options - have them use smtp authentication (enabled by default), or have them VPN to the server/network. The former is the most popular and convenient for both the users and you as the admin. Using either of these options, your users will be able to send from any IP address they happen to pick up while out and about.
>>>
>>> Regards
>>> Stuart
>>>
>>> Sent from my Spectrum +3
>>>
>>>> On 21 Oct 2013, at 17:47, Carl Hoefs <[hidden email]> wrote:
>>>>
>>>> Sorry if I wasn't too clear in my original post. The issue I'm having is that the SL OSXS mail server can be set up to restrict remote SMTP relaying of emails by IP address, but not by MAC hardware address. In Server Admin, under Mail --> Relay, there's a list of IP addresses one can add to, titled "Accept SMTP relays only from these hosts and networks:". That works fine for what it is, but if someone is on the road and is coming in on a dynamic IP address, it would be nice to have it look at his laptop's MAC address instead. I'm hoping that a more recent version of OSXS supports this concept?
>>>>
>>>> - Carl
>>>>
>>>>> On Oct 21, 2013, at 3:55 AM, Ansgar Wiechers <[hidden email]> wrote:
>>>>>
>>>>>> On 2013-10-20 Carl Hoefs wrote:
>>>>>> We have a mail server running OSXS 10.6.8 SL, and we're thinking of
>>>>>> upgrading it to Mavericks (or at least to ML).
>>>>>> Does anyone know if either one supports SMTP relays using MAC address?
>>>>>
>>>>> That question doesn't make sense. SMTP doesn't operate on the data-link
>>>>> layer. What real-world problem are you trying to solve?
>>>>>
>>>>> Besides, AFAIK Mountain Lion still comes with Postfix as its MTA, so if
>>>>> whatever you're trying to do worked before, it should work after as
>>>>> well.
>>>>>
>>>>> Regards
>>>>> Ansgar Wiechers
>>>>> --
>>>>> "Another option [for defragmentation] is to back up your important files,
>>>>> erase the hard disk, then reinstall Mac OS X and your backed up files."
>>>>> --http://docs.info.apple.com/article.html?artnum=25668
>>>>>
>>>>> _______________________________________________
>>>>> Do not post admin requests to the list. They will be ignored.
>>>>> Macos-x-server mailing list      ([hidden email])
>>>>> Help/Unsubscribe/Update your Subscription:
>>>>> https://lists.apple.com/mailman/options/macos-x-server/newslists%40autonomy.caltech.edu
>>>>>
>>>>> This email sent to [hidden email]
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Do not post admin requests to the list. They will be ignored.
>>>> Macos-x-server mailing list      ([hidden email])
>>>> Help/Unsubscribe/Update your Subscription:
>>>> https://lists.apple.com/mailman/options/macos-x-server/stuart%40toucancomputing.co.uk
>>>>
>>>> This email sent to [hidden email]
>>
>
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Macos-x-server mailing list      ([hidden email])
> Help/Unsubscribe/Update your Subscription:
> https://lists.apple.com/mailman/options/macos-x-server/macosxforme%40gmail.com
>
> This email sent to [hidden email]



 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list      ([hidden email])
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/macos-x-server/lists%2Bs10970n2h62%40n7.nabble.com

This email sent to [hidden email]
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: SMTP relays using MAC address?

Carl Hoefs
David,

1) Here is the postconf info:

$ postconf -n
biff = no
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
enable_server_options = yes
header_checks =
html_directory = /usr/share/doc/postfix/html
inet_interfaces = all
mail_owner = _postfix
mailbox_size_limit = 0
mailbox_transport = dovecot
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
maps_rbl_domains =
message_size_limit = 536870912
mydomain = caltech.edu
mydomain_fallback = localhost
myhostname = autonomy.caltech.edu
mynetworks = 127.0.0.0/8
newaliases_path = /usr/bin/newaliases
queue_directory = /private/var/spool/postfix
readme_directory = /usr/share/doc/postfix
recipient_delimiter = +
relayhost =
sample_directory = /usr/share/doc/postfix/examples
sendmail_path = /usr/sbin/sendmail
setgid_group = _postdrop
smtp_sasl_password_maps =
smtpd_client_restrictions = permit_mynetworks permit_sasl_authenticated permit
smtpd_enforce_tls = no
smtpd_helo_required = no
smtpd_helo_restrictions =
smtpd_pw_server_security_options = cram-md5,gssapi,login,plain
smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks  reject_unauth_destination permit
smtpd_sasl_auth_enable = yes
smtpd_tls_CAfile = /etc/certificates/autonomy.caltech.edu.D92F18CE0743C15AF57D665F76CE1FA149B5AF3B.chain.pem
smtpd_tls_cert_file = /etc/certificates/autonomy.caltech.edu.D92F18CE0743C15AF57D665F76CE1FA149B5AF3B.cert.pem
smtpd_tls_exclude_ciphers = SSLv2, aNULL, ADH, eNULL
smtpd_tls_key_file = /etc/certificates/autonomy.caltech.edu.D92F18CE0743C15AF57D665F76CE1FA149B5AF3B.key.pem
smtpd_tls_loglevel = 0
smtpd_use_pw_server = yes
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
virtual_alias_maps = $virtual_maps

2) Here is the result of the grep:

$ grep -A8 ^submission /etc/postfix/master.cf
submission inet n       -       n       -       -       smtpd
  -o smtpd_tls_security_level=encrypt
smtp      unix  -       -       n       -       -       smtp
# === End auto-generated section ===========================================


Thanks,
- Carl




On Nov 3, 2013, at 12:14 PM, David Haines <[hidden email]> wrote:

> Even though this list is officially dead (wish it were otherwise)…
>
> Please post the unedited result of (via the Terminal on the sever):
>
> postconf -n
>
> as well as
>
> grep -A8 ^submission /etc/postfix/master.cf
>
> The numeric helo seems odd, is the client connecting over vpn ? Looks that way.
> I suggest setting up and having your clients use the submission port (with SSL),
> as that can afford you far greater restrictions for regular smtp transactions vs. accepted/known & permitted client connections.
> I'm not sure if it was enabled as a default in 10.6 server.
>
> That and/or see http://downloads.topicdesk.com/docs/Frontline_Spam_Defense_for_Mail_in_Mac_OS_X.pdf
> (No affiliation).
>
> On Oct 28, 2013, at 11:02 PM, Carl Hoefs <[hidden email]> wrote:
>
>> I've set the mail server up with no relay restrictions checked at all (in Server Admin), but offsite emails from our users routing through our mail server are still blocked.
>>
>> Oct 28 19:36:3 postfix/smtpd[18991]: NOQUEUE: reject: RCPT from mobile-166-137-182-108.mycingular.net[166.137.182.108]: 554 5.7.1: Relay access denied; proto=ESMTP helo=<[172.20.10.2]>
>>
>> I have enabled SMTP authentication (Kerberos, CRAM-MD5, Login, PLAIN), and the users are using CRAM-MD5. What more do I need to do to enable 'default' SMTP authentication relaying?
>>
>> - Carl
>>
>>
>> On Oct 21, 2013, at 10:10 AM, Carl Hoefs <[hidden email]> wrote:
>>
>>> Thanks for all the great suggestions. I was misinformed about the MAC address, but the SMTP authentication looks to be the most straightforward way to go. Is that possible in OSXS SL?
>>>
>>> - Carl
>>>
>>>
>>> On Oct 21, 2013, at 9:59 AM, Stuart Ramdeen <[hidden email]> wrote:
>>>
>>>> Hi Carl
>>>>
>>>> I don't think any version of OS X server will support this. The mail server processes do not know anything about or interact with MAC (network layer 2) addresses and expect to communicate with clients and other servers using IP addresses (layer 3).
>>>> To support your mobile users and allow them to send via your Mac OS X server while off your network you have two options - have them use smtp authentication (enabled by default), or have them VPN to the server/network. The former is the most popular and convenient for both the users and you as the admin. Using either of these options, your users will be able to send from any IP address they happen to pick up while out and about.
>>>>
>>>> Regards
>>>> Stuart
>>>>
>>>> Sent from my Spectrum +3
>>>>
>>>>> On 21 Oct 2013, at 17:47, Carl Hoefs <[hidden email]> wrote:
>>>>>
>>>>> Sorry if I wasn't too clear in my original post. The issue I'm having is that the SL OSXS mail server can be set up to restrict remote SMTP relaying of emails by IP address, but not by MAC hardware address. In Server Admin, under Mail --> Relay, there's a list of IP addresses one can add to, titled "Accept SMTP relays only from these hosts and networks:". That works fine for what it is, but if someone is on the road and is coming in on a dynamic IP address, it would be nice to have it look at his laptop's MAC address instead. I'm hoping that a more recent version of OSXS supports this concept?
>>>>>
>>>>> - Carl
>>>>>
>>>>>> On Oct 21, 2013, at 3:55 AM, Ansgar Wiechers <[hidden email]> wrote:
>>>>>>
>>>>>>> On 2013-10-20 Carl Hoefs wrote:
>>>>>>> We have a mail server running OSXS 10.6.8 SL, and we're thinking of
>>>>>>> upgrading it to Mavericks (or at least to ML).
>>>>>>> Does anyone know if either one supports SMTP relays using MAC address?
>>>>>>
>>>>>> That question doesn't make sense. SMTP doesn't operate on the data-link
>>>>>> layer. What real-world problem are you trying to solve?
>>>>>>
>>>>>> Besides, AFAIK Mountain Lion still comes with Postfix as its MTA, so if
>>>>>> whatever you're trying to do worked before, it should work after as
>>>>>> well.
>>>>>>
>>>>>> Regards
>>>>>> Ansgar Wiechers
>>>>>> --
>>>>>> "Another option [for defragmentation] is to back up your important files,
>>>>>> erase the hard disk, then reinstall Mac OS X and your backed up files."
>>>>>> --http://docs.info.apple.com/article.html?artnum=25668
>>>>>>
>>>>>> _______________________________________________
>>>>>> Do not post admin requests to the list. They will be ignored.
>>>>>> Macos-x-server mailing list      ([hidden email])
>>>>>> Help/Unsubscribe/Update your Subscription:
>>>>>> https://lists.apple.com/mailman/options/macos-x-server/newslists%40autonomy.caltech.edu
>>>>>>
>>>>>> This email sent to [hidden email]
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Do not post admin requests to the list. They will be ignored.
>>>>> Macos-x-server mailing list      ([hidden email])
>>>>> Help/Unsubscribe/Update your Subscription:
>>>>> https://lists.apple.com/mailman/options/macos-x-server/stuart%40toucancomputing.co.uk
>>>>>
>>>>> This email sent to [hidden email]
>>>
>>
>>
>> _______________________________________________
>> Do not post admin requests to the list. They will be ignored.
>> Macos-x-server mailing list      ([hidden email])
>> Help/Unsubscribe/Update your Subscription:
>> https://lists.apple.com/mailman/options/macos-x-server/macosxforme%40gmail.com
>>
>> This email sent to [hidden email]
>



 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list      ([hidden email])
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/macos-x-server/lists%2Bs10970n2h62%40n7.nabble.com

This email sent to [hidden email]
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: SMTP relays using MAC address?

Olivier DUCROT-2
You should not accept relay on port 25.
You should configure postfix to accept connection on port 587, where you could configure your exceptions and better way configure authenticated SMTP connections.

in master.cf, something like :

# Port MSA (RFC 2476)
587      inet  n       -       n       -       -       smtpd
        -o smtpd_enforce_tls=no
        -o smtpd_sasl_auth_enable=yes
        -o smtpd_client_restrictions=permit_sasl_authenticated,reject
        -o smtpd_helo_required=yes
        -o smtpd_helo_restrictions=



Le 4 nov. 2013 à 04:38, Carl Hoefs <[hidden email]> a écrit :

> David,
>
> 1) Here is the postconf info:
>
> $ postconf -n
> biff = no
> command_directory = /usr/sbin
> config_directory = /etc/postfix
> content_filter = smtp-amavis:[127.0.0.1]:10024
> daemon_directory = /usr/libexec/postfix
> debug_peer_level = 2
> enable_server_options = yes
> header_checks =
> html_directory = /usr/share/doc/postfix/html
> inet_interfaces = all
> mail_owner = _postfix
> mailbox_size_limit = 0
> mailbox_transport = dovecot
> mailq_path = /usr/bin/mailq
> manpage_directory = /usr/share/man
> maps_rbl_domains =
> message_size_limit = 536870912
> mydomain = caltech.edu
> mydomain_fallback = localhost
> myhostname = autonomy.caltech.edu
> mynetworks = 127.0.0.0/8
> newaliases_path = /usr/bin/newaliases
> queue_directory = /private/var/spool/postfix
> readme_directory = /usr/share/doc/postfix
> recipient_delimiter = +
> relayhost =
> sample_directory = /usr/share/doc/postfix/examples
> sendmail_path = /usr/sbin/sendmail
> setgid_group = _postdrop
> smtp_sasl_password_maps =
> smtpd_client_restrictions = permit_mynetworks permit_sasl_authenticated permit
> smtpd_enforce_tls = no
> smtpd_helo_required = no
> smtpd_helo_restrictions =
> smtpd_pw_server_security_options = cram-md5,gssapi,login,plain
> smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks  reject_unauth_destination permit
> smtpd_sasl_auth_enable = yes
> smtpd_tls_CAfile = /etc/certificates/autonomy.caltech.edu.D92F18CE0743C15AF57D665F76CE1FA149B5AF3B.chain.pem
> smtpd_tls_cert_file = /etc/certificates/autonomy.caltech.edu.D92F18CE0743C15AF57D665F76CE1FA149B5AF3B.cert.pem
> smtpd_tls_exclude_ciphers = SSLv2, aNULL, ADH, eNULL
> smtpd_tls_key_file = /etc/certificates/autonomy.caltech.edu.D92F18CE0743C15AF57D665F76CE1FA149B5AF3B.key.pem
> smtpd_tls_loglevel = 0
> smtpd_use_pw_server = yes
> smtpd_use_tls = yes
> tls_random_source = dev:/dev/urandom
> unknown_local_recipient_reject_code = 550
> virtual_alias_maps = $virtual_maps
>
> 2) Here is the result of the grep:
>
> $ grep -A8 ^submission /etc/postfix/master.cf
> submission inet n       -       n       -       -       smtpd
>  -o smtpd_tls_security_level=encrypt
> smtp      unix  -       -       n       -       -       smtp
> # === End auto-generated section ===========================================
>
>
> Thanks,
> - Carl
>
>
>
>
> On Nov 3, 2013, at 12:14 PM, David Haines <[hidden email]> wrote:
>
>> Even though this list is officially dead (wish it were otherwise)…
>>
>> Please post the unedited result of (via the Terminal on the sever):
>>
>> postconf -n
>>
>> as well as
>>
>> grep -A8 ^submission /etc/postfix/master.cf
>>
>> The numeric helo seems odd, is the client connecting over vpn ? Looks that way.
>> I suggest setting up and having your clients use the submission port (with SSL),
>> as that can afford you far greater restrictions for regular smtp transactions vs. accepted/known & permitted client connections.
>> I'm not sure if it was enabled as a default in 10.6 server.
>>
>> That and/or see http://downloads.topicdesk.com/docs/Frontline_Spam_Defense_for_Mail_in_Mac_OS_X.pdf
>> (No affiliation).
>>
>> On Oct 28, 2013, at 11:02 PM, Carl Hoefs <[hidden email]> wrote:
>>
>>> I've set the mail server up with no relay restrictions checked at all (in Server Admin), but offsite emails from our users routing through our mail server are still blocked.
>>>
>>> Oct 28 19:36:3 postfix/smtpd[18991]: NOQUEUE: reject: RCPT from mobile-166-137-182-108.mycingular.net[166.137.182.108]: 554 5.7.1: Relay access denied; proto=ESMTP helo=<[172.20.10.2]>
>>>
>>> I have enabled SMTP authentication (Kerberos, CRAM-MD5, Login, PLAIN), and the users are using CRAM-MD5. What more do I need to do to enable 'default' SMTP authentication relaying?
>>>
>>> - Carl
>>>
>>>
>>> On Oct 21, 2013, at 10:10 AM, Carl Hoefs <[hidden email]> wrote:
>>>
>>>> Thanks for all the great suggestions. I was misinformed about the MAC address, but the SMTP authentication looks to be the most straightforward way to go. Is that possible in OSXS SL?
>>>>
>>>> - Carl
>>>>
>>>>
>>>> On Oct 21, 2013, at 9:59 AM, Stuart Ramdeen <[hidden email]> wrote:
>>>>
>>>>> Hi Carl
>>>>>
>>>>> I don't think any version of OS X server will support this. The mail server processes do not know anything about or interact with MAC (network layer 2) addresses and expect to communicate with clients and other servers using IP addresses (layer 3).
>>>>> To support your mobile users and allow them to send via your Mac OS X server while off your network you have two options - have them use smtp authentication (enabled by default), or have them VPN to the server/network. The former is the most popular and convenient for both the users and you as the admin. Using either of these options, your users will be able to send from any IP address they happen to pick up while out and about.
>>>>>
>>>>> Regards
>>>>> Stuart
>>>>>
>>>>> Sent from my Spectrum +3
>>>>>
>>>>>> On 21 Oct 2013, at 17:47, Carl Hoefs <[hidden email]> wrote:
>>>>>>
>>>>>> Sorry if I wasn't too clear in my original post. The issue I'm having is that the SL OSXS mail server can be set up to restrict remote SMTP relaying of emails by IP address, but not by MAC hardware address. In Server Admin, under Mail --> Relay, there's a list of IP addresses one can add to, titled "Accept SMTP relays only from these hosts and networks:". That works fine for what it is, but if someone is on the road and is coming in on a dynamic IP address, it would be nice to have it look at his laptop's MAC address instead. I'm hoping that a more recent version of OSXS supports this concept?
>>>>>>
>>>>>> - Carl
>>>>>>
>>>>>>> On Oct 21, 2013, at 3:55 AM, Ansgar Wiechers <[hidden email]> wrote:
>>>>>>>
>>>>>>>> On 2013-10-20 Carl Hoefs wrote:
>>>>>>>> We have a mail server running OSXS 10.6.8 SL, and we're thinking of
>>>>>>>> upgrading it to Mavericks (or at least to ML).
>>>>>>>> Does anyone know if either one supports SMTP relays using MAC address?
>>>>>>>
>>>>>>> That question doesn't make sense. SMTP doesn't operate on the data-link
>>>>>>> layer. What real-world problem are you trying to solve?
>>>>>>>
>>>>>>> Besides, AFAIK Mountain Lion still comes with Postfix as its MTA, so if
>>>>>>> whatever you're trying to do worked before, it should work after as
>>>>>>> well.
>>>>>>>
>>>>>>> Regards
>>>>>>> Ansgar Wiechers
>>>>>>> --
>>>>>>> "Another option [for defragmentation] is to back up your important files,
>>>>>>> erase the hard disk, then reinstall Mac OS X and your backed up files."
>>>>>>> --http://docs.info.apple.com/article.html?artnum=25668
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Do not post admin requests to the list. They will be ignored.
>>>>>>> Macos-x-server mailing list      ([hidden email])
>>>>>>> Help/Unsubscribe/Update your Subscription:
>>>>>>> https://lists.apple.com/mailman/options/macos-x-server/newslists%40autonomy.caltech.edu
>>>>>>>
>>>>>>> This email sent to [hidden email]
>>>>>>
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Do not post admin requests to the list. They will be ignored.
>>>>>> Macos-x-server mailing list      ([hidden email])
>>>>>> Help/Unsubscribe/Update your Subscription:
>>>>>> https://lists.apple.com/mailman/options/macos-x-server/stuart%40toucancomputing.co.uk
>>>>>>
>>>>>> This email sent to [hidden email]
>>>>
>>>
>>>
>>> _______________________________________________
>>> Do not post admin requests to the list. They will be ignored.
>>> Macos-x-server mailing list      ([hidden email])
>>> Help/Unsubscribe/Update your Subscription:
>>> https://lists.apple.com/mailman/options/macos-x-server/macosxforme%40gmail.com
>>>
>>> This email sent to [hidden email]
>>
>
>
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Macos-x-server mailing list      ([hidden email])
> Help/Unsubscribe/Update your Subscription:
> https://lists.apple.com/mailman/options/macos-x-server/odlists%40easymac.fr
>
> This email sent to [hidden email]


 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list      ([hidden email])
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/macos-x-server/lists%2Bs10970n2h62%40n7.nabble.com

This email sent to [hidden email]
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: SMTP relays using MAC address?

Carl Hoefs
Olivier, David,

I _finally_ managed to get some downtime scheduled. I made all the changes you two recommended. Everything works now, and the users are able to access/send IMAP email remotely through our server based on authentication, regardless of originating IP address -- except I had to use port 143. When I set the mail accounts to use port 587 (and modified master.cf as below) I would get errors in the mail log and the clients weren't able to connect.

Nov 25 17:41:22 postfix/smtpd[1347]: NOQUEUE: reject RCPT from 76-246-76-138.lightspeed.irvnca.sbcglobal.net[76.246.76.138]: 554 5.7.1 < 76-246-76-138.lightspeed.irvnca.sbcglobal.net[76.246.76.138]>: Client host rejected: Access denied; proto=ESMTP helo=<centauri.att.net>

Using port 143 works, so that's what I went with.
Thanks for all the help!

- Carl


On Nov 11, 2013, at 4:25 AM, Olivier DUCROT <[hidden email]> wrote:

> You should not accept relay on port 25.
> You should configure postfix to accept connection on port 587, where you could configure your exceptions and better way configure authenticated SMTP connections.
>
> in master.cf, something like :
>
> # Port MSA (RFC 2476)
> 587      inet  n       -       n       -       -       smtpd
>         -o smtpd_enforce_tls=no
>         -o smtpd_sasl_auth_enable=yes
> -o smtpd_client_restrictions=permit_sasl_authenticated,reject
> -o smtpd_helo_required=yes
> -o smtpd_helo_restrictions=
>
>
>
> Le 4 nov. 2013 à 04:38, Carl Hoefs <[hidden email]> a écrit :
>
>> David,
>>
>> 1) Here is the postconf info:
>>
>> $ postconf -n
>> biff = no
>> command_directory = /usr/sbin
>> config_directory = /etc/postfix
>> content_filter = smtp-amavis:[127.0.0.1]:10024
>> daemon_directory = /usr/libexec/postfix
>> debug_peer_level = 2
>> enable_server_options = yes
>> header_checks =
>> html_directory = /usr/share/doc/postfix/html
>> inet_interfaces = all
>> mail_owner = _postfix
>> mailbox_size_limit = 0
>> mailbox_transport = dovecot
>> mailq_path = /usr/bin/mailq
>> manpage_directory = /usr/share/man
>> maps_rbl_domains =
>> message_size_limit = 536870912
>> mydomain = caltech.edu
>> mydomain_fallback = localhost
>> myhostname = autonomy.caltech.edu
>> mynetworks = 127.0.0.0/8
>> newaliases_path = /usr/bin/newaliases
>> queue_directory = /private/var/spool/postfix
>> readme_directory = /usr/share/doc/postfix
>> recipient_delimiter = +
>> relayhost =
>> sample_directory = /usr/share/doc/postfix/examples
>> sendmail_path = /usr/sbin/sendmail
>> setgid_group = _postdrop
>> smtp_sasl_password_maps =
>> smtpd_client_restrictions = permit_mynetworks permit_sasl_authenticated permit
>> smtpd_enforce_tls = no
>> smtpd_helo_required = no
>> smtpd_helo_restrictions =
>> smtpd_pw_server_security_options = cram-md5,gssapi,login,plain
>> smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks  reject_unauth_destination permit
>> smtpd_sasl_auth_enable = yes
>> smtpd_tls_CAfile = /etc/certificates/autonomy.caltech.edu.D92F18CE0743C15AF57D665F76CE1FA149B5AF3B.chain.pem
>> smtpd_tls_cert_file = /etc/certificates/autonomy.caltech.edu.D92F18CE0743C15AF57D665F76CE1FA149B5AF3B.cert.pem
>> smtpd_tls_exclude_ciphers = SSLv2, aNULL, ADH, eNULL
>> smtpd_tls_key_file = /etc/certificates/autonomy.caltech.edu.D92F18CE0743C15AF57D665F76CE1FA149B5AF3B.key.pem
>> smtpd_tls_loglevel = 0
>> smtpd_use_pw_server = yes
>> smtpd_use_tls = yes
>> tls_random_source = dev:/dev/urandom
>> unknown_local_recipient_reject_code = 550
>> virtual_alias_maps = $virtual_maps
>>
>> 2) Here is the result of the grep:
>>
>> $ grep -A8 ^submission /etc/postfix/master.cf
>> submission inet n       -       n       -       -       smtpd
>>  -o smtpd_tls_security_level=encrypt
>> smtp      unix  -       -       n       -       -       smtp
>> # === End auto-generated section ===========================================
>>
>>
>> Thanks,
>> - Carl
>>
>>
>>
>>
>> On Nov 3, 2013, at 12:14 PM, David Haines <[hidden email]> wrote:
>>
>>> Even though this list is officially dead (wish it were otherwise)…
>>>
>>> Please post the unedited result of (via the Terminal on the sever):
>>>
>>> postconf -n
>>>
>>> as well as
>>>
>>> grep -A8 ^submission /etc/postfix/master.cf
>>>
>>> The numeric helo seems odd, is the client connecting over vpn ? Looks that way.
>>> I suggest setting up and having your clients use the submission port (with SSL),
>>> as that can afford you far greater restrictions for regular smtp transactions vs. accepted/known & permitted client connections.
>>> I'm not sure if it was enabled as a default in 10.6 server.
>>>
>>> That and/or see http://downloads.topicdesk.com/docs/Frontline_Spam_Defense_for_Mail_in_Mac_OS_X.pdf
>>> (No affiliation).
>>>
>>> On Oct 28, 2013, at 11:02 PM, Carl Hoefs <[hidden email]> wrote:
>>>
>>>> I've set the mail server up with no relay restrictions checked at all (in Server Admin), but offsite emails from our users routing through our mail server are still blocked.
>>>>
>>>> Oct 28 19:36:3 postfix/smtpd[18991]: NOQUEUE: reject: RCPT from mobile-166-137-182-108.mycingular.net[166.137.182.108]: 554 5.7.1: Relay access denied; proto=ESMTP helo=<[172.20.10.2]>
>>>>
>>>> I have enabled SMTP authentication (Kerberos, CRAM-MD5, Login, PLAIN), and the users are using CRAM-MD5. What more do I need to do to enable 'default' SMTP authentication relaying?
>>>>
>>>> - Carl
>>>>
>>>>
>>>> On Oct 21, 2013, at 10:10 AM, Carl Hoefs <[hidden email]> wrote:
>>>>
>>>>> Thanks for all the great suggestions. I was misinformed about the MAC address, but the SMTP authentication looks to be the most straightforward way to go. Is that possible in OSXS SL?
>>>>>
>>>>> - Carl
>>>>>
>>>>>
>>>>> On Oct 21, 2013, at 9:59 AM, Stuart Ramdeen <[hidden email]> wrote:
>>>>>
>>>>>> Hi Carl
>>>>>>
>>>>>> I don't think any version of OS X server will support this. The mail server processes do not know anything about or interact with MAC (network layer 2) addresses and expect to communicate with clients and other servers using IP addresses (layer 3).
>>>>>> To support your mobile users and allow them to send via your Mac OS X server while off your network you have two options - have them use smtp authentication (enabled by default), or have them VPN to the server/network. The former is the most popular and convenient for both the users and you as the admin. Using either of these options, your users will be able to send from any IP address they happen to pick up while out and about.
>>>>>>
>>>>>> Regards
>>>>>> Stuart
>>>>>>
>>>>>> Sent from my Spectrum +3
>>>>>>
>>>>>>> On 21 Oct 2013, at 17:47, Carl Hoefs <[hidden email]> wrote:
>>>>>>>
>>>>>>> Sorry if I wasn't too clear in my original post. The issue I'm having is that the SL OSXS mail server can be set up to restrict remote SMTP relaying of emails by IP address, but not by MAC hardware address. In Server Admin, under Mail --> Relay, there's a list of IP addresses one can add to, titled "Accept SMTP relays only from these hosts and networks:". That works fine for what it is, but if someone is on the road and is coming in on a dynamic IP address, it would be nice to have it look at his laptop's MAC address instead. I'm hoping that a more recent version of OSXS supports this concept?
>>>>>>>
>>>>>>> - Carl
>>>>>>>
>>>>>>>> On Oct 21, 2013, at 3:55 AM, Ansgar Wiechers <[hidden email]> wrote:
>>>>>>>>
>>>>>>>>> On 2013-10-20 Carl Hoefs wrote:
>>>>>>>>> We have a mail server running OSXS 10.6.8 SL, and we're thinking of
>>>>>>>>> upgrading it to Mavericks (or at least to ML).
>>>>>>>>> Does anyone know if either one supports SMTP relays using MAC address?
>>>>>>>>
>>>>>>>> That question doesn't make sense. SMTP doesn't operate on the data-link
>>>>>>>> layer. What real-world problem are you trying to solve?
>>>>>>>>
>>>>>>>> Besides, AFAIK Mountain Lion still comes with Postfix as its MTA, so if
>>>>>>>> whatever you're trying to do worked before, it should work after as
>>>>>>>> well.
>>>>>>>>
>>>>>>>> Regards
>>>>>>>> Ansgar Wiechers
>>>>>>>> --
>>>>>>>> "Another option [for defragmentation] is to back up your important files,
>>>>>>>> erase the hard disk, then reinstall Mac OS X and your backed up files."
>>>>>>>> --http://docs.info.apple.com/article.html?artnum=25668
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> Do not post admin requests to the list. They will be ignored.
>>>>>>>> Macos-x-server mailing list      ([hidden email])
>>>>>>>> Help/Unsubscribe/Update your Subscription:
>>>>>>>> https://lists.apple.com/mailman/options/macos-x-server/newslists%40autonomy.caltech.edu
>>>>>>>>
>>>>>>>> This email sent to [hidden email]
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Do not post admin requests to the list. They will be ignored.
>>>>>>> Macos-x-server mailing list      ([hidden email])
>>>>>>> Help/Unsubscribe/Update your Subscription:
>>>>>>> https://lists.apple.com/mailman/options/macos-x-server/stuart%40toucancomputing.co.uk
>>>>>>>
>>>>>>> This email sent to [hidden email]
>>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Do not post admin requests to the list. They will be ignored.
>>>> Macos-x-server mailing list      ([hidden email])
>>>> Help/Unsubscribe/Update your Subscription:
>>>> https://lists.apple.com/mailman/options/macos-x-server/macosxforme%40gmail.com
>>>>
>>>> This email sent to [hidden email]
>>>
>>
>>
>>
>> _______________________________________________
>> Do not post admin requests to the list. They will be ignored.
>> Macos-x-server mailing list      ([hidden email])
>> Help/Unsubscribe/Update your Subscription:
>> https://lists.apple.com/mailman/options/macos-x-server/odlists%40easymac.fr
>>
>> This email sent to [hidden email]
>


 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list      ([hidden email])
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/macos-x-server/lists%2Bs10970n2h62%40n7.nabble.com

This email sent to [hidden email]
Loading...