On Fri, May 25, 2018 at 09:37:07PM +0200, Walter Alejandro Iglesias wrote:
> On Fri, May 25, 2018 at 03:58:59PM +0300, Consus wrote:
> > On 14:31 Fri 25 May, Gilles Chehade wrote:
> > > On Fri, May 25, 2018 at 02:20:50PM +0200, Walter Alejandro Iglesias wrote:
> > > > Could someone tell me if my changes below are OK. :-)
> > > >
> > > > The part I'm not clear is I read in current.html remote authenticated
> > > > users need a explicit rule. Do I need to add some "match auth" rule?
> > > >
> > >
> > > yes.
> > >
> > > before, "from local" would match authenticated users as if they had sent
> > > mail from the local machine but this led to being unable to express some
> > > setups where depending on the source you want to relay to different hubs
> > > even though users are authenticated.
> > >
> > >
> > > With this:
> > >
> > > > match from local for local apply local_users
> > > > match from any for domain <vdomains> virtual <valiases> apply local_users
> > > > match from local sender <addresses> for any apply remote_users
> > >
> > > you need an additonal rule such as:
> > >
> > > match auth from any sender <addresses> for any apply remote_users
> > >
> > >
> > > because:
> > >
> > > > #accept from local sender <addresses> for any relay
> > >
> > > no longer matches authenticated users
> >
> > Ain't it "action local_users" instead of "apply local_users"? The man
> > page states "action".
>
> I took the "apply" from here:
>
> https://undeadly.org/cgi?action=article;sid=20180430122930
>
> Now reading this:
>
> https://poolp.org/posts/2018-05-21/switching-to-opensmtpd-new-config/
>
> I see I also have to change the "certificate" keyword to "cert" here:
>
> pki $server cert "/etc/ssl/server.crt"
>
>
> Gilles, I also saw the "ca" directive. I've been using the acme
> certificates in pki directives, can I use them in the "ca" directive
> too? (any advantage in doing this?)
>
don't touch a knob if you don't KNOW that you absolutely need it.
I know why some people would like to use a custom CA certificate instead
of the one shipped with the system, I don't know why YOU should do it so
if you are asking I can only guess you are going to break your setup.
--
Gilles Chehade
https://www.poolp.org @poolpOrg
No comments:
Post a Comment