On Fri, May 25, 2018 at 03:58:59PM +0300, Consus wrote:
> On 14:31 Fri 25 May, Gilles Chehade wrote:
> > On Fri, May 25, 2018 at 02:20:50PM +0200, Walter Alejandro Iglesias wrote:
> > > Could someone tell me if my changes below are OK. :-)
> > >
> > > The part I'm not clear is I read in current.html remote authenticated
> > > users need a explicit rule. Do I need to add some "match auth" rule?
> > >
> >
> > yes.
> >
> > before, "from local" would match authenticated users as if they had sent
> > mail from the local machine but this led to being unable to express some
> > setups where depending on the source you want to relay to different hubs
> > even though users are authenticated.
> >
> >
> > With this:
> >
> > > match from local for local apply local_users
> > > match from any for domain <vdomains> virtual <valiases> apply local_users
> > > match from local sender <addresses> for any apply remote_users
> >
> > you need an additonal rule such as:
> >
> > match auth from any sender <addresses> for any apply remote_users
> >
> >
> > because:
> >
> > > #accept from local sender <addresses> for any relay
> >
> > no longer matches authenticated users
>
> Ain't it "action local_users" instead of "apply local_users"? The man
> page states "action".
I took the "apply" from here:
https://undeadly.org/cgi?action=article;sid=20180430122930
Now reading this:
https://poolp.org/posts/2018-05-21/switching-to-opensmtpd-new-config/
I see I also have to change the "certificate" keyword to "cert" here:
pki $server cert "/etc/ssl/server.crt"
Gilles, I also saw the "ca" directive. I've been using the acme
certificates in pki directives, can I use them in the "ca" directive
too? (any advantage in doing this?)
Walter
No comments:
Post a Comment