Postix - Relay access permit per domain

jackbuilder
jackbuilder used Ask the Experts™
on
I have installed a mail server with Postfix 2.3.8-2+b1 on a Linux Debian Sarge server.
I have enabled the sasl auth, but I want to disable the authentication method for some domains. How can I do it?
I attach the content of my main.cf file
# see /usr/share/postfix/main.cf.dist for a commented, fuller
# version of this file.
 
queue_directory = /var/spool/postfix
 
# Modificaciones para evitar la lentidud de los spam
minimal_backoff_time = 6h 
maximal_backoff_time = 11h 
default_process_limit = 300
bounce_queue_lifetime = 12h
max_servers = 20
 
# Mínimo id de usuario permitido
virtual_minimum_uid = 80
 
# Nombre de host del servidor
myhostname = ...
 
# Do not change these directory settings - they are critical to Postfix
# operation.
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
program_directory = /usr/lib/postfix
setgid_group = postdrop
 
# appending .domain is the MUA's job.
append_dot_mydomain = no
 
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
 
# Uncomment the next line to generate delayed mail warnings
#delay_warning_time = 4h
 
virtual_mailbox_base=/var/mail
virtual_mailbox_maps=mysql:/etc/postfix/mysql_virt.cf
virtual_uid_maps=mysql:/etc/postfix/uids.cf
virtual_gid_maps=mysql:/etc/postfix/gids.cf
transport_maps=mysql:/etc/postfix/transport.cf
virtual_maps =mysql:/etc/postfix/virtual.cf
 
 
# Alias necesarios para el mailman
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
 
# Dominios cuyo correo atiendo
# CTK: Esto seria mas manejable si ponemos
#mydestinations=/etc/postfix/localdomain
# y ponemos los dominios en el fichero, uno por linea...
 
mydestination = ...
 
# Necesario para permitir que nos envíen correos desde fuera de la máquina. No solo desde localhost
#local_recipient_maps =
local_recipient_maps = $virtual_mailbox_maps
 
# Permitimos mensajes mayores de 10mb (enviar y recibir). Por defecto son 10mb
message_size_limit = 10000000
# mailbox_size_limit = 100000000
 
mynetworks = 127.0.0.0/8 ...
 
# Opciones sasl para autenticación smtp
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
# CTK: Configuracion muy restrictiva para evitar la entrada de SPAM
smtpd_helo_required = yes
address_verify_sender = postmaster@...
smtpd_recipient_restrictions =
        reject_non_fqdn_recipient
        reject_non_fqdn_sender
        reject_unknown_sender_domain
        reject_unknown_recipient_domain
        permit_mynetworks
        check_client_access hash:/etc/postfix/access
        permit_sasl_authenticated
        # Si esta maquina NO es MX secundario para otros dominios, descomentar
        # la siguiente linea y comentar la del final.
        reject_unauth_destination
        check_recipient_access  hash:/etc/postfix/roleaccount_exceptions
        check_recipient_access hash:/etc/postfix/filter_recipient_domains
        reject_multi_recipient_bounce
        check_helo_access       pcre:/etc/postfix/helo_checks
        reject_non_fqdn_hostname
        reject_invalid_hostname
        check_sender_mx_access  cidr:/etc/postfix/bogus_mx
        check_sender_access     hash:/etc/postfix/rhsbl_sender_exceptions
        reject_rhsbl_sender     dsn.rfc-ignorants.org
        # Ojo, por motivos de rendimiento puede ser mejor activar la
        # siguiente entrada solo para dominios *sospechosos*
        #reject_unverified_sender
        # Si esta maquina actua de MX secundario de otros dominios,
        # descomentar las siguientes dos lineas y comentar
        # reject_unauth_destination del principio
        #permit_mx_backup
        #reject_unauth_destination
        #check_policy_service unix:postgrey/socket
        permit
 
# Añadido al añadir el mailman
owner_request_special = no
recipient_delimiter = +
unknown_local_recipient_reject_code = 550
 
# Necesario para spamassassin y antivirus
# COMENTAR PARA DESACTIVAR ANTISPAM
content_filter = amavis-smtp:[127.0.0.1]:10024

Open in new window

Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2005
Commented:
> I have enabled the sasl auth, but I want to disable the authentication method for some domains.
You cannot, the authentication takes it's place before sender or recipient is known.

Author

Commented:
OK. Thanks.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial