-$config['smtp_server'] = '127.0.0.1';
+$config['smtp_server'] = 'tls://127.0.0.1';
// SMTP port (default is 25; use 587 for STARTTLS or 465 for the
// deprecated SSL over SMTP (aka SMTPS))
$config['smtp_port'] = 587;
// SMTP username (if required) if you use %u as the username Roundcube
// will use the current username for login
-$config['smtp_user'] = '';
+$config['smtp_user'] = '%u';
// SMTP password (if required) if you use %p as the password Roundcube
// will use the current user's password for login
-$config['smtp_pass'] = '';
+$config['smtp_pass'] = '%p';
// SMTP AUTH type (DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN or empty to use
// best server supported one)
-$config['smtp_auth_type'] = '';
+$config['smtp_auth_type'] = 'LOGIN';
after that we must respect the smtpd_sender_login_maps
Dec 13 17:23:01 ns7loc14 postfix/smtpd[5997]: connect from localhost[127.0.0.1]
Dec 13 17:23:03 ns7loc14 postfix/smtpd[5997]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 553 5.7.1 <zorro@nethservertest.org>: Sender address rejected: not owned by user stephane@nethservertest.org; from=<zorro@nethservertest.org> to=<stephane@nethservertest.org> proto=ESMTP helo=<ns7loc14.nethservertest.org>
Dec 13 17:23:03 ns7loc14 postfix/smtpd[5997]: disconnect from localhost[127.0.0.1]
with the smtpd_sender_login_maps only known identities are allowed (pseudonym or real account)
One possible solution could be defining a dedicated smtpd instance listening on 127.0.0.1:587 (or another local ip?) with a specific option that allows clear text password exchange.
we could think for this later, I would like to start a P.O.C with a table with user account (address email with also pseudonym). We could have workable remote smtp, webtop5 and roundcubemail
Sorry it took a while, this is not my territory of expertise.
found this which en-lighted me:
I tend to agree with this, although i see the problem it’s hard to implement without breaking clients by closing one of the default smtp-ports (ie 25, 465, 587) with the firewall.
What about an extra custom port for postfix (ie 4465 ??) with localhost access restriction for PLAIN text login / auth ?
I not sure if another smtpd is a needed; just an extra listing port. Set the global setting to may (smtpd_tls_security_level=may) but enforce it on the default ports. restrict acces to the customport to 127.0.0.0/8 but do not enforce tls.
I installed the PR RPM and I come with some questions
what is the expected behavior of a shared mailbox? If I can read (and modify?) a shared mailbox content, should I be allowed to send a message with its email address? For instance
user: first.user, member of grp1
shared mailbox: shmbx1, shared with grp1, email alias shared1@aliasdom.example.com
what is the expected behavior of an alias address with multiple recipients? Should be the recipients allowed to send a message with the alias? For instance
given email alias address sales@example.com expanded to first.user@example.com, second.user@example.com,
can second.user set sales@example.com as message sender?
alias of an email : steph@domain.com (first email) can send with steph@domain.org if we set this email as its alias, or any domain of the server if the alias exists for each domain.
alias for group of people
lets set group@domain.com (or group@) of three users, user1 user2 user3 for one domain or each domain of the server. Each member of this group can send with its email and the identity group@domain.com, group@domain.org (if domain.org exists on the server).
Obviously when the sender identity is enabled, you cannot anymore use an identity which is not relevant of /etc/postfix/login_maps and /etc/postfix/login_maps.pcre
For the sharedmailbox, I thought first that it is to receive email, and I did nothing, I probably missed to make a logic to exclude them of /etc/postfix/login_maps, even if it should not hurt.
To @all, do you see some missing feature for you, @saitobenkei what do you need more ?