I am looking at Nethserver to replace our current ClearOS Firewall. As we don’t have any users authenticating to Postfix externally I’d like to disable sasl authentication. If the option is in the GUI I’m being blind and would appreciate some directions to where it is.
I’m still trying to get my head around the templates/config database. From the CLI I ran the following commands
config setprop smarthosts smtpd_sasl_auth_enable no
signal-event nethserver-mail-server-update
but the setting is not updated. What am I missing/doing wrong?
Would you please describe how is configured (simply) your current Nethserver installation?
Services/modules (with goals)
network structure (simply replace public addresses, eventually)
You wrote “firewall”, however… now you refer to “Postfix” so… maybe is also a mail server?
As default, Nethserver requires as mailserver a TLS/SSL connection for allow relay and mail deliver.
However… IDK if it’s used SASL as a “plugin” for Postfix to implement that.
Currently ClearOS serves as a Firewall and a mail relay and I would like to replace those functions with Nethserver. No users or file shares etc. The mail relay is only for sending scans from on prem Multi Function printers to 365 users and receive archive email from 365 and relay it to the archive server on prem. ClearOS server has 4 interfaces. 2 x WAN, 1 x LAN and 1 x DMZ.
For testing the current Nethserver is default installation with Antivirus, Email, Fail2ban, Firewall and the default Web server apps. Goal is to have a Firewall and mail relay so I would probably add DPI and monitoring apps later. Only 2 interfaces are currently setup LAN - 192.168.30.5 and WAN - 41.160.37.36. So far it works as expected, I haven’t tested receiving an email and replaying it to archive server though.
Both installations are on VMware.
This particular config is not a deal breaker if I can’t change it but there will be other settings I would need to change that are not available from the GUI so this is a good starting point in learning how to go about it. There are 2 files in /etc/e-smith/templates/etc/postfix/master.cf that reference smtpd_sasl_auth_enable, 30access_policy_default and 30access_policy_smtpauth which is why I guessed it’s config would be in the smarthost DB
No users => no allowed relays, unless you allow into “Relay section” the IP Address section. But this works only if you install email module, which more or less you don’t need.
Postfix mostly is used for deliver notifications, via the smarthost feature.
Long story short, there should be, creating a configuration fragment. However, I never did on Postfix, so I’m not in condition to help out on that.
May i assume that device on premises “do not chew” 365 logins algorithms?
Some persons are using Nethserver with old hardware… which does not support SSL or TLS-enabled SMTP.
So they configure Nethserver for allow unencrypted relay and deliver outside the mailserver the messages.
example here
I think that also Microsoft request for 365 services TLS submission… then NethServer can operate as intermediate. However… a “mail enabled” nethserver.