Please guide how can I link a specific SMTP user with an IP Pool. So that when that SMTP user sends out emails only the IPs from that specific pool are utilized for sending. ( I have a default IP Pool in place as well)
Hey there @genuine-mule, thanks for posting. Please read the “Troubleshooting” and “How to Ask for Help” buttons below. If you would like a 1:1 support session from the KumoMTA team, details are at the “Book a Support Session” button below.
Ok, is the username the only way you identify each mailing? These users connect on their own?
Hi Mike, Yes username is the only way. I have setup 3 pools and I want each pool to be linked with specific username. Source IP will be same for all 3 connections
By source IP I mean the client’s IP
Ok, so what I’d suggest is naming the tenants after the usernames in Configuring Queue Management - KumoMTA Docs
You’ll need to write some custom Lua to attach the username to the tenant using msg:set_meta(‘tenant’, username)
Thank you, this is exactly what I’m missing
Is there any such example in docs to set tenant based on any condition?
The example at the bottom of the page can be used with object: connectionmeta - KumoMTA Docs to do what you need.
If I successfully call msg:set_meta(‘tenant’, username) or conn_meta:set_meta(‘tenant’, username) will it inject X-Tenant header into email message which will be identifier to make decisions? Because in example queues.toml file I see “tenant_header = “X-Tenant”
remove_tenant_header = true”
That setting is for if you have an existing header. It stores tenant into metadata.
Should I remove that from queues.toml?
Thank you Mike. I just made it work with your help. I have identified an issue that if default tenant is defined in queues.toml it overrides the egress pool for tenant
Another small issue I faced during SMTP authentication was that until I configured FROM domain in listener_domains.toml file with config “relay_from_authz = [ ‘username’ ]” I was getting relaying denied error and it was not attempting the SMTP authentication. Maybe its something missing it docs. I just used example quickstart configuration. I could be wrong but just thought I should tell you as it might help
Relay_from_authz just limits auth usernames, doesn’t say what the credentials should be.
I was getting relaying denied error as it was not attempting authentication and just taking decision based on IP relay list. After I added that line in domain section of listener_domains.toml then it started attempting authentication and then if username or password was wrong it was giving authentication/password related error.
Aah, because you bypassed authentication with IP authorization but locked a domain to an auth username.
Relay_from_authz is for environments where users connect directly and are not trusted to relay correctly, IP authorization is for trusted systems that are expected to use the correct domains. The two are not expected to be used together.