|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: Authenticating SMTP
Subject: RE: Authenticating SMTP
From: Alex Miller (postfix
bannerclub.com)
Date: Thu Jan 06 2000 - 17:41:35 CST
- Next message: Wietse Venema: "Re: Roaming users and open relays"
- Previous message: Stephen Farrugia: "Roaming users and open relays"
- In reply to: Bennett Todd: "Re: Authenticating SMTP"
- Next in thread: Bennett Todd: "Re: Authenticating SMTP"
- Next in thread: Piotr Klaban: "Re: Authenticating SMTP"
- Reply: Alex Miller: "RE: Authenticating SMTP"
- Reply: Bennett Todd: "Re: Authenticating SMTP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Sounds great Mr. Todd
Are you considering making it GNU/open source?
I would be very interested in using your
product. I'm building a non-proift ISP
non-dialin, and would very much like to
use this. I've been looking at DRAC and
although I now understand how it works
with postfix, it's not too clear how to
set up DRAC itself.
Alex Miller
> -----Original Message-----
> From: owner-postfix-userspostfix.org
> [mailto:owner-postfix-userspostfix.org]On Behalf Of Bennett Todd
> Sent: Thursday, January 06, 2000 3:58 PM
> To: Simon Atack
> Cc: postfix-userspostfix.org
> Subject: Re: Authenticating SMTP
>
>
> 2000-01-06-09:45:23 Simon Atack:
> > What forms of authenticating SMTP does postfix support?
>
> I can't help with that bit; since SMTP authentication is a
> recently-introduced
> concept, not yet standard or commonly-available in clients, I've
> not bothered
> with it.
>
> The users who can't configure their email clients to use the mail
> server that
> goes with their dialin are the same users who are using the
> scummiest and most
> revolting email clients they can possibly find (and as a class,
> they're really
> good at that). So your only hope is to find some characteristic
> common to just
> about all such mail clients that will let this work.
>
> > If not what are the best methods to stop relaying but allow you
> to recieve
> > mail for your users and also allow your users (who will be on
> various dialup
> > links with unkown ip addresses) to send via SMTP as well
>
> If you need to let random users connect from random IP addrs and
> relay email
> through your server to another one, but only if they really belong to you,
> then there's a good chance that the only hack that will work with
> their choice
> of email client is "pop before smtp" (or equivalently "imap
> before smtp"). The
> concept here is that a client program polls for email, and in doing so it
> performs a successful pop or imap login. Something --- either the
> popd/imapd,
> or another daemon watching the logfile where the popd/imapd announces the
> success --- picks up on this and updates a database of "recently
> authenticated
> IP addresses", which the SMTP daemon can check on.
>
> By one of those amazing coincidences I just wrote a daemon to do
> this. Mine is
> a very compact little wad of perl, that uses a few spiffo modules
> from CPAN.
> I'll be happy to send it to you. Mine's customized to Postfix. It
> writes the
> db hash in just the format postfix is expecting, and it knows to
> screen on the
> netblocks listed in `postconf mynetworks` to avoid polluting the
> db file, and
> wasting I/O, on ip addrs that postfix would accept anyway.
>
> Other solutions recently mentioned on this list include DRAC, at
> <URL:http://mail.cc.umanitoba.ca/drac>, which is an ornate daemon
> that uses RPC to decouple the pop daemons (which get modified) from
> the database writer that notifies the SMTP daemon[s]. There is WHOSON
> <URLhttp://www.average.org/whoson/> which gets mentioned in these threads,
> but as far as I can tell it doesn't actually directly address the
> problem as
> such; if you ran a whoson server, your MTA could query it, but
> there's no way
> to feed it; clients don't direct info to whoson servers to inform them of
> login/logout status, and if they did the proposed whoson protocol
> doesn't seem
> to include any auth, so a spammer could use it just as easily as
> a legitimate
> user. There's Antispam <URL:http://Alf.LinuxBox.com/projects/AntiSpam/>,
> just announced recently on Freshmeat, which is a quite ornate perl script,
> but which is missing some features I like in mine (automatically following
> rotating logfiles, and screening out addresses in Postfix's
> "mynetworks") that
> I do using some nice CPAN modules.
>
> If it sounds like I don't like any other solution except mine, well, sure,
> otherwise I wouldn't have written it:-). I'm biased.
>
> -Bennett
>
- Next message: Wietse Venema: "Re: Roaming users and open relays"
- Previous message: Stephen Farrugia: "Roaming users and open relays"
- In reply to: Bennett Todd: "Re: Authenticating SMTP"
- Next in thread: Bennett Todd: "Re: Authenticating SMTP"
- Next in thread: Piotr Klaban: "Re: Authenticating SMTP"
- Reply: Alex Miller: "RE: Authenticating SMTP"
- Reply: Bennett Todd: "Re: Authenticating SMTP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This archive was generated by hypermail 2b27 : Thu Jan 06 2000 - 17:47:54 CST