|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: SMTP Mail Relay Problems
From: Bennett Todd (bet
rahul.net)Date: Tue Apr 18 2000 - 16:20:48 CDT
- Next message: Mike Mattice: "Re: LDAP dereferencing"
- Previous message: Wietse Venema: "Re: Selective Relaying"
- In reply to: Mike Temporale: "Re: SMTP Mail Relay Problems"
- Next in thread: Marcelo J. Iturbe: "Error message about aliases.sb"
- Reply: Bennett Todd: "Re: SMTP Mail Relay Problems"
- Reply: Marcelo J. Iturbe: "Error message about aliases.sb"
- Reply: Greg A. Woods: "Re: SMTP Mail Relay Problems"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
2000-04-18-16:18:18 Mike Temporale:
> 2000-04-18-16:16:26 Brad Knowles:
> > Failing this, you can enable POP-before-SMTP or SMTPAUTH, so
> > that the users are forced to authenticate themselves in some
> > fashion before they are allowed to relay through your servers.
>
> Okay, this sounds like the best solution.
Definitely. Don't set up an open relay at all, ever, for even a
moment. Being a source of spam sucks, and undoing the damage that it
does to your site is a chore you don't want to ever have to face.
> I found some information about DRAC from the postfix site, and it
> appears to be pretty good.
DRAC is one well-respected solution, and is probably a good choice
if you have multiple servers, and so need to have a client/server
separation to propogate the auth info from the machines that run the
pop or imap daemons to the smtp server[s].
However, that client-server design has its own costs in complexity
and possible security worries (has anyone audited DRAC's network
protocol and implementation?). And it requires modifying every popd
or imapd to get it to participate.
If you have your pop or imap servers running on the same machine as
your postfix, I've written a much, much simpler solution. For mine,
you need to install four Perl modules from CPAN:
Time::HiRes (needed by File::Tail)
File::Tail
Net::Netmask
Date::Parse (from TimeDate)
Then install my pop-before-smtp script. If you're a Red Hat Linux
user, its tar.gz is all ready for you to "rpm -ta" to make an RPM;
otherwise you'll need to set up an init script for it and maybe edit
it to use the right $pat regexp for your pop or imap daemon. Then
make a small change (documented in the pod documentation in the
script) to tell Postfix to watch the db hash it writes.
I'll be happy to email you my pop-before-smtp package. It's also
available from the postfix.org archives.
-Bennett
- application/pgp-signature attachment: stored
- Next message: Mike Mattice: "Re: LDAP dereferencing"
- Previous message: Wietse Venema: "Re: Selective Relaying"
- In reply to: Mike Temporale: "Re: SMTP Mail Relay Problems"
- Next in thread: Marcelo J. Iturbe: "Error message about aliases.sb"
- Reply: Bennett Todd: "Re: SMTP Mail Relay Problems"
- Reply: Marcelo J. Iturbe: "Error message about aliases.sb"
- Reply: Greg A. Woods: "Re: SMTP Mail Relay Problems"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]