OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Adrian Bolzan (Adrian.Bolzanaot.com.au)
Date: Tue Mar 26 2002 - 21:05:06 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    On 26 Mar 2002 at 8:07, Mike Burden wrote:

    > > -----Original Message-----
    > > From: Adrian Bolzan [mailto:Adrian.Bolzanaot.com.au]
    > >
    > > I found that when I last used that feature our roaming
    > > (mobile laptop)
    > > users who used our mail server to relay e-mail could no longer send
    > > e- mail through our mail server- the proxy rejected them.
    > >
    > > As thi srelayign is vital we will set up a proxy on the PSN
    > > that passes
    > > smtp traffic to our mail server, that will authenicate using SASL.
    >
    >
    > Here's where I think you want to go:
    >
    > 1. Mailserver on the PSN that *REQUIRES* SMTP authentication from
    > the clients (because otherwise you have an open relay, which
    > is a *BAD* thing!)
    >
    > 2. Tunnel and filter (or tunnel with "automatic accept all")
    > an alias on the EXT to the mailserver for some combination of
    > ports 25 (SMTP), 110 (POP3) and 143 (IMAP)
    >
    > 3. Mailserver on the PRO that handles incoming and outbound
    > mail for users on your LAN
    >
    > 4. Email proxy to allow incoming email to be delivered to the
    > mailserver on the PRO
    >
    > 5. Tunnel and filter from the PSN address to the mailserver on
    > the PRO to allow the mailserver on the PSN to deliver mail
    > to the mailserver on the PRO. You should use a filter instead of
    > checking "automatic accept all" so that you can limit use of this
    > tunnel to the mailserver on the PSN.
    >
    > 6. The mailserver on the PRO should disallow relaying for SMTP
    > coming from the GNAT Box address.
    >
    > The results:
    >
    > 1. Roaming users use the Alias on the EXT to send mail using the
    > mailserver on the PSN.
    >
    > 2. Hosts on the Internet use the primary EXT address to send
    > email to you. This should be the address that your MX record
    > points to.
    >
    > 3. Users on your LAN use the mailserver on the PRO for incoming
    > and outbound email.
    >
    >

    Thanks for these excellent ideas. I am having trouble with my setup,
    whereby authentication occurs on the server inside the PRO network,
    but as all traffic was coming from a proxy on the PSN, wher all traffic
    from it was allowed by th email server, the mail server became an open
    relay.

    I will look into the implementation of these.

    thanks,

    adrian

    -
    To unsubscribe, send mail to majordomopostfix.org with content
    (not subject): unsubscribe postfix-users