|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Relaying mail for mobile users
From: Javier Marcet (lists
marcet.info)
Date: Mon Mar 01 2004 - 06:56:32 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
In the postfix FAQ it is well documented how to permit mobile phones
with changing IP to relay mail.
It mentions two possible methods, one base on the IP address or hostname
of the client, and one based on the sender address-
Following the advice I could send mail from the mobile phone but I don't
feel any good with such a big hole where anyone from the range of IPs
defined or who just finds a good accepted sender address, can relay
mail.
Reading the access(5) format, it states:
# ACTIONS
[...]
#
# restriction...
# Apply the named UCE restriction(s) (permit, reject,
# reject_unauth_destination, and so on).
#
Hence, having it working as per the FAQ:
/etc/postfix/main.cf:
smtpd_recipient_restrictions =
permit_mynetworks,
check_client_access hash:/etc/postfix/client_access,
check_sender_access hash:/etc/postfix/sender_access,
reject_unauth_destination
/etc/postfix/client_access:
11.22.33 OK
dialup.isp.com OK
/etc/postfix/sender_access:
joemy.domain OK
blowmy.domain OK
... I tried changing it to:
/etc/postfix/main.cf:
smtpd_recipient_restrictions =
permit_mynetworks,
check_client_access hash:/etc/postfix/client_access,
reject_unauth_destination
/etc/postfix/client_access:
11.22.33 check_sender_access hash:/etc/postfix/sender_access
dialup.isp.com check_sender_access hash:/etc/postfix/sender_access
/etc/postfix/sender_access:
joemy.domain OK
blowmy.domain OK
In the hope that this would require both an IP listed in client_access
AND at the same time a sender address listed in sender_access.
The result? It doesn't work.
Postfix complained every time I tried to send a message from the mobile
phone:
Feb 28 18:34:44 hiroshi postfix/smtpd[12978]: 0AAFB462E: reject: RCPT from unknown[11.22.33.44]: 451 Server configuration error; from=<joemy.domain> to=<tedforeign.domain> proto=ESMTP helo=<[11.22.33.44]>
Did I misunderstand anything? Is there some easy way to achieve the
double check?
P.S The mobile phones I'm trying to relay mail from are Series-60 based,
a Nokia 6600 and a Nokia 7650. They offer using some certificate but
have no idea on how to make one without buying it from a real CA.
On my postfix server I have TLS and SASL enabled, although with a
self-created certificate.
Maybe you have some other suggestion on how to secure the server as much
as possible while still being able to send mail from the phones.
TIA :)
--
Javier Marcet <javiermarcet.info>
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]