Mailinglist Archive: opensuse-security (601 mails)
| < Previous | Next > |
Re: [suse-security] Relaying with Authentification, Secure Password transmission
- From: Oliver Hensel <oliver.hensel@xxxxxxx>
- Date: Tue, 29 Aug 2000 23:45:26 +0200 (CEST)
- Message-id: <Pine.LNX.4.21.0008292315570.24763-100000@xxxxxxxxx>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
Hello.
On Tue, 29 Aug 2000, Boris Kantwerk wrote:
> How do I tell sendmail, to relay mails for all users sending a correct login
> and password independent from the host from which they send the mail?
First off: SMTP (Sendmail's protocol) does _not_ support authentication
originally at all.
Said that, there are several ways around this (sometimes) painful issue:
- - SMTP after POP3: A user must login with POP3 first, then for some time
this user and / or the user's ip-address may relay through sendmail
Sendmail and POP3: http://www.sendmail.org/~ca/email/chk-rcpt5.html#POP
- - SMTP AUTH (RFC 2554) based on SASL (RFC 2222): Adds a generic
authentication system to SMTP. Based on the Cyrus SASL library, you can
rebuild sendmail for use with SASL
Cyrus SASL is available at ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/
Sendmail instructions at http://www.sendmail.org/~ca/email/auth.html
Clients with SASL-support:
http://www.sendmail.org/~ca/email/mel/SASL_ClientRef.html
- - Various tunneling methods: TLS (formerly SSL) (via STARTTLS, sslwrap or
stunnel), SSH, PPTP, whatever.
STARTTLS at: http://www.sendmail.org/~ca/email/starttls.html
> Additional I want to enable secure password transmission for sendmail,
> popper and ftpd and don't know how!
Your best bet should be something like SSL or SSH, I think
(Yes, POP now also supports a somewhat better authentication mechanism,
but not many clients did support it, last time I tried)
How about completely scrapping FTP and replacing it with SSH? This,
combined with sendmail, POP3, and IMAP all over SSL is what I use here.
>
> Thanx, Boris.
Greetings
olli
- --
- --------------------------------------
Oliver Hensel <oliver.hensel@xxxxxxx>
Linux - the choice of a GNU generation
- --------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.2 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iQEXAwUBOawu+9sdzhktCuebFAOb1gP/QLzT+mimFWsVHJWEm+hr0p5M4W4+HCWg
1boRok4cYGSYbyHGrRXknm0DzB9repf6Tl/rU4xKG33kHeDyXtR02/H6P1G6vsIg
6DiP9UzcqFVWBK/3/3ZAtCCDdzq25W3fzcXrSPpQ4IhxD8mROgYq+588rf/GGjKl
7yB6Iz7HG5ID/jH0y8aXFmDVJHg0iBAGF61v2l6hzcAbJwKW/hWt9QQAHaWBg/fw
TZsmISUE+hxjjDdoUx89BdSlYnn98UYMzY8coYMHxF4b8vtSJ9vorRIucrBgNJRR
+Wfv2osmme4sgvFEyqyBq69vyftENaq1e/wKeTD33VnKhs8swmHpI3Ah
=fgGy
-----END PGP SIGNATURE-----
Hash: RIPEMD160
Hello.
On Tue, 29 Aug 2000, Boris Kantwerk wrote:
> How do I tell sendmail, to relay mails for all users sending a correct login
> and password independent from the host from which they send the mail?
First off: SMTP (Sendmail's protocol) does _not_ support authentication
originally at all.
Said that, there are several ways around this (sometimes) painful issue:
- - SMTP after POP3: A user must login with POP3 first, then for some time
this user and / or the user's ip-address may relay through sendmail
Sendmail and POP3: http://www.sendmail.org/~ca/email/chk-rcpt5.html#POP
- - SMTP AUTH (RFC 2554) based on SASL (RFC 2222): Adds a generic
authentication system to SMTP. Based on the Cyrus SASL library, you can
rebuild sendmail for use with SASL
Cyrus SASL is available at ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/
Sendmail instructions at http://www.sendmail.org/~ca/email/auth.html
Clients with SASL-support:
http://www.sendmail.org/~ca/email/mel/SASL_ClientRef.html
- - Various tunneling methods: TLS (formerly SSL) (via STARTTLS, sslwrap or
stunnel), SSH, PPTP, whatever.
STARTTLS at: http://www.sendmail.org/~ca/email/starttls.html
> Additional I want to enable secure password transmission for sendmail,
> popper and ftpd and don't know how!
Your best bet should be something like SSL or SSH, I think
(Yes, POP now also supports a somewhat better authentication mechanism,
but not many clients did support it, last time I tried)
How about completely scrapping FTP and replacing it with SSH? This,
combined with sendmail, POP3, and IMAP all over SSL is what I use here.
>
> Thanx, Boris.
Greetings
olli
- --
- --------------------------------------
Oliver Hensel <oliver.hensel@xxxxxxx>
Linux - the choice of a GNU generation
- --------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.2 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iQEXAwUBOawu+9sdzhktCuebFAOb1gP/QLzT+mimFWsVHJWEm+hr0p5M4W4+HCWg
1boRok4cYGSYbyHGrRXknm0DzB9repf6Tl/rU4xKG33kHeDyXtR02/H6P1G6vsIg
6DiP9UzcqFVWBK/3/3ZAtCCDdzq25W3fzcXrSPpQ4IhxD8mROgYq+588rf/GGjKl
7yB6Iz7HG5ID/jH0y8aXFmDVJHg0iBAGF61v2l6hzcAbJwKW/hWt9QQAHaWBg/fw
TZsmISUE+hxjjDdoUx89BdSlYnn98UYMzY8coYMHxF4b8vtSJ9vorRIucrBgNJRR
+Wfv2osmme4sgvFEyqyBq69vyftENaq1e/wKeTD33VnKhs8swmHpI3Ah
=fgGy
-----END PGP SIGNATURE-----
| < Previous | Next > |