Mailinglist Archive: opensuse-security (300 mails)

< Previous Next >
Re: [suse-security] sendmail und SMTP-AUTscH
  • From: Roland Hilkenbach <roland@xxxxxxxxxxxxxxxxxx>
  • Date: Thu, 24 Apr 2003 14:55:08 +0100
  • Message-id: <200304241555.08511.roland@xxxxxxxxxxxxxxxxxx>
Am Mittwoch, 23. April 2003 19:43 schrieb Philippe Vogel:
>> Hi List,
>> I tried to get two sendmails working together but failed. What did I do
>> wrong?
>>
>> Server A (LAN) is a SuSE 8.0 box with sendmail 8.12.3. It collects mail
>> from the LAN without problems and can deliver them to other servers. If it
>> weren't for SPAM-control of other servers...
>>
>> Server B is a SuSE 7.2 root-server with sendmail-tls (latest patches
>> implemented). This box should become my relay for all mails from the LAN.
>> If I send mail from my kmail-program, I can use authentication methods
>> plain and login without problems. Encryption will be the next step.

> This is only the technique, I don't use sendmail any mor since years!
>
> We have a setup with two Mailservers: A postfix/ B Exchange.
>
> A = mail relay gateway and virus scanner
> B = internal messaging system
>
> A collects external mails, sends them to B after virus scanning.
> B is only for local delivery and uses A as smarthost (B is firewalled,
> cannot be accessed from external). The headers of mails from B to A are
> rewritten to come from A.

>> I setup LAN-Server A to relay mail to root-server B (SMARTHOST=...), to
>> use Authentication method PLAIN (SMTP_AUTH_MECHANISMS="PLAIN") and I edited
>> the auth-info file. I double checked correct spelling of servername,
>> username and password. I let SuSEconfig do the dirty job and restarted the
>> server - all corresponding to the article in the SDB. It simply doesn't
>> work here! Regardless of the authentication method, every try ends up with
>> an "authentication failed". I installed a SuSE 8.1 sendmail also but got
>> the same result.
>>
>> To sum it up: kmail -> sendmail-tls works while sendmail -> sendmail-tls
>> does not!

> Normally - even with sendmail - you don't need any authentification from
> server A to B! Your internal server only forwards mails and the external
> server is only a relay server.
>

My Root-Server is accessible from the whole Internet, so I don't dare working
with plain SMTP for relaying, whereas the LAN-Box is connected to the
Internet via T-Online dialup and thus with dynamic IP-Address.

> Hopefully you made backups of the unchanged config files?
>

Sure ;-)

> Configure Server B to forward all mails to Server A (smarthost).

done

> Configure Server A to accept all relayed mails from your domain or IP-range
> or the mailserver B. If possible make a header rewrite of all mails leaving
> Server A (if your lan is firewalled mails will not come through to Server B
> except it is in a dmz). This might be done with domain masquerading in
> sendmail (CM).

As said above, LAN is behind a dialup-line with dynamic IP. So I have to get
up early in the morning to allow relaying for the IP-Address of the day - I
thought, SMTP-AUTH would be a better way ;-)

> If you want to get mails from external to internal server change the
> mailrouting in mailertable.
>
> Philippe
>
> P.S.: Never let SuSEconfig do work, after you did changes by hand they
> might get overwritten! Use Yast and SuSEconfig or change things by hand
> without SuSEconfig!

Right! But I installed fresh configured boxes for the test, so I can use
SuSEconfig without any trouble to bring the whole setup to work.

Are there any other suggestions beside switching to postfix/exchange???

Bye - Roland


< Previous Next >
Follow Ups