RE: [suse-security] Sendmail
Hi all I am having a problem with allowing a user relaying off my sendmail server/firewall. How can I configure my mail server to allow relaying of mail for a specific user without it being open to the whole world for relaying ? This user roams a lot around the world so Ip's are noit static? I am running standard Suse linux 7.1 Help I am desperate! Regards Willie Tesnaar Regards Willie Tesnaar
Wilhelm Tesnaar wrote:
Hi all
I am having a problem with allowing a user relaying off my sendmail server/firewall. How can I configure my mail server to allow relaying of mail for a specific user without it being open to the whole world for relaying ? This user roams a lot around the world so Ip's are noit static? I am running standard Suse linux 7.1 Help I am desperate!
Regards Willie Tesnaar
Regards Willie Tesnaar
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
How sendmail is configured? Do You have an access.db? Exists an unique e-mail address for the user? Did You try to write an entry for sendmails access.db user@unique.mail.address RELAY Annette
On Fri, Sep 21, 2001 at 01:03:36PM +0200, Wilhelm Tesnaar wrote:
Hi all
I am having a problem with allowing a user relaying off my sendmail server/firewall. How can I configure my mail server to allow relaying of mail for a specific user without it being open to the whole world for relaying ? This user roams a lot around the world so Ip's are noit static? I am running standard Suse linux 7.1 Help I am desperate!
Regards Willie Tesnaar
have a look at /etc/postfix/sample-tls.cf, especially smtpd_tls_ask_ccert = yes smtpd_tls_req_ccert = yes smtpd_recipient_restrictions = permit_mynetworks check_relay_domains permit_tls_clientcerts I don't know how to do it for sendmail, but there should be something similar... Hope that helps, Lars
Hi, have a look at http://poprelay.sourceforge.net/ To use this perl daemon with SuSE 7.1, you have to get the sendmail source, e.g. 8.11.6 and compile sendmail AND makemap , as SuSE 7.1 uses older db libaries for sendmail (makemap) than for perl.... Regards Karsten Laskowski ----- Original Message ----- From: "Wilhelm Tesnaar" <TesnaarW@filpro.co.za> To: <suse-security@suse.com> Cc: <williet@sai.co.za> Sent: Friday, September 21, 2001 1:03 PM Subject: RE: [suse-security] Sendmail
Hi all
I am having a problem with allowing a user relaying off my sendmail server/firewall. How can I configure my mail server to allow relaying of mail for a specific user without it being open to the whole world for relaying ? This user roams a lot around the world so Ip's are noit static? I am running standard Suse linux 7.1 Help I am desperate!
Regards Willie Tesnaar
Regards Willie Tesnaar
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
Hi just use access file Entry your parameters inside but don't forget : makemap hash /etc/mail/access.db < /etc/mail/access
-----Original Message----- From: Karsten Laskowski [mailto:kl@b-l.de] Sent: 21 September 2001 14:15 To: Wilhelm Tesnaar; suse-security@suse.com Cc: williet@sai.co.za Subject: Re: [suse-security] Sendmail
Hi,
have a look at http://poprelay.sourceforge.net/
To use this perl daemon with SuSE 7.1, you have to get the sendmail source, e.g. 8.11.6 and compile sendmail AND makemap , as SuSE 7.1 uses older db libaries for sendmail (makemap) than for perl....
Regards Karsten Laskowski
----- Original Message ----- From: "Wilhelm Tesnaar" <TesnaarW@filpro.co.za> To: <suse-security@suse.com> Cc: <williet@sai.co.za> Sent: Friday, September 21, 2001 1:03 PM Subject: RE: [suse-security] Sendmail
Hi all
I am having a problem with allowing a user relaying off my sendmail server/firewall. How can I configure my mail server to allow relaying of mail for a specific user without it being open to the whole world for relaying ? This user roams a lot around the world so Ip's are noit static? I am running standard Suse linux 7.1 Help I am desperate!
Regards Willie Tesnaar
Regards Willie Tesnaar
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
On Fri, 21 Sep 2001 13:03:36 +0200 Wilhelm Tesnaar <TesnaarW@filpro.co.za> wrote:
Hi all
I am having a problem with allowing a user relaying off my sendmail server/firewall. How can I configure my mail server to allow relaying of mail for a specific user without it being open to the whole world for relaying ? This user roams a lot around the world so Ip's are noit static? I am running standard Suse linux 7.1 Help I am desperate!
Regards Willie Tesnaar
What you want is smtp auth (sasl). This is reasonably difficult on sendmail (but possible) however if you have the choice, I would recomend a switch to postfix, as it is quite simple to do on postfix. While you're at it, you probably want to enable tls (ssl) also.. Let me know if you need help.. -- Viel Spaß Nix - nix@susesecurity.com http://www.susesecurity.com
hi willie, maybe i've missed some mail, but it seems to me you should configure your sendmail for "SMTP after POP" operation. the idea is that a user polling some POP box has to supply a password, thus authentifies himself, so relaying for the users IP address can be permitted for a specified time period, e.g. 10 minutes. so a roaming user just has to poll his POP account first, then can relay mail from the current dialup IP address. have a look at http://www.iecc.com/pop-before-smtp.html for details. the current eudora qpopper (which is standard for suse) already includes the logging output needed, so the patch is not needed. the popauth HACK for sendmail is still needed. the popauther.pl sub add_new has to be extended for qpopper like this: if(!$good && /^([A-Za-z]+\s+\d+\s\d+\:\d+\:\d+).*POP login by user "([a-z0-9]+)" at \(.*\) (\d+\.\d+\.\d+\.\d+)$/) { # warn "add_new: qpopper...\n"; $tstamp = $1; $user = $2; $ip = $3; ++$good; } i've configured all our mail servers this way, and it works very well. mfg, michael balzer -- 2BCom IT Solutions / Hasslinghauser Str. 156 / D-58285 Gevelsberg Fon +49 2332 7588-0 / Fax -11 / http://www.bbcomp.de ----- Original Message ----- From: "Wilhelm Tesnaar" <TesnaarW@filpro.co.za> To: <suse-security@suse.com> Cc: <williet@sai.co.za> Sent: Friday, September 21, 2001 1:03 PM Subject: RE: [suse-security] Sendmail
Hi all
I am having a problem with allowing a user relaying off my sendmail server/firewall. How can I configure my mail server to allow relaying of mail for a specific user without it being open to the whole world for relaying ? This user roams a lot around the world so Ip's are noit static? I am running standard Suse linux 7.1 Help I am desperate!
Regards Willie Tesnaar
Regards Willie Tesnaar
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
Use SMTP Auth Regards, Jon On Fri, 21 Sep 2001, Wilhelm Tesnaar wrote:
Hi all
I am having a problem with allowing a user relaying off my sendmail server/firewall. How can I configure my mail server to allow relaying of mail for a specific user without it being open to the whole world for relaying ? This user roams a lot around the world so Ip's are noit static? I am running standard Suse linux 7.1 Help I am desperate!
Regards Willie Tesnaar
Regards Willie Tesnaar
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
participants (8)
-
Annette Jaekel -
Eric Romang -
Karsten Laskowski -
lars@newsone.org -
marsaro@interearth.com -
Michael Balzer -
Peter Nixon -
Wilhelm Tesnaar