On 10/24/2011 02:46 PM, Lew Wolfgang wrote:
Hi David,
A couple of factors are at play here. (I hope I get this right)
First, you have to authenticate yourself to your mail server if you want to relay mail. If you allow anonymous connections, spammers will have their way with your server. But, sending usernames and passwords in the clear over port 25 is also a risk, so you need to wrap your authentication dialog with SSL/TLS.
Alright, that explains the port 587 need. Done (master.cf): submission inet n - n - - smtpd -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING
Two ports? The issue here is that many ISP's block outgoing port 25 to force you to use their own SMTP servers. Outgoing port 587 is usually open, allowing you to connect to your server via an encrypted connection. Port 25 remains open allowing your server to continue to accept mail for local accounts as usual.
All good on port 25 - I have all services through my ISP open (it's a business account ... and they stick it to you for it :)
There are other ways to do the authentication bit. I've used pop-before-smtp in the past, which is a bit clunky, but it works.
OK, I've looked at popbsmpt on sourceforge. I guess that is the way to go. What I don't get is I can relay just fine from one computer to the next using my domains: smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_client_access hash:/etc/postfix/client_access, reject_unauth_destination ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ So, I was hoping to do something similar with the phone.
This method blocks SMTP relaying until a successful authentication dialog is negotiated via pop or imap. The sending IP address is then opened for relaying for a defined period of time. This assumes that people will check their incoming mail before trying to send.
Regards, Lew
I've dorked with this for a while and I'm still stumbling along. When sending
over 3G with Wifi turned off on the phone, I get errors similar to:
Oct 24 14:37:34 nirvana postfix/smtpd[17198]: warning: 166.137.9.141: hostname
mobile-166-137-009-141.mycingular.net verification failed: Name or service not
known
Oct 24 14:37:34 nirvana postfix/smtpd[17198]: connect from unknown[166.137.9.141]
Oct 24 14:37:35 nirvana postfix/smtpd[17198]: NOQUEUE: reject: RCPT from
unknown[166.137.9.141]: 554 5.7.1 Service unavailable; Client host
[166.137.9.141] blocked using zen.spamhaus.org;
http://www.spamhaus.org/query/bl?ip=166.137.9.141; from=