Re: [courier-users] Help with apparent relaying problem

Tue, 05 Jan 2010 19:07:35 -0800 

Ken Sarkies writes:
Just to clarify, we now have all relaying turned off for all external connections, as should be the case. But to force internal users to authenticate their outgoing mail we found that the ESMTPAUTH variable could be set for the subnet in the smtpaccess files. 


It could be, but it's not required. Your configuration is unnecessarily 
complicated. The ESMTPAUTH setting does not require authentication. 
ESMTPAUTH only defines which SASL authentication mechanisms are advertised.



It's only a side effect that removing ESMTPAUTH results in no SASL 
authentication mechanisms being advertised, making it impossible for any 
client to authenticate. With ESMTPAUTH being set, this merely advertises the 
SASL authentication mechanisms, and authentication is required only to relay 
mail. Delivery to local mailboxes does not require authentication, so 
clients can connect and send mail to your local mailboxes, with no 
authentication being required even if ESMTPAUTH is set.



                                                      We weren't aware 
that we could do this. Previously we had set the variable in the emstpd 
configuration which forced authentication for all connections, allowing 
someone outside to hack a password and get through.



That's a different setting, AUTH_REQUIRED. All that does is require 
authentication for delivering to local mailboxes. Normally, regular incoming 
mail does not require authentication. Anyone on the Internet needs to 
deliver mail to your mailboxes without authenticating to your mail server, 
of course, so local mail delivery cannot require authentication.



The default configuration of ESMTPAUTH globally should not be changed, in 
most situation. If some user's credentials have been compromised, that is a 
different issue.





Attachment:
pgpRTJkMu8B1o.pgp

Description: PGP signature


------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev 
_______________________________________________
courier-users mailing list
[email protected]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users






















					Reply via email to