will trillich wrote: > then he can certainly send email from @serensoft to @out-there > but then SO CAN ANYBODY ELSE using that small, tiny, > insignificant worldnet.att.net network (of thousands and > thousands). > > is there some way to further restrict the relaying? i DO NOT want > any black hats turning my server into spam-o-rama. ideas welcome.
As an alternative to the SMTP auth stuff proposed by others, I suggest
you just set up TLS and use certificate based authentication. It works
like this:
Your friend sets up his mail client to use TLS for outgoing mail and
relay through your server. You set up your server to support TLS for
incoming mail (at least). Your friend generates a SSL certificate and
private key for his mail server to use, and sends you the certificate.
Then you set up your server to allow relaying for TLS connections set up
using that certificate.
I have a setup like this for all of my laptops and other devices on
dynamic or varying IP addresses; each computer has its own certificate,
and uses exim; my server uses postfix which is easy to set up to allow
relaying based on SSL certificates.
As a bonus you add to the amount of encrypted email traffic, and so
reduce the effectiveness of various rumoured evil government projects.
And you get cool headers:
Received: from dragon.kitenet.net (as5800-82-86.access.naxs.com [216.98.82.86])
(using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits))
(Client CN "Joey Hess", Issuer "Joey Hess" (verified OK))
by kitenet.net (Postfix) with ESMTP id 193F7BC039
--
see shy jo
msg28450/pgp00000.pgp
Description: PGP signature
