Re: [PLUG] Relaying, Bell Atlantic and list Reply-To header

Mental on Fri, 13 Jul 2001 08:40:09 -0400

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Relaying, Bell Atlantic and list Reply-To header

From: Mental <Mental@NeverLight.com>

To: plug@lists.phillylinux.org

Subject: Re: [PLUG] Relaying, Bell Atlantic and list Reply-To header

Date: Fri, 13 Jul 2001 08:30:04 -0400

Organization: hump-hump.com, for those less fortunate who cant afford pornography

Reply-to: plug@lists.phillylinux.org

Sender: plug-admin@lists.phillylinux.org

User-agent: Pr0nM4iler/.666 <3xtr33m hump-hump l33tn3ss>

On Fri, Jul 13, 2001 at 08:07:02AM -0400, Chuck Peters wrote: > > At ccil.org we limit relaying to specified IP's. The list includes CCIL's > IP's as well as some other local ISP's. But this doesn't help if a CCIL > user is on some big ISP/IP's we don't list. One solution used is SMTP > Authenication but only some mail clients like Netscape and Outlook support > it and that sucks. Does anyone have any suggestions for a better solution? > Starttls _is_ the better solution. The fact that only netscape and microsoft have implemented it is sad. Its an open standard, so the fact it isnt more widespread is almost inexcusably lazy. This isnt a proprietary protocol created to cause incompatibility, its just something that people feel isnt worth doing for whatever reason, despite it being an agreed upon standard. Your alternative is an ugly roll your own hack like the old pop-before-send hacks floating around out there that pretty much grep oyur pop logs for ip's and add those ip's to your relay list. Obviously this wont work if you dont use pop or relay thru another box. Sendmail supports TLS as of 8.11 I believe. It would be possible configure it (sendmail) to point to a smarthost and configure it to pass the proper credentials so it could relay. This would work in a small office/workgroup type setting. All outgoing mail would use the same credentials (those of the mail server). This has no effect on message content or visible headers. Essentially you'd be configuring your mail hub to authenticate itself to the mail relay, which in my opinion is better than just adding the ip to an access list. > I would very much prefer to use standard Debian packages on potato or > woody with LDAP authenication. Does anyone know what I need to install to > setup smtp authenication? Depends on the mail program. And if you use pam. If you use pam, it maes it really easy to authenticate off of just about anything. The authentication backend is a different issue from the above. I'm out of time. Maybe after work I'll try and dig up some of my notes. A google search for "smtp starttls" should help. Its tricky to get setup if you've never done anything with certificates but its doable. As for ldap integration, the only time you'd need that is if you want ot put aliases/virtusertable/whatever into ldap. Then you just need to tell sendmail to link against your ldap libs... its in the sendmail-x.x/cf/README. -- Mental (Mental@NeverLight.com) "What has God revealed to man that has ever helped him get a living?" [Lemuel K. Washburn, _Is The Bible Worth Reading And Other Essays_, 1911] ______________________________________________________________________ Philadelphia Linux Users Group - http://www.phillylinux.org Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce General Discussion - http://lists.phillylinux.org/mail/listinfo/plug

References:

[PLUG] Relaying, Bell Atlantic and list Reply-To header
From: Chuck Peters <cp@ccil.org>

Prev by Date: Re: [PLUG] Relaying, Bell Atlantic and list Reply-To header

Next by Date: Re: PLUG letterhead (was: Re: [PLUG] Fwd: plug meeting at usip.edu - fyi)

Previous by thread: Re: [PLUG] Relaying, Bell Atlantic and list Reply-To header

Next by thread: Re: [PLUG] Relaying, Bell Atlantic and list Reply-To header

Index(es):

Date

Thread