[prev in list] [next in list] [prev in thread] [next in thread] 

List:       qmail-ldap
Subject:    Re: questions about qmail-smtpd
From:       Mihai Costache <tepesu () yahoo ! com>
Date:       2004-11-24 19:11:44
Message-ID: 20041124191144.86701.qmail () web54102 ! mail ! yahoo ! com
[Download RAW message or body]



   i am not angry, just verry tired .... so i'm going home 
   i am not "guru" in qmail-ldap ... i am working with it
just for 1 year ... 
   so ... i want to do this "verification" to the smtp
connection level from bandwidth reasons
   i can't (for now) to use more than one authentication
database because i have a large number of users/accounts
and more than 10 slave ldap servers and more than 10
regional mail servers and i have only one web interface for
users/accounts management ... 
   and to finish say only that i am not a C programmer and
aprox all workstation have random IP from dhcp servers
(only servers have static IP)

thanks to all.

--- Fabio Gomes <flgomes@fazenda.sp.gov.br> wrote:

> Em Qua 24 Nov 2004 16:32, você escreveu:
> >     i don't want relying based on sender's domain !!!!
> 
> are you angry?
> 
> >
> >     i have a lot o users/accounts and some of them must
> not
> > can sending mail to the "internet" .. just to local
> domain
> >     so i thing to something like this:
> >     1) have another ldap attribute and qmail-smtpd look
> for
> > this attribute and if it set just do onother
> verification
> > on recipient domain and if not in rcpthosts drop the
> > connection
> >     or
> >     2) qmail-smtpd look into another control file
> > (~controls/<some file>) and if sender's address is
> listed
> > in this file check recipient domain and if is not in
> > rcpthosts drop connection
> >
> >     something like postfix is doing !!!!!
> >
> 
> The best way to selectively authorize users to send mails
> out of your domain 
> is based on IP address using TCPSERVER and RELAYCLIENT
> env or some kind of 
> authentication (AUTH SMTP, SMTP-AFTER-POP).
> Some people uses different databases for SMTP
> authentication and POP. Putting 
> on the SMTP authentication database, only the users
> authorized to relay.
> 
> You also could write a wrapper for qmail-queue to
> determine, based on sender 
> address, if the mail is allowed to relay or not. But as
> already said, address 
> can be forged.
> 
> Look in qmail list. That issue was actively discussed
> before in that list.
> 
> > --- Brian Reichert <reichert@numachi.com> wrote:
> > > On Sun, Nov 21, 2004 at 11:37:13PM -0800, Mihai
> Costache
> > >
> > > wrote:
> > > > second: can somebody tell me how to make
> qmail-smtpd to
> > > > check domain sender, sender email address and
> domain
> > > > recipient when mails came from relay hosts ... and
> if
> > > > domain sender is not in ~control/rcpthosts(.cdb) to
> > >
> > > reject
> > >
> > > > this emails and to can to do some like this : to
> have a
> > > > list of local email address who can send mails only
> to
> > > > locals domain (aka domain listed in
> > > > ~control/rcpthosts(.cdb) or ~control/locals(.cdb))
> > >
> > > It depends on what you're trying to accomplish.
> > >
> > > Bear in mind that the sender's domain can be forged.
> > > Relying on
> > > the sender's domain to control relaying isnt' very
> > > useful.
> > >
> > > It _sounds_ like what you want is known people from
> known
> > > hosts to
> > > be able to relay.
> > >
> > > If that's the case, you should look into SMTP AUTH;
> that
> > > forces
> > > force's people's mail clients to provide a password,
> such
> > > that when
> > > they've authenticated, they're allowed to relay
> though
> > > that mail
> > > server...
> > >
> > > > thanks,
> > > > Mihai
> > >
> > > --
> > > Brian Reichert				<reichert@numachi.com>
> > > 37 Crystal Ave. #303			Daytime number: (603) 434-6842
> > > Derry NH 03038-1713 USA			BSD admin/developer at
> large
> >
> > __________________________________
> > Do you Yahoo!?
> > Yahoo! Mail - You care about security. So do we.
> > http://promotions.yahoo.com/new_mail
> 
> GL,
> -- 
> Fábio Gomes                               
> <flgomes@fazenda.sp.gov.br>
> 



		
__________________________________ 
Do you Yahoo!? 
Read only the mail you want - Yahoo! Mail SpamGuard. 
http://promotions.yahoo.com/new_mail 
[prev in list] [next in list] [prev in thread] [next in thread]