[prev in list] [next in list] [prev in thread] [next in thread]
List: qmail-ldap
Subject: Re: questions about qmail-smtpd
From: Mihai Costache <tepesu () yahoo ! com>
Date: 2004-11-24 19:11:44
Message-ID: 20041124191144.86701.qmail () web54102 ! mail ! yahoo ! com
[Download RAW message or body]
i am not angry, just verry tired .... so i'm going home
i am not "guru" in qmail-ldap ... i am working with it
just for 1 year ...
so ... i want to do this "verification" to the smtp
connection level from bandwidth reasons
i can't (for now) to use more than one authentication
database because i have a large number of users/accounts
and more than 10 slave ldap servers and more than 10
regional mail servers and i have only one web interface for
users/accounts management ...
and to finish say only that i am not a C programmer and
aprox all workstation have random IP from dhcp servers
(only servers have static IP)
thanks to all.
--- Fabio Gomes <flgomes@fazenda.sp.gov.br> wrote:
> Em Qua 24 Nov 2004 16:32, você escreveu:
> > i don't want relying based on sender's domain !!!!
>
> are you angry?
>
> >
> > i have a lot o users/accounts and some of them must
> not
> > can sending mail to the "internet" .. just to local
> domain
> > so i thing to something like this:
> > 1) have another ldap attribute and qmail-smtpd look
> for
> > this attribute and if it set just do onother
> verification
> > on recipient domain and if not in rcpthosts drop the
> > connection
> > or
> > 2) qmail-smtpd look into another control file
> > (~controls/<some file>) and if sender's address is
> listed
> > in this file check recipient domain and if is not in
> > rcpthosts drop connection
> >
> > something like postfix is doing !!!!!
> >
>
> The best way to selectively authorize users to send mails
> out of your domain
> is based on IP address using TCPSERVER and RELAYCLIENT
> env or some kind of
> authentication (AUTH SMTP, SMTP-AFTER-POP).
> Some people uses different databases for SMTP
> authentication and POP. Putting
> on the SMTP authentication database, only the users
> authorized to relay.
>
> You also could write a wrapper for qmail-queue to
> determine, based on sender
> address, if the mail is allowed to relay or not. But as
> already said, address
> can be forged.
>
> Look in qmail list. That issue was actively discussed
> before in that list.
>
> > --- Brian Reichert <reichert@numachi.com> wrote:
> > > On Sun, Nov 21, 2004 at 11:37:13PM -0800, Mihai
> Costache
> > >
> > > wrote:
> > > > second: can somebody tell me how to make
> qmail-smtpd to
> > > > check domain sender, sender email address and
> domain
> > > > recipient when mails came from relay hosts ... and
> if
> > > > domain sender is not in ~control/rcpthosts(.cdb) to
> > >
> > > reject
> > >
> > > > this emails and to can to do some like this : to
> have a
> > > > list of local email address who can send mails only
> to
> > > > locals domain (aka domain listed in
> > > > ~control/rcpthosts(.cdb) or ~control/locals(.cdb))
> > >
> > > It depends on what you're trying to accomplish.
> > >
> > > Bear in mind that the sender's domain can be forged.
> > > Relying on
> > > the sender's domain to control relaying isnt' very
> > > useful.
> > >
> > > It _sounds_ like what you want is known people from
> known
> > > hosts to
> > > be able to relay.
> > >
> > > If that's the case, you should look into SMTP AUTH;
> that
> > > forces
> > > force's people's mail clients to provide a password,
> such
> > > that when
> > > they've authenticated, they're allowed to relay
> though
> > > that mail
> > > server...
> > >
> > > > thanks,
> > > > Mihai
> > >
> > > --
> > > Brian Reichert <reichert@numachi.com>
> > > 37 Crystal Ave. #303 Daytime number: (603) 434-6842
> > > Derry NH 03038-1713 USA BSD admin/developer at
> large
> >
> > __________________________________
> > Do you Yahoo!?
> > Yahoo! Mail - You care about security. So do we.
> > http://promotions.yahoo.com/new_mail
>
> GL,
> --
> Fábio Gomes
> <flgomes@fazenda.sp.gov.br>
>
__________________________________
Do you Yahoo!?
Read only the mail you want - Yahoo! Mail SpamGuard.
http://promotions.yahoo.com/new_mail
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic