Half-Relaying: According to the sender (+auth?)

Half-Relaying: According to the sender (+auth?)

am 03.01.2008 09:41:40 von Nicolas Ecarnot

Hi,

At present, my sendmail hosts a domain, and is a public smtp server
allowing incoming mails to my domain.
Relaying is denied for mails coming from external senders, and of
course allowed for internal senders.

I would like some external senders to be allowed to be relaied through
my sendmail system.
I don't ask an explanation, but just to know if there is a way, or if
you could put me on a track.

I'm reading things about SSL, TLS, SMTP AUTH but I'm just starting at
this.
Is this a good start?

Best regards,

--
Nicolas Ecarnot

Re: Half-Relaying: According to the sender (+auth?)

am 03.01.2008 15:07:48 von Tilman Schmidt

Nicolas Ecarnot schrieb:
> I would like some external senders to be allowed to be relaied through
> my sendmail system.
> I don't ask an explanation, but just to know if there is a way, or if
> you could put me on a track.
>
> I'm reading things about SSL, TLS, SMTP AUTH but I'm just starting at
> this.
> Is this a good start?

Yes, SMTP AUTH and allowing relaying for authenticated senders is the
canonical solution for that. You may also want to consider setting up a
separate listener on port 587 (MSA) for authenticated message submission.

HTH
T.

--
Please excuse my bad English/German/French/Greek/Cantonese/Klingon/...

Re: Half-Relaying: According to the sender (+auth?)

am 03.01.2008 16:16:56 von Mark Hansen

On 01/03/08 00:41, Nicolas Ecarnot wrote:
> Hi,
>
> At present, my sendmail hosts a domain, and is a public smtp server
> allowing incoming mails to my domain.
> Relaying is denied for mails coming from external senders, and of
> course allowed for internal senders.
>
> I would like some external senders to be allowed to be relaied through
> my sendmail system.
> I don't ask an explanation, but just to know if there is a way, or if
> you could put me on a track.
>
> I'm reading things about SSL, TLS, SMTP AUTH but I'm just starting at
> this.
> Is this a good start?
>
> Best regards,
>
> --
> Nicolas Ecarnot

Hello, Nicolas.

Yes, this is possible, as Tilman has said. I just went through this myself,
and it took me quite a while (not working full-time on it). There are details
about individual steps, but nothing that really pulls it all together and
explains what steps must be taken - at least not for my specific case.

The short answer is that you need to have your roaming clients connect using
TLS. This will ensure that their credentials are encrypted. Then you need to
enable a second SMTP listener on port 587, and on that listener, require TLS
and authentication.

I used many sources for help, including the Sendmail (Bat) book, 3rd Edition,
as well as a few web sites, FAQs, etc., and of course help from this news group.

I got this working on my set up (CentOS Linux 4.5 and sendmail 8.13.1). I haven't
yet got all the steps documented, but was planning to do that at some point. So
although I can't send you a complete How-TO, I can probably answer some questions.

Good luck.