I've recently configured my sendmail server to require authentication.
Now I need to reconfigure sendmail to not require authentication for local
users, or for a single user. I think I need to use a second listener but
I'm not sure. Can someone point me in the right direction for this?
Thanks,
Rick Knight
On Fri, 04 Jan 2008 16:43:01 +0000, Rick Knight wrote:
> I've recently configured my sendmail server to require authentication.
> Now I need to reconfigure sendmail to not require authentication for local
> users, or for a single user. I think I need to use a second listener but
> I'm not sure. Can someone point me in the right direction for this?
>
> Thanks,
> Rick Knight
A bit more googling and I think I've found the answer. I added my ip
address range to /etc/mail/access as "Connect:172.16 RELAY". Ran
makemap and then restarted sendmail. This seems to work so far, but I'll
continue testing.
Can anyone confirm that this is the way to do what I want?
Thanks again,
Rick Knight
In article
Knight
>On Fri, 04 Jan 2008 16:43:01 +0000, Rick Knight wrote:
>
>> I've recently configured my sendmail server to require authentication.
Hm, how can you recieve mail then? Or do you mean that you configured it
to require authentication for relaying? But since that's basically the
default, it still quite unclear what you did - maybe you should just
describe it.
>> Now I need to reconfigure sendmail to not require authentication for local
>> users, or for a single user. I think I need to use a second listener but
>> I'm not sure. Can someone point me in the right direction for this?
>A bit more googling and I think I've found the answer. I added my ip
>address range to /etc/mail/access as "Connect:172.16 RELAY". Ran
>makemap and then restarted sendmail. This seems to work so far, but I'll
>continue testing.
>
>Can anyone confirm that this is the way to do what I want?
Depends on the above - what you have done is to allow anyone connecting
from a host on a 172.16.xxx.xxx network to relay (without needing to
authenticate) - that would imply a "local" network as it is private
address space, so I guess it's what you want.
--Per Hedeland
per@hedeland.org
On Sun, 06 Jan 2008 22:56:38 +0000, Per Hedeland wrote:
> In article
> Knight
>>On Fri, 04 Jan 2008 16:43:01 +0000, Rick Knight wrote:
>>
>>> I've recently configured my sendmail server to require authentication.
>
> Hm, how can you recieve mail then? Or do you mean that you configured it
> to require authentication for relaying? But since that's basically the
> default, it still quite unclear what you did - maybe you should just
> describe it.
>
>>> Now I need to reconfigure sendmail to not require authentication for local
>>> users, or for a single user. I think I need to use a second listener but
>>> I'm not sure. Can someone point me in the right direction for this?
>
>>A bit more googling and I think I've found the answer. I added my ip
>>address range to /etc/mail/access as "Connect:172.16 RELAY". Ran
>>makemap and then restarted sendmail. This seems to work so far, but I'll
>>continue testing.
>>
>>Can anyone confirm that this is the way to do what I want?
>
> Depends on the above - what you have done is to allow anyone connecting
> from a host on a 172.16.xxx.xxx network to relay (without needing to
> authenticate) - that would imply a "local" network as it is private
> address space, so I guess it's what you want.
>
> --Per Hedeland
> per@hedeland.org
Per,
Thanks for your reply.
What I've done is add smtp auth so that I can connect to my mailserver
from anywhere. I travel with a notebook PC and need to be able to access
my email anywhere, but at the same time I don't want just anyone to be able
to access it. This is working well. What was not working was email from my
httpd server. The software that runs on the server was not able to
authenticate. Adding "connect:172.16 RELAY" to my access table has fixed
the problem.
Is this the proper way to do this?
Thanks again,
Rick Knight
In article <3bNgj.34492$JD.33107@newssvr21.news.prodigy.net> Rick Knight
>On Sun, 06 Jan 2008 22:56:38 +0000, Per Hedeland wrote:
>
>> In article
>> Knight
>>>On Fri, 04 Jan 2008 16:43:01 +0000, Rick Knight wrote:
>>>
>>>> I've recently configured my sendmail server to require authentication.
>>
>> Hm, how can you recieve mail then? Or do you mean that you configured it
>> to require authentication for relaying? But since that's basically the
>> default, it still quite unclear what you did - maybe you should just
>> describe it.
>>
>>>> Now I need to reconfigure sendmail to not require authentication for local
>>>> users, or for a single user. I think I need to use a second listener but
>>>> I'm not sure. Can someone point me in the right direction for this?
>>
>>>A bit more googling and I think I've found the answer. I added my ip
>>>address range to /etc/mail/access as "Connect:172.16 RELAY". Ran
>>>makemap and then restarted sendmail. This seems to work so far, but I'll
>>>continue testing.
>>>
>>>Can anyone confirm that this is the way to do what I want?
>>
>> Depends on the above - what you have done is to allow anyone connecting
>> from a host on a 172.16.xxx.xxx network to relay (without needing to
>> authenticate) - that would imply a "local" network as it is private
>> address space, so I guess it's what you want.
>What I've done is add smtp auth so that I can connect to my mailserver
>from anywhere.
OK, so you've just added the possibility to do smtp auth, not
"configured ... to require authentication".
> I travel with a notebook PC and need to be able to access
>my email anywhere, but at the same time I don't want just anyone to be able
>to access it. This is working well. What was not working was email from my
>httpd server. The software that runs on the server was not able to
>authenticate. Adding "connect:172.16 RELAY" to my access table has fixed
>the problem.
>
>Is this the proper way to do this?
It's the typical way, and there aren't a whole lot of other choices for
such a scenario - just note that you're now allowing anything from that
network to relay, which isn't really the same as "local *users*" or "a
local *user*". In particular if it's a web server that should be able to
send mail, you need to make 110% sure that it doesn't have any "form
mail" cgi scripts etc that can be abused by spammers.
--Per Hedeland
per@hedeland.org