From owner-freebsd-security  Fri May 18  8:19:43 2001
Delivered-To: freebsd-security@freebsd.org
Received: from cs4.cs.ait.ac.th (cs4.cs.ait.ac.th [192.41.170.16])
	by hub.freebsd.org (Postfix) with ESMTP id 9715737B424
	for <freebsd-security@FreeBSD.ORG>; Fri, 18 May 2001 08:19:35 -0700 (PDT)
	(envelope-from Olivier.Nicole@ait.ac.th)
Received: from bazooka.cs.ait.ac.th (on@bazooka.cs.ait.ac.th [192.41.170.2])
	by cs4.cs.ait.ac.th (8.9.3/8.9.3) with ESMTP id WAA13071;
	Fri, 18 May 2001 22:17:00 +0700 (GMT+0700)
From: Olivier Nicole <Olivier.Nicole@ait.ac.th>
Received: (from on@localhost)
	by bazooka.cs.ait.ac.th (8.8.5/8.8.5) id WAA12362;
	Fri, 18 May 2001 22:18:54 +0700 (ICT)
Date: Fri, 18 May 2001 22:18:54 +0700 (ICT)
Message-Id: <200105181518.WAA12362@bazooka.cs.ait.ac.th>
To: huacheng@public.guangzhou.gd.cn
Cc: freebsd-security@FreeBSD.ORG
In-reply-to: <002c01c0dfa8$c6ae8600$9201a8c0@home.net> (huacheng@public.guangzhou.gd.cn)
Subject: Re: AUTH and sendmail
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Hi,

Funny enough I worked on that last week and finished buddling a web
age for my users today (http://www.cs.ait.ac.th/laboratory/email/)

I use poprelayd, from http://poprelay.sourceforge.net (with some
little modif) that is a perl script that reads /var/log/maillog (it
goes fine with the newsyslog) and extract pop/imap authetication
information.

The it adds a temporary open relay for the client IP in a table, for
15 minutes, as mail prgram typically check email every 10 minutes,
relay is open as long as the mail program is running. There could be a
15 minutes window where someone else could connect using the same IP
and could use your email server as an open relay... risk is very
unlikely.

Advantage: it working with plain pop or imap, so basically any client.

Olivier

> we found use 4.3freebsd sendmail default setup is a safer choice for our
> mailserver. But we have many staff outside want to access our mailserver by
> dialup, but with default sendmail conf they can't relay the mail they sent
> when they stay outside. (use pop3 receive mail not problem), now we
> advise staff outsite use our mailserver receive mail but use local ISP's
> mailserver send mail.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message