Site Navigation

Date:      Mon, 6 Nov 2000 17:18:40 +0200 (WET)
From:      Evren Yurtesen <eyurtese@turkuamk.fi>
To:        kirk Bailey <idiot1@netzero.net>
Cc:        jfporter@howlermonkey.net, freebsd-isp@freebsd.org
Subject:   Re: sendmail and auth
Message-ID:  <Pine.A41.4.10.10011061711580.13510-100000@bessel.tekniikka.turkuamk.fi>
In-Reply-To: <3A0630D4.F37AD787@netzero.net>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

Well I ment if somebody is using Authentication with sendmail.
You know in your mail client you can set your password and username
so the server can authenticate you when you are sending email.
I see this is available in the latest versions of sendmail.
Sendmail now supports SMTP authentication I guess...
Quote from the readme is below;

+--------------------------------+
| SMTP AUTHENTICATION            |
+--------------------------------+

The macros ${auth_authen}, ${auth_author}, and ${auth_type} can be
used in anti-relay rulesets to allow relaying for those users that
authenticated themselves.  A very simple example is:

SLocal_check_rcpt
R$*             $: $&{auth_type}
R$+             $# OK

which checks whether a user has successfully authenticated using
any available mechanism.  Depending on the setup of the CYRUS SASL 
library, more sophisticated rulesets might be required, e.g.,

SLocal_check_rcpt
R$*             $: $&{auth_type} $| $&{auth_authen}
RDIGEST-MD5 $| $+@$=w   $# OK

to allow relaying for users that authenticated using DIGEST-MD5
and have an identity in the local domains.

The ruleset Strust_auth is used to determine whether a given AUTH=
parameter (that is passed to this ruleset) should be trusted.  This
ruleset may make use of the other ${auth_*} macros.  Only if the
ruleset resolves to the error mailer, the AUTH= parameter is not
trusted.  A user supplied ruleset Local_trust_auth can be written
to modify the default behavior, which only trust the AUTH=
parameter if it is identical to the authenticated user.

Per default, relaying is allowed for any user who authenticated
via a "trusted" mechanism, i.e., one that is defined via
TRUST_AUTH_MECH(`list of mechanisms')
---------------------------------------------------------------------------


I just wondered if anybody configured this so far?
This is quite handy when your customers do connect from a lot of
different ISP's which doesnt offer SMTP service or the other ISP
is also offering SMTP service to their customers only with SMTP
authentication etc.


Evren


On Sun, 5 Nov 2000, kirk Bailey wrote:

> Sure do. SMTP is unlocked for a limited time when they successfully pop
> the account. THAT  individual IP is listed in a table of authorized
> users. every foo minutes it is erased, so we have to pop again to
> continue accessing. This is a bit of a hack, but ALL pop before send is
> a hack, out of the box the sendmail does not handle pop before send.
> 
> As an aside, to help resist spam, limit the max number od deamon
> children to some modest number, and the max number of recipients per
> envope. We opted for 12 ceamon children and 10 recipeints. This alone is
> VERY fustrating to someone who wants to send out 100,000+ addresses.
> 
> The pop 2 send project is still under devlopment. It works, but is a bit
> f a kludge. when the code smith in the team has time, he will refine the
> process to drop CRON out of the deal, and write a C executable instead
> of perl scripting to handle file management. When that is done and
> debugged, and we feel it is ready for public light, we will talk about
> offering it- and his services- to the public.
> 
> for now, I would not want to accept responsibility for handing you an
> app which is in effect a working ALPHA version of something.
> 
> But feel free to write us. As a in team courtesy to Jim, I am CCing a
> copy of this letter to him. PLEASE conduct correspoondance with me, as
> he is VERY busy right now with several contracts.
> 
> 
> Evren Yurtesen wrote:
> > 
> > is there anybody using sendmail with authentication support?
> > I want to authenticate users before they send email if they are coming
> > from another domain than which is defined in relay-domains file.
> > thanks
> > Evren
> > 
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-isp" in the body of the message
> 
> -- 
> 
>  
> 
>  -Respectfully,
>               -Kirk D Bailey
> 
> 
> end
>  ___ ___ ___ ___ ___ ___ ___ ___ ___ ___ ___ ___ ___ ___ ___ ___
> |___|___|___|___|___|___|___|___|___|___|___|___|___|___|___|___|
> | _ \___ __ _ __| |_(_)_ _  __ _| |_| |_  ___ / __/ _ \| \| |
> |   / _ Y _` (_-<  _| | ' \/ _` |  _| ' \/ -_) (_| (_) | .` |_
> |_|_\___|__,_/__/\__|_|_||_\__, |\__|_||_\___|\___\___/|_|\_( )
>                            |___/                            |/
> 
>               Kirk Bailey, consulting loose cannon
> 
> www.howlermonkey.net                 highprimate@howlermonkey.net
> http://gipco.webjump.com                       idiot1@netzero.net 
>                        _        _        _   _
>  ___ _ _  ___ _ _ _  _| |_ __ _| |_ __ _| |_(_)_ __  ___
> / _ \ ' \/ -_) ' \ || |  _/ _` |  _/ _` |  _| | '  \/ -_)_
> \___/_||_\___|_||_\_,_|\__\__,_|\__\__,_|\__|_|_|_|_\___(_)_ ___
> |___|___|___|___|___|___|___|___|___|___|___|___|___|___|___|___|
> 
> 
> _______________________________________________
> Why pay for something you could get for free?
> NetZero provides FREE Internet Access and Email
> http://www.netzero.net/download/index.html
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.A41.4.10.10011061711580.13510-100000>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact