Date: Sun, 18 Feb 2001 22:24:42 -0800 From: "Ted Mittelstaedt" <tedm@toybox.placo.com> To: "ian j hart" <ianjhart@freeloader.freeserve.co.uk> Cc: <freebsd-questions@FreeBSD.ORG> Subject: RE: Sendmail and Identd Message-ID: <006401c09a3c$a4e28dc0$1401a8c0@tedm.placo.com> In-Reply-To: <3A906A92.2101BC03@freeloader.freeserve.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
Ted Mittelstaedt tedm@toybox.placo.com Author of: The FreeBSD Corporate Networker's Guide Book website: http://www.freebsd-corp-net-guide.com > -----Original Message----- > From: ianjhart@omega.my.domain [mailto:ianjhart@omega.my.domain]On > Behalf Of ian j hart > Sent: Sunday, February 18, 2001 4:37 PM > To: Ted Mittelstaedt > Cc: freebsd-questions@FreeBSD.ORG > Subject: Re: Sendmail and Identd > > > Ted Mittelstaedt wrote: > > > > Hi Ian, > > > > I think you perhaps misunderstand: even if you set up > > IMP you STILL would have had to setup those 1500 accounts. > > Can you point me to some software? I seriously doubt I can get this past > the staff, but it's worth a look. Can't see anything in ports. > Since you have no other solution, I don't think this is an issue of getting approval from the staff - this IS the _only_ option that's going to work in the time you have allotted. I seriously doubt that the staff is going to do nothing and let the problem remain unsolved. If they can think of a better solution then they are welcome to implement it. Unfortunately, while there's about 10 of these programs, none of them are in the ports. I can send you instructions for building IMP on a FreeBSD 4.2 server, I can't guarentee they will work on a previous version of FreeBSD but they probably will. But, you should also consider setting up a SEPARATE server just to implement this - the webinterface to the mailserver talks to the mailserver via IMAP and does not have to be actually executing on the mailserver itself. > > > > I also beg to differ - this is very clearly a mail client > > problem. > > This I know, I have bald patches to prove it. > > > As you have realized, Sendmail does not rewrite the > > From: address. This is because the mail client program is > > in charge of correctly putting the user@whateverdomain address > > into the outgoing mail. This is inherent to the SMTP protocol. > > > > Your blaming the failure of the user's mail client program > > to properly create the username@whateverdomain address on the > > mail client program itself. However, this is wrong, the client > > program is doing what it's supposed to be doing. > > Not all the time it isn't. When the users home (network) directory is > available their email settings are transfered to whatever workstation > they are sat at. This is part of my plan to make the network as > transparent as possible to the users. It works just like *at home*. > Riiiiiggggght - I heard that from Microsoft's marketing department 4 years ago and I've still to see it actually work right. > However, when the network connection fails windows SILENTLY replaces > these settings with some from the local hard drive. This is not what the > client program is supposed to be doing. AFAIK IE4 does not exhibit this > behavior. The new _identities_ appear to be the cause. To revert the > software on all the clients would take me weeks. I would have to > roll-out the software in one go. (Having USER.DAT files from different > versions doesn't strike me as a good idea.) The bottom line on this is > that I would have to wait until the summer break. > > So I can't fix the client. Turning off email for 4 months not an option. > I have to hack the server. Hobsons choice as we say. > I don't see how you can do that, even with lots of hacks into the mailserver. Unless the correct From address is passed from the mail client during the SMTP phase, there is no other way for the server to identify the userID of the sending SMTP connection. This is one of these issues that fixing or replacing the client is the only option. > > > > If you give your users the ability to retrieve e-mail via > > POP3 and transmit it via SMTP then you give them the > > responsibility to make sure that the From address is correct. > > If they are unwilling or unable to do this (due either to > > their misunderstanding how the client program operates, or > > due to their logging in somewhere and allowing some mystical > > "thang" to change the From address) then clearly you have > > to either force them to use a mail client that they DO understand, > > or force them to use a mail client that they have no control > > over, and that you do. This is what IMP is. IMP is a mail > > client that runs ON THE MAILSERVER, instead of on a remote > > desktop, so instead of having a remote client that has unreachable > > settings, you have a mail client that is local to the mailserver > > that YOU can control. > > I see the problem more like this. When a user logs on they should get > their own email settings, or none at all. Not a seemingly random > selection. This is _my_ problem. Then your going to have to replace the client. You can do it one of 3 ways as I see it: 1) Replace the existing client on the desktop with a different one (Eudora, or an earlier version of IE or whatever) 2) Replace the existing desktop-based client with a host-based client. Early versions of this are MUA's like Pine, but I doubt that you want to give Telnet access to 1500 students. Later versions of this are webinterfaces, a-la Hotmail, like IMP. 3) Modify the desktop client you have deployed to make it do different behavior. Since your a Microsoft shop, you should be able to call Microsoft up and pay them some money to patch the .DLL or whatever file is involved, right? After all this is why your using commercial software to begin with - the support, right? Sorry if this is sounding like a taunt, but your administration voted Microsoft for the support - now they need the support and so it's Microsoft's chance to prove why commercial software is so much better than Open Source. >User missconfiguration or deliberate > spoofing is a different problem. > > > > > I also beg to differ with your statement: > > > > "...No-one checks account details every time > > they mail...." > > > > Guess what, _I_ do. > > You are one in a million (estimate). > > > I'm sure that any power users among > > your students do also. > > Not a chance. Age range is 11-17 BTW. > > > It's simple enough to do when using > > a mail client program like Eudora, which _does_ place the > > >From address IN THE MESSAGE DURING COMPOSITION unlike > > Microsoft Outlook which hides it. In fact, that's another > > answer to your problem - because Eudora doesen't give a rat's > > ass about what drive your logged into. > > I wouldn't dissagree, but they want windows + IE. This is policy, I just > implement. > In any case installing Eudora would mean a full rollout. > If they want Windows + IE then they have to play the commercial software game, which means getting on the horn with Microsoft and having them fix the problem. It may be expensive, but Microsoft has convinced these people that Windows + IE is the way to go, so now they have to live with the results. If Microsoft is so much better than Eudora, then Microsoft can fix it. I think your wasting time chasing a mirage. Accept the fact that you can't fix it on the server and go forward. It's easy enough to set up a webinterface to the mailserver, then deny relaying from your internal subnets and issue an edict that all students must use the webinterface for e-mail. After all you already have the web browsers all deployed, so you won't have to do a rollout to all 1500 desktops. If your administration starts yapping about it, then tell them that they can either do it this way or they can call Microsoft and avail themselves of the superior commercial software support that Microsoft's marketing department is always yapping about, and get a patch issued for the new mail clients. In the long run your going to be better off because future rollouts on the desktops won't bugger the mailserver. Your students will be better off because they can go anywhere, such as home or a local Cafe or library that has a web browser, and access their e-mail. It also neatly solves problems like Macintoshes and OS/2 systems being unable to use the mail system. In short, this is something that you should have done a long time ago. > > > > Ted Mittelstaedt tedm@toybox.placo.com > > Author of: The FreeBSD Corporate Networker's Guide > > Book website: http://www.freebsd-corp-net-guide.com > > > > > -----Original Message----- > > > From: ianjhart@omega.my.domain [mailto:ianjhart@omega.my.domain]On > > > Behalf Of ian j hart > > > Sent: Sunday, February 18, 2001 11:10 AM > > > To: Ted Mittelstaedt > > > Cc: freebsd-questions@FreeBSD.ORG > > > Subject: Re: Sendmail and Identd > > > > > > > > > Ted Mittelstaedt wrote: > > > > > > > > What about installing IMP or other webinterface and forcing the > > > > students that aren't savvy enough to know how to use their > > > > mail client properly to use that instead? This allows you to > > > > centralize all administration on the mail clients to in effect > > > > the central mailserver, and in addition allows the students to > > > > check mail from any browser. > > > > > > > > Ted Mittelstaedt tedm@toybox.placo.com > > > > Author of: The FreeBSD Corporate Networker's Guide > > > > Book website: http://www.freebsd-corp-net-guide.com > > > > > > [snip original message] > > > > > > Thanks for your reply, but... :) > > > > > > I only installed Internet access and mail just before Xmas. We've just > > > spent a half-term getting (1500) user accounts setup. I would not be a > > > very popular guy if I changed track at this point. > > > > > > The problem is not with 'savvy'. It's a _feature_. You log on and send > > > some mail. If the network drive with your profile is not available you > > > get the default user settings. (No-one checks account details > every time > > > they mail). The mail goes out with a random users return address. > > > Sendmail only checks the hostname, which is correct (and masqueraded > > > anyway). The only clue that this is happening is when you > read mail and > > > the prompted account name is not your own. God bless Bill Gates. > > > > > > -- > > > ian j hart > > > ICT Technician. > > > Cardinal Newman School. > > > > > -- > ian j hart > ICT Technician > Cardinal Newman School > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?006401c09a3c$a4e28dc0$1401a8c0>