Date: Tue, 4 Mar 2003 08:53:12 -0500 (EST) From: Mitch Collinsworth <mitch@ccmr.cornell.edu> To: John Angelmo <john@veidit.net> Cc: freebsd-net@FreeBSD.ORG Subject: Re: Sendmail AUTH agains passwd? Message-ID: <Pine.LNX.4.51.0303040842530.5810@ori.ccmr.cornell.edu> In-Reply-To: <3E645FCE.8000900@veidit.net> References: <3E645FCE.8000900@veidit.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 4 Mar 2003, John Angelmo wrote: > I'm intrested in implementing sendmail with AUTH agains passwd, I have > only been able to do this agains TSL with their database, has anyone > tried agains passwd and got it to work? One approach that has been used with success by many folks, me included, is to, rather than try to auth sendmail itself, piggyback on pop or imap authentication that's already taking place for users to pick up their incoming mail. There are various implementations of this around but the basic idea usually comes down to: 1) post-process your pop/imap logs to see who has authenticated recently 2) add the IP addresses those users connected from to a database somewhere with time of authentication 3) update sendmail's list of IPs allowed to relay mail 4) periodically timeout IPs from the database that haven't re-auth'd recently. This scheme is not perfect but it's "pretty good" and works well with a reasonable amount of implementation effort. The primary "catch" is that users have to first connect with pop or imap before they can send mail, but for the convenience of being able to roam the planet without changing their smtp settings, they're normally quite willing to learn to do that. The primary advantage is that it doesn't require any special features in the MUA, which means your users are free to use whichever MUA they prefer. The one that I've had success with is here: http://poprelay.sourceforge.net/ -Mitch To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.51.0303040842530.5810>