[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: AUTH, MSA-mode and FULLTRUST

To: 'Jeff Warnica' <jeffw@chebucto.ns.ca>
Subject: RE: AUTH, MSA-mode and FULLTRUST
From: Nicolas Baumgarten <nico@pert.com.ar>
Date: Fri, 3 Dec 2004 15:34:07 -0300
Cc: Zmailer List <zmailer@nic.funet.fi>
Original-Recipient: rfc822;zmailer-log@nic.funet.fi
Sender: zmailer-owner@nic.funet.fi

Jeff,

what I'm telling was possible and we are currently using it in many
production servers.
The exact version is: zmailer-2.99.56-patch1pre-cvs20040312

When we set up a test install of cvs20041104 we find that it's not 
posible anymore.

Our current setup includes many client networks which are 
"fulltrust" (including individual users or corporate MTA's)
which don't need to authenticate.
The rest of the  world have to, if using our servers as 
outgoing relay.





> -----Original Message-----
> From: Jeff Warnica [mailto:jeffw@chebucto.ns.ca]
> Sent: Thursday, December 02, 2004 10:48 PM
> To: Nicolas Baumgarten
> Cc: Zmailer List
> Subject: Re: AUTH, MSA-mode and FULLTRUST
> 
> 
> 
> I suspect that the path of least resistance would be to have local
> systems submit to :25. But if you are going to reconfigure 
> each client,
> you might as well tell it to send the username/password. I suppose you
> could do some port redirection magic (ie, iptables with 
> Linux) such that
> connections to :587 are transparently redirected to :25.
> 
> I don't know if what you ask about ZMailer is possible, but this might
> provide a quick solution until something else comes along.
> 
> On Thu, 2004-02-12 at 20:51 -0300, Nicolas Baumgarten wrote:
> > Hi,
> > 
> > in previous versions we used authentication 
> > like is descripted in this old smtpserver.conf sample
> > -------
> > PARAM  MSA-mode        # Message Submission Agent mode. Require
> > #                       # successful user authentication during SMTP
> > #                       # sessions initiated from outside 
> of the trusted
> > #                       # networks or the networks with 
> relaying enabled
> > #                       # (see "fulltrustnet" and "relaycustnet" in
> > #                       # smtp-policy.src file).
> > -------
> > 
> > having this and "smtp-auth" was enough.
> > 
> > The problem we have now is that if MSA mode is enabled 
> > (via MSA-mode keyword or BindSubmit ) then we cant avoid
> > authentication from fulltrustnet networks.
> > The answer is always:
> > 503 5.5.1 Hello [192.168.1.21], In SUBMISSION mode must 
> authenticate first!
> > 
> > Is this something we doing wrong?
> > 
> > Thanks ....
> > -
> > To unsubscribe from this list: send the line "unsubscribe 
> zmailer" in
> > the body of a message to majordomo@nic.funet.fi
> > 
> > 
> 
> -
> To unsubscribe from this list: send the line "unsubscribe zmailer" in
> the body of a message to majordomo@nic.funet.fi
> 
-
To unsubscribe from this list: send the line "unsubscribe zmailer" in
the body of a message to majordomo@nic.funet.fi

Prev by Date: Re: Anybody else seeing hotmail connections hanging ?
Next by Date: Re: AUTH, MSA-mode and FULLTRUST
Prev by thread: Re: AUTH, MSA-mode and FULLTRUST
Next by thread: RE: AUTH, MSA-mode and FULLTRUST
Index(es):
- Date
- Thread