[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AUTH, MSA-mode and FULLTRUST




This is completely untested, and this is more or less my first time
looking at the smptserver code.. I would guess that in smtpcmds.c,
somewhere around line 433, changing

    if (msa_mode && ! SS->authuser) {

to 

    if (msa_mode && ! (SS->authuser||SS->policystate.full_trust) ) {

.. and possibly the error message it pumps out. This whole chunk of code
was added sometime between the time ranges in the private message
(20040312 ... 20041104).


On Thu, 2004-02-12 at 21:47 -0400, Jeff Warnica wrote:
> I suspect that the path of least resistance would be to have local
> systems submit to :25. But if you are going to reconfigure each client,
> you might as well tell it to send the username/password. I suppose you
> could do some port redirection magic (ie, iptables with Linux) such that
> connections to :587 are transparently redirected to :25.
> 
> I don't know if what you ask about ZMailer is possible, but this might
> provide a quick solution until something else comes along.
> 
> On Thu, 2004-02-12 at 20:51 -0300, Nicolas Baumgarten wrote:
> > Hi,
> > 
> > in previous versions we used authentication 
> > like is descripted in this old smtpserver.conf sample
> > -------
> > PARAM  MSA-mode        # Message Submission Agent mode. Require
> > #                       # successful user authentication during SMTP
> > #                       # sessions initiated from outside of the trusted
> > #                       # networks or the networks with relaying enabled
> > #                       # (see "fulltrustnet" and "relaycustnet" in
> > #                       # smtp-policy.src file).
> > -------
> > 
> > having this and "smtp-auth" was enough.
> > 
> > The problem we have now is that if MSA mode is enabled 
> > (via MSA-mode keyword or BindSubmit ) then we cant avoid
> > authentication from fulltrustnet networks.
> > The answer is always:
> > 503 5.5.1 Hello [192.168.1.21], In SUBMISSION mode must authenticate first!
> > 
> > Is this something we doing wrong?
> > 
> > Thanks ....
> > -
> > To unsubscribe from this list: send the line "unsubscribe zmailer" in
> > the body of a message to majordomo@nic.funet.fi
> > 
> > 
> 
> -
> To unsubscribe from this list: send the line "unsubscribe zmailer" in
> the body of a message to majordomo@nic.funet.fi
> 
> 

-
To unsubscribe from this list: send the line "unsubscribe zmailer" in
the body of a message to majordomo@nic.funet.fi