[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: AUTH, MSA-mode and FULLTRUST
Checking the ChangeLog:
2004-06-22 Matti Aarnio <mea@zmailer.org>
* smtpserver/policytest.c:
When in MSA-mode, _ignore_ 'relaycustnet +' attributes.
Will then always demand user to authenticate!
So obviously its a feature not a bug :-)
Any idea for a work-around?
The need for this, us I previously said, is to control
from the mail server point of view (not firewall o smtp client
configuration)
who can send and who must authenticate.
Thanks
> -----Original Message-----
> From: Nicolas Baumgarten
> Sent: Friday, December 03, 2004 3:34 PM
> To: 'Jeff Warnica'
> Cc: Zmailer List
> Subject: RE: AUTH, MSA-mode and FULLTRUST
>
>
> Jeff,
>
> what I'm telling was possible and we are currently using it in many
> production servers.
> The exact version is: zmailer-2.99.56-patch1pre-cvs20040312
>
> When we set up a test install of cvs20041104 we find that it's not
> posible anymore.
>
> Our current setup includes many client networks which are
> "fulltrust" (including individual users or corporate MTA's)
> which don't need to authenticate.
> The rest of the world have to, if using our servers as
> outgoing relay.
>
>
>
>
>
> > -----Original Message-----
> > From: Jeff Warnica [mailto:jeffw@chebucto.ns.ca]
> > Sent: Thursday, December 02, 2004 10:48 PM
> > To: Nicolas Baumgarten
> > Cc: Zmailer List
> > Subject: Re: AUTH, MSA-mode and FULLTRUST
> >
> >
> >
> > I suspect that the path of least resistance would be to have local
> > systems submit to :25. But if you are going to reconfigure
> > each client,
> > you might as well tell it to send the username/password. I
> suppose you
> > could do some port redirection magic (ie, iptables with
> > Linux) such that
> > connections to :587 are transparently redirected to :25.
> >
> > I don't know if what you ask about ZMailer is possible, but
> this might
> > provide a quick solution until something else comes along.
> >
> > On Thu, 2004-02-12 at 20:51 -0300, Nicolas Baumgarten wrote:
> > > Hi,
> > >
> > > in previous versions we used authentication
> > > like is descripted in this old smtpserver.conf sample
> > > -------
> > > PARAM MSA-mode # Message Submission Agent mode. Require
> > > # # successful user authentication
> during SMTP
> > > # # sessions initiated from outside
> > of the trusted
> > > # # networks or the networks with
> > relaying enabled
> > > # # (see "fulltrustnet" and
> "relaycustnet" in
> > > # # smtp-policy.src file).
> > > -------
> > >
> > > having this and "smtp-auth" was enough.
> > >
> > > The problem we have now is that if MSA mode is enabled
> > > (via MSA-mode keyword or BindSubmit ) then we cant avoid
> > > authentication from fulltrustnet networks.
> > > The answer is always:
> > > 503 5.5.1 Hello [192.168.1.21], In SUBMISSION mode must
> > authenticate first!
> > >
> > > Is this something we doing wrong?
> > >
> > > Thanks ....
> > > -
> > > To unsubscribe from this list: send the line "unsubscribe
> > zmailer" in
> > > the body of a message to majordomo@nic.funet.fi
> > >
> > >
> >
> > -
> > To unsubscribe from this list: send the line "unsubscribe
> zmailer" in
> > the body of a message to majordomo@nic.funet.fi
> >
>
-
To unsubscribe from this list: send the line "unsubscribe zmailer" in
the body of a message to majordomo@nic.funet.fi