Re: sendmail - smtp security/authentication & port 587 issues

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Am 25.06.2011 23:50, schrieb Max Pyziur:
> 
> Greetings,
> 
> I'm refining a CentOs configuration installation, now just over one month 
> old running on a colocated production server. Previously, we ran a version 
> of Fedora for over seven years.
> 
> Specifically, I'm reviewing our sendmail configuration, both with respect 
> to authentication and port usage.
> 
> Previously, we had the following line in the sendmail.mc line:
> define(`confAUTH_MECHANISMS', `DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl

Though defined, you seem not to have made use of it; no SMTP AUTH in
your description of the previous setup.

> To authenticate, users would first have to POP their mail.
> 
> A klunky script would scan appropriate log files and copy relevant IP 
> addresses to the /etc/mail/access file that would be regenerated every 
> 5 minutes via cron.
> 
> Once the IP address was in the /etc/mail/access.db a user could be 
> authenticated and be allowed to send email using the machine as smtp.

That sounds as a poor version of POP-before-SMTP. Which mechanism
deletes the IP from the access_db?

By no means SMTP AUTH was used, just plain relay permission based on the
access_db.

> Is there a better way of doing this?

Definitely.

> Port 587 issues:
> Verizon DSL filters out requests on port 25 to smtp servers not belonging 
> to verizon.net. An alternative is to use port 587 for smtp purposes.
> 
> Are there any views in this CentOs user community on this?

Yes, configure SMTP AUTH and offer the submission service to the users.
Everything is prepared and documented within the sendmail.mc CentOS
ships with. You just have to think about which backend SASL shall use to
verify auth credentials.

> Much thanks.
> 
> Max Pyziur
> pyz@xxxxxxxxx

Alexander

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux