On Tue, 24 Jun 2003, Satish Balay wrote:
> > SMTP servers do not authenticate on a user level...and even when SMTP is
> > on an authenticated basis, it does not require SSL/TLS.
>
> I guess I need to understand the difference between the following:
>
> Source --(SMTP)--> destination
> Source --(SMTP?)--> relay -(SMTP)--> destination
> ^^^^^^
> and what the above mentioned options actuall do. Do they affect both
> 'Source -> Destination', 'source -> relay' (if relay is somehow
> specified? )
Postfix, whether installed locally or on a remote server, is always a
"relay"
For the end user, the "relay", whether it be a locally installed
Postfix/Sendmail/Exim/Qmail/Exchange/etc is whatever mail server the
client program (Pine/Mutt/Elm/Eudora/Outlook/Netscape/Mozilla) is sending
mail, on its way to the final destination. And, unless your recipient is
on the same mail server to which your client connects, your mail client
program should not be used to connect to all the mail servers...that's the
job of an actual mail server/relay system/program.
For your purposes, the "relay-(SMTP)" should probably be your ISP's mail
server, especially since you seem to A) be blocked from outbound
connections to outside mail servers and B) require authentication at the
SMTP server level.
> > > > Currently, authenticated SMTP is limited to connections between
> > > > client and server.
> > >
> > > Looks like - it is not possible to set up what I want in
> > > postfix/sendmail. Here postfix would be the client - and the external
> > > smtp-relay is the server.
> >
> > Does the external smtp relay server require user level authentication?
>
> The one I'm thinking of does require authentication. I need to explain
> a bit here. I use my laptop on varing networks (primarily 2 - home,
> work). So, I can do either of the following:
>
> 1. use /usr/sbin/sendmail (postfix) for all outgoing mail (might get
> rejected by AOL and others)
This is where you will need to use your ISP's mail server...as my
connection is a cable modem, I do run into this from time to time, and
wind up having to go through my ISP's mail server...but they don't require
authentication, as I'm on their local IP space.
> 2. Modify 1. - and additionally specify 2 open SMTP relays - for 'AOL'
> and the like. Based on the network I'm in - one will work - and the
> other won't. (so hopefully this should work at both home and at
> work networks)
That's where the transport map comes into play. That is exactly what I'm
doing, here.
> 3. Modify 1. - and specify a 3rd party external SMTP-relay for AOL and
> the like that can be accessed using user-auth & SSL (this third
> party SMTP-relay - as it is authenticated - can be accessed from
> any network my laptop is connected to)
And, unless someone has an answer to the contrary, you won't be able to
use this option with an SMTP dameon like postfix or sendmail.
> I currently use 1. Wold like to do 2 or 3. I currently can manage this
> with pine (rules) I can specify the following rule in pine:
>
> **********
> if (participant-pattern 'matches' @aol.com, @someotherhost.com) {
> use smtp=my.isps.mail.server/ssl/novalidate-cert/user=username
> }
>
> default smpt=/usr/sbin/sendmail
> **********
>
> I was hoping there is a simple way to push this into postfix config
> (and get the spooling benefit for all my mails) - but it looks too
> difficult to achieve this configuration.
Or, you could just set that Pine rule to match @* (should work,
theoretically) and use the authenticated smtp option at your ISP.
> > > I'm not running a mail server. I'm just using a local sendmail (aka
> > > postfix) for all my outgoing mail from pine. I decided to do this - as
> > > I can't specify multiple smtp servers to 'pine'. (home/ work /
> > > somewere in a hotel with network access etc..)
> >
> > Whether your running it as an actual mail server or not, Postfix is a mail
> > server daemon. While your postfix would be acting as a client to the
> > remote recipient server, it's still a server...after all, it is accepting
> > mail from your program (PINE, mutt, ELM, etc).
>
> No contest here. I just wanted to clarify that the 'postfix mail
> server' I'm running services my 'pine' and nothing else.
Gotcha.
> > If you just want Pine to send through your ISP's mail server, you'll need
> > to configure PINE's smtp server settings. To tell the truth, I'm not
> > aware that any SMTP daemon has a setting to act as an SMTP-AUTH
> > client...just as an SMTP-AUTH server.
>
> If thats the case there is a protocol failure somewhere in the stack.
>
> end-to-end SMTP doesn't work (aka aol)
> end->relay->end doesn't work (postfix can't talk to the relay via authentication)
No failure in the protocol. SMTP-AUTH is an extension to the SMTP
setup...I'm sure that there just hasn't been a lot of need seen for
outbound SMTP-AUTH in the server daemons. However, the Postfix team is
pretty responsive...you might want to broach the subject to them.
> > If someone else has knowledge to the contrary, please fill us in.
> >
> > > I wonder how mutt users would do this (on their laptops) - as for mutt
> > > - the correct tool to handle outgoing mail is a local sendmail (not
> > > the ISP's smtp relay)
> >
> > Why? If, like PINE, mutt allows the setting of an outbound SMTP server,
> > why would using that outbound SMTP server not be the correct tool for the
> > purpose? Especially if PINE or mutt can be configured to pass a username
> > and password for authentication purposes?
>
> No, mutt cannot use an external SMTP server setting. It depends on the
> /usr/sbin/sendmail to the correct job of delevering mail.
Bummer...I'm a little surprised that they went that route...especially
given that it's supposed to be more full featured than elm or pine.
> > if user level authentication is not actually required by the remote
> > SMTP server, then PINE or mutt's remote SMTP options should work just
> > fine.
>
> Agreed. PINE works EVEN with user authentication of the external
> smtp-relay. But thats not how this thread started.
Yes and no...the origination of the thread appeared to need some
clarification of terms and ideas.
--
Mike Burger
http://www.bubbanfriends.org
Visit the Dog Pound II BBS
telnet://dogpound2.citadel.org or http://dogpound2.citadel.org:2000
To be notified of updates to the web site, send a message to:
site-update-request@xxxxxxxxxxxxxxxxx
with a message of:
subscribe
