Re: [opensuse] Postfix & authenticated relay

John Andersen schreef:
On Fri, May 30, 2008 at 7:38 AM, Koenraad Lelong
<k.lelong@xxxxxxxxxxxxxxxxxx> wrote:
Hi,
I'm running Suse 10.3.
I'm trying to set up Postfix to allow users to send mail from the Internet
through my mailserver if they are authenticated.
I have most things set up OK I think, except for one thing, but I don't know
were to look for it.
The fact is pam tries to authenticate the user via mysql, but in the query
it omits the domain from the mail-address. Where can I configure this ?

Relying on a email address (or any art there of) is insecure. You want
to rely on username and password, as these are the only things common
clients pass anyway during the authentication process.

...

There is a great deal of evidence on the net that cram and digest do NOT work
and so you should not advertise them, because clients may try to use them.

For situations where you want to allow remote users to relay thru your box
you have to set up secure smtp. Then login and authentication is done
in a ssl tunnel and you only need plain and login methods.

I've not done this with sql, but we allow authenticated smtp connections
to relay using regular accounts.


I left some things out, to simplify, but maybe they do matter.
The setup will use TLS and the e-mail-address/password combination.
The query I mention sould get the password based on the mail-address,
but since the domain-name gets lost, there is no valid user.

(replying from home)
Koenraad Lelong.
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

Relevant Pages

  • Re: SMTP Exchange 2k relay authentication
    ... Authentication required for local delivery'. ... If I supply a username / password then it should be either ... To relay you must first connect, ... relay access to send email to the internet! ...
    (microsoft.public.exchange2000.setup.installation)
  • Re: Exchange 2000 and Spam mail
    ... Check out Open Relay Filter from www.vamsoft.com - inexpensive, ... > virtual server/access and selecting authentication. ... > That's in the properties of your server. ...
    (microsoft.public.exchange2000.misc)
  • Re: Incoming mail for recipients not in my domain
    ... you can always have them use their own ISP's SMTP server to send ... If you turn off authenticated relay, ... > authentication' and 'Integrated Windows authentication' are enabled. ...
    (microsoft.public.exchange2000.admin)
  • Re: Exchange ignores Smart Host settings
    ... could be my virtual SMTP that refuses to relay for some weird reason. ... > BellSouth may require authentication in order to relay through them. ...
    (microsoft.public.exchange.admin)
  • Re: OUT OF MEMORY INETINFO: Does anyone have the answer yet?????
    ... authenticate to relay, ... They need to configure their email client for outbound SMTP authentication. ... if an account has a weak password, an attacker may be able to guess/brute ... If you want a more detailed explanation on securing MS SMTP Server, ...
    (microsoft.public.inetserver.iis.smtp_nntp)