Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have a slight problem. I have a qmail server on the local network. in /etc/tcp.smtp I have allowed relaying from localhost and the martian addresses on the LAN. However, some of the people at the office need to be able to use their accounts from home.
They can receive mail fine, as they log into the pop server using their username/passowrd pair. But they can't send email, getting an error stating that they aren't in the rcpthosts file. Now, /etc/tcp.smto overrides the rcpthosts file, but only allows localhost and LAN relaying. As the people at home are on dialup accounts, they don't have permanent IP addresses, so the only way to allow them would be by allowing everyone to relay through my server.
Wouldn't that be a dumb idea? How can I let only the people I want relay from the wild, while stopping everyone else?
No, actually, they are using Outlook both from the office and from home. I just haven't had time to set up SquirrelMail yet (plus my boss doesn't want it, he wants to use Outlook). I know SquirrelMail would be an ideal solution, but surely there must be one for the Outlook situation?
Yar, I think I'll have to go with Squirrelmail, but it just puzzles me, how do commercial ISPs offer email to all their cleints? Are they perhaps open relay clients?
I mean, you have to log on to pop servers, isn't there some way to require logon to smtp servers?
Perhaps a mangling rule on the firewall that might check the from line of the email? --Ok, ok, I'm reaching...
I suspect that when you connect to an ISP to get your mail you are on their netblock, that is you dial in and are assigned an ip.
Most ISP's provide webmail services as well for other situations.
I have done this with vpopmail, it comes with and smtp after pop authentication, so first you check your mail (pop) using your username and password, and then you are able to send mail (smtp) because it puts your current IP address inside the valid relaying table for a predefined period of time.
Well, after some discussion with my brother, who KNOWS THESE THINGS, I have come to realise the error of my ways.
Sorry if much of what I say is obvious, but I repeat it purely for clarification to both myself, and anyone reading this who is confuzzed liek I was.
Firstly, when you dial in to an ISP you are essentially on their local network, even if you have a relatively slow (ie modem) connection instead of a nice UTP cable connection, just like mako747 said. That is why you are allowed to forward smtp, because you are on the LAN using one of their IP addresses.
When qmail receives an email, it can only do one of two things with it. One, deliver it to the destination if that is on the system, or two, forward it to another smtp server if the destination is not on the system. It will only do the first one if the domain of the address is in the rcpthosts file, and it will only do two if the RELAYCLIENT environment variable is set when it is run, which gets set by tcpserver based on source IP address. Unlike pop, there is no username/password authentication, so the only way to allow using the server to send mail onwards is by using an IP address that is allowed to relay. This means either being on the LAN, or allowing EVERYONE to relay, which is generally considered a VERY BAD THING, with good reason. I know so far this is all very obvious, but here come the solutions. Number one, use SquirrelMail. This is my brother's preffered option. It is the most secure, and allows you to have one copy of the mail accessable from anywhere, at any time, no hassles. Secondly, use smtp-auth, which is an extension to the smtp protocol that allows using a username/password pair to authenticate before connecting to the smtp server. Thirdly, like fariz83 is doing, use pop first to authenticate, and have a mechanism that sets RELAYCLIENT for that IP address, allowing smtp relay, and expire it on a set interval.
Well, the third option is the least secure, and a bit of a kludge, but hey, it works, and vpopmail comes with this ability almost built in, just compile with the --enable-roaming-users=y option.
Option two seems like an ideal solution, and simple to implement in theory. You simply patch the qmail smtpd, and supply a password check program. The smtpd program runs the password checker, which gets the username/password, validates it, and returns either success or failure, and smtpd only accepts relaying if the password checker returns success. However, I have been having a little trouble with this option. I'll need to hack away a bit more, but I'll post any results I get.
Option one is still the best, but at this stage requires the most work. I need to install an IMAP server, as I currently only have a POP3 server running. Also, https is required, which is not correctly configured at our site yet. Oh, well, at least I like a challenge...
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.