From owner-freebsd-questions Tue May 8 17:56: 6 2001 Delivered-To: freebsd-questions@freebsd.org Received: from w2xo.pgh.pa.us (18.gibs5.xdsl.nauticom.net [209.195.184.19]) by hub.freebsd.org (Postfix) with ESMTP id 495D737B423 for ; Tue, 8 May 2001 17:56:03 -0700 (PDT) (envelope-from durham@w2xo.pgh.pa.us) Received: from shazam (shazam [192.168.5.3]) by w2xo.pgh.pa.us (8.11.2/8.9.3) with ESMTP id f490rLb75348; Wed, 9 May 2001 00:53:21 GMT (envelope-from durham@w2xo.pgh.pa.us) Date: Tue, 8 May 2001 21:02:32 -0400 (EDT) From: Jim Durham X-Sender: durham@shazam.int To: Marc W Cc: FreeBSD Questions Subject: Re: preventing SMTP Relaying, but having moving customers? In-Reply-To: <200105090001.RAA83674@akira.lanfear.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Tue, 8 May 2001, Marc W wrote: > i would like to have a couple of people access my mail server for > secure POP or IMAP access, but also want to prevent relaying on > sendmail (so i have relaying turned off right now). > > Now, the problem is, these people are accessing the server from > various machiens and various accounts, and it's well nigh impossible to > put their ip addresses or hostnames in /etc/mail/relay-domains. > > So, the question is, what means can I use to allow them to send > mail without opening myself up to relaying? > > - i've tried the popauth suggestion on sendmail.org with only > limited success (it's a mild PITA, and seemed unreliable, actually) > > - i can force them to always redirect their local ports on their > machines, but the hassle factor for them goes up quite a bit there, > which is also undesirable ... > > - many common mailers today suggest that there is a way to "log in" > to outgoing SMTP servers? is this a way to get around this problem? > do any FreeBSD-happy mailers support such a thing? > > - might i best be served by ditching sendmail and trying something > else? > > any suggestions would be greatly appreciated. > You can build sendmail to use AUTH. This is different from POP-before-send and is supported by some mailers. I believe netscape supports this. The cookbook is on sendmail.org for it. Another approach is to use PPTP with mpd from ports. This allows a remote user on a foreign network to "tunnel in" to the LAN the mail server is on, thereby allowing relay. This is mostly what we do at our place, where we have about 50 people on the road. This is for Windows clients. I'm a little confused. Are your dial-up clients FreeBSD? If so, you could probably use vtund for the same purpose. Another thought is that the anti-relay rules are meant to prevent spam. Spam doesn't usually come from the larger ISPs that provide dialup service. You can get accounts from some of the larger ISPs that provide nationwide local dialups and then allow relaying just from that ISP. That would take care of 99% of the problem. We've found that you get some surprises, though, because large ISPs sometimes "farm out" their dialup in certain areas to local providers and you end up with a guy/gal coming in from "foonman.net" or something wierd, so this doesn't always work! -Jim Durham To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message