Date: Thu, 31 Oct 2002 09:59:14 -0500 (EST) From: Jason Hunt <leth@primus.ca> To: freebsd-questions@FreeBSD.ORG Cc: Steve Warwick <ukla@attbi.com> Subject: Re: Sendmail: non-relay & secure Message-ID: <20021031094429.Q53636-100000@lethargic.dyndns.org> In-Reply-To: <B9E5EF5C.3B18%ukla@attbi.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 30 Oct 2002, Steve Warwick wrote: > I have sendmail / qpopper running on a production machine and have yet to > figure out a way to open mail up to my client sin a secure way. > > Eg. Client logs in from aol.com to check and send mail. > > Is there a way to do this that will not open my machine up to abuse? > One thing you might want to keep in mind is that some clients may not be able to even connect to your SMTP server. A lot of ISPs (ie: AOL, Bell Sympatico) and carriers (ie: UUNet, Bell Nexxia) do not allow their dial-up users to connect to third party servers on port 25. I believe that AOL forwards any connections on port 25 to their own servers. Sympatico simply drops port 25 packets to anywhere other than their servers. I know for a fact that UUNet and Bell Nexxia require their resellers to keep an up-to-date list of their SMTP servers, which is applied in a filter to drop packets for any other servers. One workaround is you could put your SMTP daemon on another port. I think that the best solution is to have your clients use their ISPs outgoing mail mserver. If they travel a lot and/or have different ISPs, a VPN might be an idea as well. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021031094429.Q53636-100000>