From owner-freebsd-questions  Thu Oct 31  6:59:24 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id E621237B401
	for <freebsd-questions@freebsd.org>; Thu, 31 Oct 2002 06:59:22 -0800 (PST)
Received: from boreas.primus.ca (mail.tor.primus.ca [216.254.136.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 2BEE343E91
	for <freebsd-questions@freebsd.org>; Thu, 31 Oct 2002 06:59:22 -0800 (PST)
	(envelope-from leth@primus.ca)
Received: from dialin-158-250.tor.primus.ca ([216.254.158.250])
	by boreas.primus.ca with esmtp (Exim 3.33 #16)
	id 187GNs-0007wf-0A; Thu, 31 Oct 2002 09:33:20 -0500
Date: Thu, 31 Oct 2002 09:59:14 -0500 (EST)
From: Jason Hunt <leth@primus.ca>
X-X-Sender: leth@lethargic.dyndns.org
To: freebsd-questions@FreeBSD.ORG
Cc: Steve Warwick <ukla@attbi.com>
Subject: Re: Sendmail: non-relay & secure
In-Reply-To: <B9E5EF5C.3B18%ukla@attbi.com>
Message-ID: <20021031094429.Q53636-100000@lethargic.dyndns.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On Wed, 30 Oct 2002, Steve Warwick wrote:

> I have sendmail / qpopper running on a production machine and have yet to
> figure out a way to open mail up to my client sin a secure way.
>
> Eg. Client logs in from aol.com to check and send mail.
>
> Is there a way to do this that will not open my machine up to abuse?
>

One thing you might want to keep in mind is that some clients may not be
able to even connect to your SMTP server.  A lot of ISPs (ie: AOL, Bell
Sympatico) and carriers (ie: UUNet, Bell Nexxia) do not allow their
dial-up users to connect to third party servers on port 25.  I believe
that AOL forwards any connections on port 25 to their own servers.
Sympatico simply drops port 25 packets to anywhere other than their
servers.  I know for a fact that UUNet and Bell Nexxia require their
resellers to keep an up-to-date list of their SMTP servers, which is
applied in a filter to drop packets for any other servers.

One workaround is you could put your SMTP daemon on another port.  I
think that the best solution is to have your clients use their ISPs
outgoing mail mserver.  If they travel a lot and/or have different ISPs, a
VPN might be an idea as well.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message