From owner-freebsd-isp Mon Nov 6 7:19:10 2000 Delivered-To: freebsd-isp@freebsd.org Received: from bessel.tekniikka.turkuamk.fi (bessel.tekniikka.turkuamk.fi [193.166.133.10]) by hub.freebsd.org (Postfix) with ESMTP id BBDE937B682 for ; Mon, 6 Nov 2000 07:19:00 -0800 (PST) Received: from localhost (eyurtese@localhost) by bessel.tekniikka.turkuamk.fi (8.9.2/8.9.2) with ESMTP id RAA31114; Mon, 6 Nov 2000 17:18:40 +0200 Date: Mon, 6 Nov 2000 17:18:40 +0200 (WET) From: Evren Yurtesen To: kirk Bailey Cc: jfporter@howlermonkey.net, freebsd-isp@freebsd.org Subject: Re: sendmail and auth In-Reply-To: <3A0630D4.F37AD787@netzero.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Well I ment if somebody is using Authentication with sendmail. You know in your mail client you can set your password and username so the server can authenticate you when you are sending email. I see this is available in the latest versions of sendmail. Sendmail now supports SMTP authentication I guess... Quote from the readme is below; +--------------------------------+ | SMTP AUTHENTICATION | +--------------------------------+ The macros ${auth_authen}, ${auth_author}, and ${auth_type} can be used in anti-relay rulesets to allow relaying for those users that authenticated themselves. A very simple example is: SLocal_check_rcpt R$* $: $&{auth_type} R$+ $# OK which checks whether a user has successfully authenticated using any available mechanism. Depending on the setup of the CYRUS SASL library, more sophisticated rulesets might be required, e.g., SLocal_check_rcpt R$* $: $&{auth_type} $| $&{auth_authen} RDIGEST-MD5 $| $+@$=w $# OK to allow relaying for users that authenticated using DIGEST-MD5 and have an identity in the local domains. The ruleset Strust_auth is used to determine whether a given AUTH= parameter (that is passed to this ruleset) should be trusted. This ruleset may make use of the other ${auth_*} macros. Only if the ruleset resolves to the error mailer, the AUTH= parameter is not trusted. A user supplied ruleset Local_trust_auth can be written to modify the default behavior, which only trust the AUTH= parameter if it is identical to the authenticated user. Per default, relaying is allowed for any user who authenticated via a "trusted" mechanism, i.e., one that is defined via TRUST_AUTH_MECH(`list of mechanisms') --------------------------------------------------------------------------- I just wondered if anybody configured this so far? This is quite handy when your customers do connect from a lot of different ISP's which doesnt offer SMTP service or the other ISP is also offering SMTP service to their customers only with SMTP authentication etc. Evren On Sun, 5 Nov 2000, kirk Bailey wrote: > Sure do. SMTP is unlocked for a limited time when they successfully pop > the account. THAT individual IP is listed in a table of authorized > users. every foo minutes it is erased, so we have to pop again to > continue accessing. This is a bit of a hack, but ALL pop before send is > a hack, out of the box the sendmail does not handle pop before send. > > As an aside, to help resist spam, limit the max number od deamon > children to some modest number, and the max number of recipients per > envope. We opted for 12 ceamon children and 10 recipeints. This alone is > VERY fustrating to someone who wants to send out 100,000+ addresses. > > The pop 2 send project is still under devlopment. It works, but is a bit > f a kludge. when the code smith in the team has time, he will refine the > process to drop CRON out of the deal, and write a C executable instead > of perl scripting to handle file management. When that is done and > debugged, and we feel it is ready for public light, we will talk about > offering it- and his services- to the public. > > for now, I would not want to accept responsibility for handing you an > app which is in effect a working ALPHA version of something. > > But feel free to write us. As a in team courtesy to Jim, I am CCing a > copy of this letter to him. PLEASE conduct correspoondance with me, as > he is VERY busy right now with several contracts. > > > Evren Yurtesen wrote: > > > > is there anybody using sendmail with authentication support? > > I want to authenticate users before they send email if they are coming > > from another domain than which is defined in relay-domains file. > > thanks > > Evren > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-isp" in the body of the message > > -- > > > > -Respectfully, > -Kirk D Bailey > > > end > ___ ___ ___ ___ ___ ___ ___ ___ ___ ___ ___ ___ ___ ___ ___ ___ > |___|___|___|___|___|___|___|___|___|___|___|___|___|___|___|___| > | _ \___ __ _ __| |_(_)_ _ __ _| |_| |_ ___ / __/ _ \| \| | > | / _ Y _` (_-< _| | ' \/ _` | _| ' \/ -_) (_| (_) | .` |_ > |_|_\___|__,_/__/\__|_|_||_\__, |\__|_||_\___|\___\___/|_|\_( ) > |___/ |/ > > Kirk Bailey, consulting loose cannon > > www.howlermonkey.net highprimate@howlermonkey.net > http://gipco.webjump.com idiot1@netzero.net > _ _ _ _ > ___ _ _ ___ _ _ _ _| |_ __ _| |_ __ _| |_(_)_ __ ___ > / _ \ ' \/ -_) ' \ || | _/ _` | _/ _` | _| | ' \/ -_)_ > \___/_||_\___|_||_\_,_|\__\__,_|\__\__,_|\__|_|_|_|_\___(_)_ ___ > |___|___|___|___|___|___|___|___|___|___|___|___|___|___|___|___| > > > _______________________________________________ > Why pay for something you could get for free? > NetZero provides FREE Internet Access and Email > http://www.netzero.net/download/index.html > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message