From owner-freebsd-net Tue Mar 4 5:53:15 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3C40C37B405 for ; Tue, 4 Mar 2003 05:53:14 -0800 (PST) Received: from mercury.ccmr.cornell.edu (mercury.ccmr.cornell.edu [128.84.231.97]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5731A43F93 for ; Tue, 4 Mar 2003 05:53:13 -0800 (PST) (envelope-from mitch@ccmr.cornell.edu) Received: from ori.ccmr.cornell.edu (ori.ccmr.cornell.edu [128.84.231.243]) by mercury.ccmr.cornell.edu (8.12.8/8.12.8) with ESMTP id h24DrCTw013078; Tue, 4 Mar 2003 08:53:12 -0500 Received: from localhost (mitch@localhost) by ori.ccmr.cornell.edu (8.12.8/8.12.8) with ESMTP id h24DrCBL023834; Tue, 4 Mar 2003 08:53:12 -0500 X-Authentication-Warning: ori.ccmr.cornell.edu: mitch owned process doing -bs Date: Tue, 4 Mar 2003 08:53:12 -0500 (EST) From: Mitch Collinsworth To: John Angelmo Cc: freebsd-net@FreeBSD.ORG Subject: Re: Sendmail AUTH agains passwd? In-Reply-To: <3E645FCE.8000900@veidit.net> Message-ID: References: <3E645FCE.8000900@veidit.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, 4 Mar 2003, John Angelmo wrote: > I'm intrested in implementing sendmail with AUTH agains passwd, I have > only been able to do this agains TSL with their database, has anyone > tried agains passwd and got it to work? One approach that has been used with success by many folks, me included, is to, rather than try to auth sendmail itself, piggyback on pop or imap authentication that's already taking place for users to pick up their incoming mail. There are various implementations of this around but the basic idea usually comes down to: 1) post-process your pop/imap logs to see who has authenticated recently 2) add the IP addresses those users connected from to a database somewhere with time of authentication 3) update sendmail's list of IPs allowed to relay mail 4) periodically timeout IPs from the database that haven't re-auth'd recently. This scheme is not perfect but it's "pretty good" and works well with a reasonable amount of implementation effort. The primary "catch" is that users have to first connect with pop or imap before they can send mail, but for the convenience of being able to roam the planet without changing their smtp settings, they're normally quite willing to learn to do that. The primary advantage is that it doesn't require any special features in the MUA, which means your users are free to use whichever MUA they prefer. The one that I've had success with is here: http://poprelay.sourceforge.net/ -Mitch To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message