Matus Uhlar wrote: >> A solution to allow internal subnet relaying seems to be to put >> ESMTPAUTH into the smtpaccess files. This isn't documented, but I gather >> a whole range of environment variables can be enabled for specific >> address ranges in these files. Anyway it seems to work so far. >> > > > funny: we as an ISP we sss the problem in exactly opposite way: > allowing relaying without AUTH is unsafe, since anyone with access to > (our or customers') network can spam without any authentication info, which > is quite hard to filter off (without disabling relay to other users from the > same IP who do not have password). > > Since many of our customers already had hijacked or infected PCs with > malware spamming without authentication info (even not through our servers), > we recommend to customers to use the same scheme - requiring authentication > (preferrably through SSL/TLS) instead of blind relaying. > > I found it much easier to hunt for weak/stolen passwords and blocking > accounts than deal with relaying with spam from shared/dynamic IP addresses. > > Just to clarify, we now have all relaying turned off for all external connections, as should be the case. But to force internal users to authenticate their outgoing mail we found that the ESMTPAUTH variable could be set for the subnet in the smtpaccess files. We weren't aware that we could do this. Previously we had set the variable in the emstpd configuration which forced authentication for all connections, allowing someone outside to hack a password and get through. So I think we are now doing what you suggest should be done.
cheers, Ken ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
