On -9/01/37 05:29, Sam Varshavchik wrote: > Ken Sarkies writes: > >> Just to clarify, we now have all relaying turned off for all external >> connections, as should be the case. But to force internal users to >> authenticate their outgoing mail we found that the ESMTPAUTH variable >> could be set for the subnet in the smtpaccess files. > > It could be, but it's not required. Your configuration is > unnecessarily complicated. The ESMTPAUTH setting does not require > authentication. ESMTPAUTH only defines which SASL authentication > mechanisms are advertised. Thanks Sam.
Sorry, I've muddled my post a bit. I should have referred to enabling authenticated relaying. > > It's only a side effect that removing ESMTPAUTH results in no SASL > authentication mechanisms being advertised, making it impossible for > any client to authenticate. With ESMTPAUTH being set, this merely > advertises the SASL authentication mechanisms, and authentication is > required only to relay mail. Delivery to local mailboxes does not > require authentication, so clients can connect and send mail to your > local mailboxes, with no authentication being required even if > ESMTPAUTH is set. This makes it a bit clearer but, unless I still don't quite understand, I'm not fully convinced we are overly complicated. Just to review the question, we experienced relaying through the server from outside, and found by testing that relaying was possible with authentication. The ESMTPAUTH setting in esmtpd was set to LOGIN which I understand from the docs enables this relaying. Although the effective disabling of external relaying by removing ESMTPAUTH is a side effect, it seems to me to be quite important for security in simpler cases like ours where relaying from outside the subnet is not needed. At the same time we want to tighten security within the subnet by forcing users to authenticate. This means not using RELAYCLIENT (apart from a couple of dumb machines) and adding AUTH_REQUIRED=1, ESMTPAUTH="LOGIN PLAIN" to the subnet entry in smtpaccess. >> We weren't >> aware that we could do this. Previously we had set the variable in >> the emstpd configuration which forced authentication for all >> connections, allowing someone outside to hack a password and get >> through. > > That's a different setting, AUTH_REQUIRED. All that does is require > authentication for delivering to local mailboxes. Normally, regular > incoming mail does not require authentication. Anyone on the Internet > needs to deliver mail to your mailboxes without authenticating to your > mail server, of course, so local mail delivery cannot require > authentication. Yes, we discovered that quickly enough. > > The default configuration of ESMTPAUTH globally should not be changed, > in most situation. If some user's credentials have been compromised, > that is a different issue. Well, it is a related issue in the sense that, while a strict password policy can reduce the chance of hackers getting passwords by dictionary attacks and the like, it also results in our very human users writing down passwords and leaving them lying around. We need a compromise and this results in less than satisfactory passwords being used. cheers, Ken ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
