>> The only thing I would have to add to this configuration is the need to >> have LDAP setup with iMail > > Yep, LDAP and flatfile validation in use in ASSP. Works great. I > actually use the LDAP from our Active Directory rather than OpenLDAP > provided with IMail. > >> although you wouldn't be an open relay, and clients connection to your >> server would see you as such <snip> > > Not sure what you mean by this. We are not an open relay.
What I meant is that if you weren't using LDAP or flatfile address validation in ASSP, leaving it to iMail to do the address validation, then all email would be accepted by ASSP since its proxy server (hMailserver in this case) would be accepting all emails. Only when hMailserver relays them over to iMail would they be rejected, but by that point, the sending MTA would already have disconnected with the knowledge that hMailserver had accepted them. hMailserver would then try to send to iMail, iMail would reject it, and hMailserver would eventually return the rejected notification to the sender. This would cause a significant increase in traffic and work for hMailserver & ClamAV for nothing. However, this type of problem would only occur if you weren't using Local Address Validation in ASSP. Since you are, this isn't an issue for you. I was fairly sure that you were set up properly, but added in my 2cents in case someone new was reading the thread (either now, or in future when searching through archives) and didn't realize the consequences of not using Local Address Validation in this type of setup. > Please elaborate. I am well aware of how an open relay can be used. Be > specific regarding how your peception of my configuration is that it can > be abused. Are you thinking that there is something wrong with using > ASSP's second listen port and its ability to enforce auth? Absolutely not. I think your setup is very valid. Mine is somewhat similar as well. Like I said, the key is to use LAV with either LDAP or the flatfile. > Since using hmailserver as a gateway between ASSP and another MTA, the > LDAP issue is between ASSP and that other MTA, not the gateway, whatever > that is. Agreed. Merak MTA has a built-in LDAP server that is supposed to synchronize with the user list in the mail server. Unfortunately, this doens't include any domain aliases, so the user list ends up being incomplete. To make things worse, there is no modifiable configuration parameters I can tweak, nor any way to use a third party ldap server to synchronize with the user db, short of writing my own scripts using the Merak API. So for the moment, am just living without LDAP, using the MTA to do all the address validation. > Using hMailserver is a free solution for Windows based SMTP AV for a MTA > that does not have the capability otherwise. That is a great idea. And frees you up from needing to purchase the more expensive versions of some MTAs just to get services like AV which you can use from elsewhere. Thanks, Eric ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Assp-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-user
