From: Matthew Wilson [mailto:[EMAIL PROTECTED]
>
> >> allowing relay is the same as connect without auth. An auth'd user
> >> is granted the ability to relay, so allowing an IP to relay is
> >> effectively the same.
> >
> > Ok, except that I don't want this ip to be able to relay.
> >
> > I want my users to connect to my Courier box to send email via
> > authenticated smtp. Unauthenticated users or Internet MTAs should
> > not be allowed to connect. General email from the Internet comes
> > through a filtering server. This server needs to be able to deliver
> > to the Courier box, but it is unable to authenticate itself.
> >
> > So...
> > - The filtering server should be able to connect without
> > authentication
> > - The filtering server should NOT be able to relay
> > - Everyone else should be required to authenticate
>
> It sounds like the mail from the filtering server will all be destined
> for your user server, so you should not need any special setup.
> Courier will accept mail for addresses that it is configured to accept
> mail for. Just don't put your user server in DNS as an MX, that's
> easy.
>
> The filtering server will have to be configured to accept mail for
> your domains so that it can filter the messages and then forward the
> good messages onto your user server. Is this where you need help?
>
> /etc/courier/smtpaccess/ should at this point only allow 127.0.0.1 to
> relay, just so your scripts and whatnot can mail you, etc.
The only thing I need help with is the authentication.
At the moment, my Courier server does not allow smtp connections from
the Internet. What I want to do is allow my users to send mail through
my server via authenticated smtp. But I don't want any chance of other
mail bypassing the filtering server.
There's not going to be an MX record for the Courier server, but if it
accepts smtp connections from the Internet, then I have to assume that
the spammers will eventually find it. I know that a non-authenticated
connection will not relay, but I don't want spam sent to my users
either. So I'm trying to configure it so that it only accepts what is
absolutely necessary.
Authenticated smtp should be allowed for anyone.
-- This is default and not a problem.
Non-authenticated smtp should be allowed only for the filtering server
-- This is what I am trying to figure out.
If I set AUTHREQUIRED=1, then how do I allow the filtering server to
connect without authentication and without being able to relay?
If I set AUTHREQUIRED=0, then how do I deny non-authenticated
connections from anyone except the filtering server?
Bowie
-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
_______________________________________________
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
