|
cant you just setup an ip address
that only accepts connections from the barracuda on port 25, rejects all others
and doesn't require auth?
---- Original Message ----
From: Keith Willis To: [EMAIL PROTECTED] Sent: Wednesday, August 11, 2004 10:12 PM Subject: [courier-users] RE: SMTP authentication on a per hosted domain basis > Thanks for the answer, and I understand your point, but I think I > wasn't clear on what I was looking for. > > Let me provide an example. > > I currently host about 30 domains. Most of the domains use SMTP > authentication for relaying, and some have IPs in the smtpaccess > file. > > What I would like to do is that if someone tries to send email to > domain xyz.com courier rejects the email unless they use > authentication. However, domain ABC.com does not require > authentication so any email directed to it could come in normally. > > The reason for this is somewhat complex. We have a Barracuda > SPAM/virus firewall appliance (we are resellers for those of you > reading this - shameless plug). In essence, it is our only MX record > for many of the domains. For these domains, I want to require the > email to originate from the Barracuda firewall (it does support SMTP > authentication for delivery). For the domains that do not use the > Barracuda, they need to accept email normally. Also, users that are > sending mail from the Internet with dynamic IP addresses need to be > able to relay to courier with SMTP authentication so I cannot simply > block port 25 on the mail server IP. Some SPAMMERS bypass the > Barracuda and send directly to the mail server nullifying the value > of the Barracuda in many cases. > > My thinking is that if I could require SMTP authentication for > domains, only users that are authenticated could send email to > certain domains. > > For example, if user [EMAIL PROTECTED] attempts to relay, he would be > authenticated. If email from the Internet is destined for xyz.com, > it would have to hit the Barracuda and be filtered before arriving at > xyz.com (still delivered with SMTP authentication). Mail to xyz.com > that is not authenticated will not deliver. > > However, if abc.com does not pay for the Barracuda service, I want > mail to deliver normally to them whether we use SMTP authentication > for relaying or not. > > Does this make sense? Perhaps there is a way to do this with > maildrop or some other scripting means??? > > ----------------------------- > Keith Willis, President > Talon Computer Consulting, Inc. > http://www.taloncc.com > > *Developers of phpCourier: http://phpcourier.sourceforge.net > Open-Source (free) Fully functional account administration system for > courier-MTA > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Sam > Varshavchik > Sent: Wednesday, August 11, 2004 7:37 PM > To: [EMAIL PROTECTED] > Subject: [courier-users] Re: SMTP Authentication by Domain > > Keith Willis writes: > >> � HTML content follows � >> >> Greetings! >> >> >> >> Does anyone have any idea how to setup SMTP authentication on a per >> hosted >> domain basis? >> >> >> >> For example, I want certain domains to require SMTP authentication >> while >> others do not. Is there a way to do this in courier?? > > There is no telepathic way for a server to determine with 100% > certainty > what �domain� the connecting client belongs to. On the Internet, > nobody > knows that you're a dog. Anyone can try connecting to any server, and > pretend to be anyone else. > > Thus, taking it for granted that something like this could be done, > all that > someone has to do is to pretend that he belongs to one of the special > domains that do not require authentication, and that's it. > > Authenticated SMTP is used only for granting mail relaying > privileges. In > this context, the actual domain is irrelevant. Either the connecting > IP > address is defined in your smtpaccess file as one that has relaying > privileges, or the connecting client must provide a valid userid and > password, in order to receive relaying privileges. |
