Len
Most ISPs make their users have the same user/pass pair for both RADIUS and
MAIL. Even if they don't, a user of an ISP has an entry in RADIUS that can
be used for authenticating against the mail server (there's no law stating
that pop3 user/pass has to be used for smtp auth).
As for whether users know how to change to a port in particular software,
that's what support websites are for. There's always technical difficulty
when a technical solution hits non-technical user communities.
As for the basis of my solution, we have national access through one of
those companies that resell their dialup lines. Our users who go roaming
have to setup their client to use SMTP AUTH and talk to one of our postfix
boxes.
Postfix uses cyrus sasl to do SMTP AUTH. I have cyrus setup to use PAM. I
have a PAM module that authenticates against RADIUS. The only change in the
solution that I use that Andrew would have is the port issue.
Since it appears Cshore is an ISP, I can almost guarantee they have RADIUS
and I hate introducing many new hoops (external database for both Imail and
SMTP AUTH) at the same time.
Heh, it was just my 2 cents, taxable in Ohio. Everybody feel free to
implement/not implement as you see fit.
**********************************
Wayne Smith, CNE/MCSE/CCNP/CCDP
Computer Resources (http://www.cros.net)
----- Original Message -----
From: "Len Conrad" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, February 19, 2001 3:42 PM
Subject: Re: [IMail Forum] unable to send mail through ATT connection
>
> >If port 25 filtering is implemented, you can either change the port you
are
> >listening on
>
> But will the roamers know how to set up their mail clients to send to
> another port??
>
> eg, a quick look a my main personality in Eudora 5 does show not me
> how to send outbound to a port, only to a hostname or ip.
>
> >I believe you are an IMGate user, so you could also do SMTP AUTH on your
> >postfix box (postfix shouldn't have a problem running on more than one
> >port). You need to install CYRUS SASL and compile support for that
library
> >into postfix. Then you can setup PAM (pluggable authentication modules)
> >with a RADIUS module that can auth against your RADIUS server.
>
> yes, all that's doable technically, but how would he get his RADIUS
> accounts and Imail accounts sync'd up, same logins and
> passwords? Imail doesn't AUTH against RADIUS. And while postfix can
> AUTH against LDAP, Imail's LDAP server doesn't provide secure AUTH, (yet).
>
> The only what I can see is to have Imail and postfix both auth
> against an external SQL database. Imail talks to the tables through
> ODBC and postfix could talk to the same tables through an OpenLDAP
> server based on the SQL server. I don't know whether postfix can
> AUTH though something like UNIXODBC.
>
> I really think the only practical way, for most of us, is to go along
> with the trend of IPS's blocking port 25. Access to Imail's port 25
> from Internet could then be blocked at the border router, really
> protecting Imail, and forcing all inbound SMTP to IMGate. ie,
> roamers would not relay through the IMail ISP but only through their
> access provider's SMTP relay.
>
> Len
>
>
> Please visit http://www.ipswitch.com/support/mailing-lists.html
> to be removed from this list.
>
> An Archive of this list is available at:
> http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
>
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
