[EMAIL PROTECTED] wrote:
>
> I want to use qmail as smtp gateway. I have
> configured qmail to relay mail selectively from our
> mail servers.
How? Are you using tcpserver?
> It seems to me little elegant to
> manage this away qmail's control files but it really
> works. Maybe I could apply Rask Ingemann
> Lambertsen's patch (to add control/relayclients and
> control/relaydomains files) but I don't know if it's
> recommended.
tcpserver is the recommended way to control relaying.
> However I don't know how to manage forged senders
> with our own domain when it's received from
> Internet. If I include our domain in
> control/badmailfrom file, valid mail from our mail
> servers also is rejected. Otherwhise our users could
> receive mail that seems internal. DNS checking
> doesn't help because our domain is valid.
>
> I know that Internet Mail isn't authenticaded at
> all, withouth using digital signatures (PGP,
> S/MIME), but I think that accepting notorious forged
> mail is an error and even more if could be passed
> off as internal message.
The problem, as you acknowledge, is that SMTP is fundamentally
unsecure. The protocol has no authentication mechanism. Once you allow
a connection to your server, you have no control over what is said in
the conversation, this includes the identification of the sender. Read
/var/qmail/doc/TEST.receive and try the SMTP server test.
I'm not sure what to suggest.
R.
--
Robin Bowes - System Development Manager - Room 405A
E.O.C., Overseas House, Quay St., Manchester, M3 3HN, UK.
Tel: +44 161 838 8321 Fax: +44 161 835 1657
