* Beat Horn <users@sogo.nu>: > thanks for all your answers. There is no mailserver on that machine (yet) - > the idea was to setup a slim and performant solution communicating with ah > existing external hosters mailserver. this could be done with tine or
Yes. I understood that idea. Its a product use case SOGo developers might not have on their list (yet). > oxchange but those are either slow or not slim at all. Maybe I should > consider postfix as proposed. But still I think that smtp auth included in > SOGo would be a good idea. +1 p@rick > rgds > Beat > > 2011/10/16 Patrick Ben Koetter <p...@state-of-mind.de> > > > * Martin Rabl <users@sogo.nu>: > > > Update ... ;-) > > > > > > Am 16.10.11 22:01, schrieb Martin Rabl: > > > >Am 16.10.11 19:53, schrieb starfish: > > > >>looks like many people miss smtp-auth. will it be available in SOGo 2 ? > > > >SOGo itself delivers into the configured smarthost. > > > Ok, when you need another mailserver (than the smarthost), which > > > wants SOGo to authenticate itself, there could be a need. > > > > Strictly speaking an SMTP server that accepts messages from SOGo becomes an > > MSA > > (message submission agent). MSAs are special, because messages originiate > > from > > MSAs. Messages enter the mail transfer at the MSA and then relays and > > border > > filters (vulgo: Gateway) transfer it closer to the final destination where > > it > > they are delivered to an MDA. > > > > As an MSA the SMTP server has the special role to ensure the message > > conforms > > to Internet standards (complete envelope addresses etc.) and the MSA must > > (!) > > ensure the message was submitted only by authorized senders. > > > > The RFC for Submission states a client MUST use SMTP AUTH before it > > authorizes > > the client to submit the message and it MAY use TLS (to protect weak AUTH > > mechanisms). > > > > I think if SOGo and MTA/MSA are on the same host, it should suffice to > > create > > a dedicated server instance that lets only clients from 127.0.0.1 submit > > messages and do the MSA checks at this level. Something like this in > > Postfix > > master.cf will probably do: > > > > 127.0.0.1:25 inet n - n - - smtpd > > -o smtpd_delay_reject=no > > -o smtpd_client_restrictions=permit_mynetworks,reject > > -o smtpd_helo_restrictions= > > -o > > smtpd_sender_restrictions=reject_non_fqdn_sender,reject_unknown_sender_domain > > -o > > smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_mynetworks,reject > > -o smtpd_data_restrictions=reject_unauth_pipelining > > -o smtpd_end_of_data_restrictions= > > -o smtpd_restriction_classes= > > -o mynetworks=127.0.0.1/32 > > -o smtpd_client_connection_count_limit=0 > > -o smtpd_client_connection_rate_limit=0 > > -o > > receive_override_options=no_header_body_checks,no_unknown_recipient_checks > > -o local_header_rewrite_clients= > > > > And yes, if SOGo submits messages to an MSA that isn't on the same host > > SOGo > > should use SMTP AUTH. > > > > > > > But, in this case IMHO it would be a better setup SOGo to deliver > > > Mails to the localhost-mailserver, which is configured to relay to > > > the mailserver with the smtp-auth-need. > > > Easy setup ... > > > > > http://postfix.state-of-mind.de/patrick.koetter/smtpauth/smtp_auth_mailservers.html > > > > > > (Thank you, Patrick) > > > > Glad it is still of help. :) > > > > p@rick > > > > -- > > state of mind () > > > > http://www.state-of-mind.de > > > > Franziskanerstraße 15 Telefon +49 89 3090 4664 > > 81669 München Telefax +49 89 3090 4666 > > > > Amtsgericht München Partnerschaftsregister PR 563 > > > > -- > > users@sogo.nu > > https://inverse.ca/sogo/lists > > > -- > users@sogo.nu > https://inverse.ca/sogo/lists -- state of mind () Digitale Kommunikation http://www.state-of-mind.de Franziskanerstraße 15 Telefon +49 89 3090 4664 81669 München Telefax +49 89 3090 4666 Amtsgericht München Partnerschaftsregister PR 563 -- users@sogo.nu https://inverse.ca/sogo/lists
