Is it possible to have vpopmail add the client's domain name and IP to
the open-smtp file so it will only allow relay to that domain name and
IP?
Bill Wichers wrote:
My server's uplink will get congested when a user send massive email
using my server.
How can I only allow relaying for domain hosted in my server? Like the
domain in the rcpthosts file.
If you turn off roaming users support, vpopmail will, by default, allow
relaying to *only* those users listed in rcpthosts. The whole point of
roaming users (pop-before-smtp, SMTP Auth, etc.), is to allow *authorized*
users to send to domains *not* hosted on the local server.
If you're trying to only allow users from inside your domain to relay
through your server, then you need one of the things like pop-before-smtp
or SMTP Auth. Domain-based security isn't all that great though -- there's
nothing to stop your users from claiming to be from whatever domain they
want so that they can relay through your server. If all your users are
inside your network, you could use tcp.smtp to just allow your various
subnets and not have to deal with any of the higher-level authentication
schemes. The exact method you use will depend on your network
configuration and the requirements of your users.
For all-inside users, just use tcp.smtp. For roaming users (coming in from
networks outside your organization), SMTP Auth is really the best way to
go. I am myself migrating over from pop-before-smtp using relay-ctrl to
SMTP Auth primarily due to the scalability issues with pop-before-smtp.
-Bill
*****************************
Waveform Technology
UNIX Systems Administrator
|
- Re: [vchkpw] vpopmail - roaming service ro0ot
-
