|
Hi,
I have a
situation here, and I would appreciate your opinions.
My users send
outbound emails directly to the MTA 587 SMTPAuth port. So outbound emails don't
go through ASSP.
Now, if I
want them to use the email interface I need, somehow, to make the
email go through ASSP.
So, I
did setup a subdomain assp.domain.com with an MX pointing to my box, and
obviously not configured the MTA.
It is as well
in the localdomains.txt so ASSP will allow incomming emails to the
domain.
So,
1- The a user sends an email to assp-spam @
assp.domain.com
2- The email goes to the MTA 587 SMTPAuth
port
3- MTA realizes it is not a local
domain
4- MTA resolves the MX and sends it to it,
which is the same box
5- ASSP receives the connection
Now.. what
problems does this have?
A- Well, the first one is the "Forged HELO"
feature, because as the connection is from the MTA, then the HELO is a local
domain, which of course is refused by ASSP because it thinks sombody from
outside is forging it.
So I disabled it... you
might think that allowing the server domains in the HELOs, is a solution, but
this would be equivalent to disabling it, because anybody can put whatever he
wants in the HELO.
I think Forged HELOs should be
checked only if the originating IP is not a the local/allowed list, but perhaps
I don't have the full picture.
So, is there any way to
currently allow these situations? I made some tests, but I'd like to know your
opinions first.
B- Now, with HELO validation disabled, the second
problem I find is relaying.
ASSP is configured with
assp.domain.com as a local domain, so it will pass MAIL-FROM and RCPT-TO to the
MTA.
But the MTA answers saying that
assp.domain.com is not local, and relaying is denied, so ASSP gets the relay
error, and doesn't process the email.
So, what do you think? Is there
any way to configure it like that? I would love to have my users using the email
interface instead of sending emails to me, which of course is pretty much
useless.
Ok, that's all
folks.
Warmest regards!
Javier Albinarrate
|
------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________ Assp-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-user
