+++ Raju Mathur [linux-india] <02/12/01 20:41 +0530>: > Couple of questions about sendmail. I enabled SMTP AUTH (using the > Cyrus SASL and PLAIN and LOGIN methods) on a stock Red Hat 7.1 > Sendmail 8.11. The LOGIN works fine for local users relaying mail > through the company server, except for a couple of issues.
Fair enough > First off, I also need to enable STARTTLS in order not to have > passwords transmitted in clear-text over the wire. However, STARTTLS > appears to require a certificate on the client side, and self-signed > client side certificates don't seem to work, especially with Outlook The server can send a self-signed certificate, which the client has to accept ONCE and declare a valid / trusted certificate. > Secondly, is there any way to tell sendmail that if, e.g user ``raju'' > logs in using SMTP AUTH then it should only relay messages which come > from that client AND which have ``[EMAIL PROTECTED]'' as the sender Any particular reason for this? Once someone AUTHs himself, only his IP can relay through your server for a short window of time. If it really matters what the envelope-from should be, you might try Jan Krueger's site at http://www.digitalanswers.org/check_local for ideas. > address? In other words, even with SMTP AUTH enabled the sender can > choose any envelope sender and make the message appear to be from > another person. Feature of [E]SMTP. Not very necessary to limit this - especially as people might well have other email addresses forwarding to their account. > mail recipients aren't clued in enough to be able to figure out what a > signature is or distinguish a good signature from a bad one, so we > need to be able to configure Sendmail to check and reject messages > with forged envelopes. It is very trivial to get around such checks - and even to forge valid envelope froms. Thawte / Verisign certificates are built into OE - or there are some excellent PGP clients for windows, which integrate rather well into outlook. Training your users might be the best thing to do :) -- Suresh Ramasubramanian <----> mallet <at> efn dot org EMail Sturmbannfuhrer, Lower Middle Class Unix Sysadmin _______________________________________________ linux-india-help mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/linux-india-help
