i am not angry, just verry tired .... so i'm going home i am not "guru" in qmail-ldap ... i am working with it just for 1 year ... so ... i want to do this "verification" to the smtp connection level from bandwidth reasons i can't (for now) to use more than one authentication database because i have a large number of users/accounts and more than 10 slave ldap servers and more than 10 regional mail servers and i have only one web interface for users/accounts management ... and to finish say only that i am not a C programmer and aprox all workstation have random IP from dhcp servers (only servers have static IP)
thanks to all. --- Fabio Gomes <[EMAIL PROTECTED]> wrote: > Em Qua 24 Nov 2004 16:32, voc� escreveu: > > i don't want relying based on sender's domain !!!! > > are you angry? > > > > > i have a lot o users/accounts and some of them must > not > > can sending mail to the "internet" .. just to local > domain > > so i thing to something like this: > > 1) have another ldap attribute and qmail-smtpd look > for > > this attribute and if it set just do onother > verification > > on recipient domain and if not in rcpthosts drop the > > connection > > or > > 2) qmail-smtpd look into another control file > > (~controls/<some file>) and if sender's address is > listed > > in this file check recipient domain and if is not in > > rcpthosts drop connection > > > > something like postfix is doing !!!!! > > > > The best way to selectively authorize users to send mails > out of your domain > is based on IP address using TCPSERVER and RELAYCLIENT > env or some kind of > authentication (AUTH SMTP, SMTP-AFTER-POP). > Some people uses different databases for SMTP > authentication and POP. Putting > on the SMTP authentication database, only the users > authorized to relay. > > You also could write a wrapper for qmail-queue to > determine, based on sender > address, if the mail is allowed to relay or not. But as > already said, address > can be forged. > > Look in qmail list. That issue was actively discussed > before in that list. > > > --- Brian Reichert <[EMAIL PROTECTED]> wrote: > > > On Sun, Nov 21, 2004 at 11:37:13PM -0800, Mihai > Costache > > > > > > wrote: > > > > second: can somebody tell me how to make > qmail-smtpd to > > > > check domain sender, sender email address and > domain > > > > recipient when mails came from relay hosts ... and > if > > > > domain sender is not in ~control/rcpthosts(.cdb) to > > > > > > reject > > > > > > > this emails and to can to do some like this : to > have a > > > > list of local email address who can send mails only > to > > > > locals domain (aka domain listed in > > > > ~control/rcpthosts(.cdb) or ~control/locals(.cdb)) > > > > > > It depends on what you're trying to accomplish. > > > > > > Bear in mind that the sender's domain can be forged. > > > Relying on > > > the sender's domain to control relaying isnt' very > > > useful. > > > > > > It _sounds_ like what you want is known people from > known > > > hosts to > > > be able to relay. > > > > > > If that's the case, you should look into SMTP AUTH; > that > > > forces > > > force's people's mail clients to provide a password, > such > > > that when > > > they've authenticated, they're allowed to relay > though > > > that mail > > > server... > > > > > > > thanks, > > > > Mihai > > > > > > -- > > > Brian Reichert <[EMAIL PROTECTED]> > > > 37 Crystal Ave. #303 Daytime number: (603) 434-6842 > > > Derry NH 03038-1713 USA BSD admin/developer at > large > > > > __________________________________ > > Do you Yahoo!? > > Yahoo! Mail - You care about security. So do we. > > http://promotions.yahoo.com/new_mail > > GL, > -- > F�bio Gomes > <[EMAIL PROTECTED]> > __________________________________ Do you Yahoo!? Read only the mail you want - Yahoo! Mail SpamGuard. http://promotions.yahoo.com/new_mail
