On Thu 1999-04-08 (11:56), John Grant wrote:
> >On Thu, 8 Apr 1999, John Grant wrote:
> >
> >> So, is anybody using XMIT ? Since it's a standard feature in qpopper I
> would
> >> hope that someone is doing this...
> >
> >it may be a standard feature in qpopper, the issue here is that it's not
> >part of the POP standard, and so most mail clients don't seem to support
> >it. Hence, since none of my users is clamouring for it there's no point in
> >me spending time on it.
>
>
> This to support our remote users who often end up on other companies'
> networks. Many companies now use firewalls to redirect outgoing port 25
> traffic that is not from a 'known' mailhost to the internal mail host for
> processing.
>
> We want our remote users to be able to send email with our company domain
> name on it, without a) having to have customer firewalls reconfigured, or
> b)leaving our mail server open as a spam relay.
>
> So it looks like I'll be redoing the patches (and of course posting the
> results).
>From www.qmail.org:
DJB has three suggestions for allowing your users to relay when they're not
at a known IP address (which is the FAQ 5.4 solution):
Use a secret IP address and port number, and you'll have much better
security than user-chosen passwords.
Put a secret string into the HELO string sent by the client. This will
be visible to the fixup script, so you can reject messages with bad
passwords without changing qmail-smtpd---and it's still more widely
supported than XTND XMIT.
Oh, you want real security? Check that all messages are PGP-signed by
local users. I wouldn't be surprised if PGP plugins are available for
more clients than XTND XMIT patches are.
I'm sure you can see how Dan feels about it :-)
- Keith
--
Keith Burdis - MSc (Com Sci) - Rhodes University, South Africa
Email : [EMAIL PROTECTED]
WWW : http://www.rucus.ru.ac.za/~keith/
IRC : Panthras JAPH
"Any technology sufficiently advanced is indistinguishable from a perl script"
Standard disclaimer.
---