Mike van der Velden writes:
> There are two outstanding questions:
>
> First, when a user on a Windows client machine uses Netscape Mail 4.7 to
> send a message, the sender and return-path both say "[EMAIL PROTECTED]".
> However, when using Pegasus Mail 3.1.2 to send the same message, the
> return path says "[EMAIL PROTECTED]" while the sender's
> address still says "[EMAIL PROTECTED]". Several remote sites refuse to
> receive e-mail where the sender and return-path don't match. This
> address re-writing never happened when the mail server was Exchange
> running under NT, but it has become a problem since we switched to qmail
> running under Solaris.
The "return path" is specified solely by MUA, so this is entirely a Pegasus
Mail configuration issue. It is possible that other mail servers take it
upon themselves to rewrite the return address, but they should not really
do that, and it's none of their jobs.
Tell your lusers to fix their mail software's configuration.
Additionally, refusing to accept mail for this reason is rather dumb,
unless the REAL reason why your mail is being rejected is because the
actual return path is nonresolvable in DNS. Only THEN does rejecting such
mail is perfectly valid. Otherwise, this is not your problem, but rather
unwarranted paranoia on the part of a bunch of wankers who don't know any
better.
> Second, the firewall people have started to complain that ever since the
> switch-over to qmail, they are seeing a lot of "auth" packets to and
> from the qmail server to various remote sites. They want to know what
> is going on. What sort of extra packets does qmail send out? Are some
> of these "auth" communications initiated by outside systems?
Qmail sends an ident (or auth) packets in response to any incoming
connection request. Any ident/auth response received gets recorded in the
headers. In certain situations, this information may be required in order
to track down any external source of abuse. This should ALWAYS be done in
response to an unauthenticated incoming connections, and the fact that few
other mail relays do it by default only indicates their unacceptable
default security settings.
Tell your spooks that the auth/ident packets are designed to make their own
lives either.
--
Sam
