Thanks for that insight, EE! I love it when I learn new stuff. (If I could only remember more of it!) :)
Erik Espinoza wrote: > ES, > > Only udp and icmp connections can be spoofed. The tcp handshake makes > spoofing tcp impossible. > > The only way for such an attach to be feasible would be to hack a few > different routers in between their link. At that point, they got > bigger problems than an open relya. > > Erik > > On 1/17/07, Eric Shubes <[EMAIL PROTECTED]> wrote: >> What JP says would certainly help. >> >> Given what you *have* said though, and making a few presumptions, I might >> have a fix for you. Since your internal machines are being nat'd, I'm >> thinking that the smtp sessions for these will appear to the toaster >> to be >> coming from the external address of the natting device. >> >> Simply add that address (the external address of your natting device) to >> /etc/tcprules.d/tcp.smtp file like so: >> external.address.of.nat:allow,RELAYCLIENT="" >> Regenerate your cdb file: >> # qmailctl cdb >> and you should be good to go. >> >> Note, this solution is a tad bit insecure. If someone were able to spoof >> this address (while unlikely it *is* possible), they could use your >> toaster >> as an open relay. Not much of an issue if it's a private address, >> somewhat >> more so if it's public. The best solution, while not as easy but more >> secure, would be to configure the sendmail clients to authenticate >> themselves. >> >> Jean-Paul van de Plasse wrote: >> > Hi, >> > >> > Any messages in the logfiles (on both qmailtoaster server and >> > development machines) >> > What do you get when you telnet from the development machine to the >> > qmailtoaster on port 25 and type something like >> > helo >> > mail from:[EMAIL PROTECTED] >> > rcpt to:[EMAIL PROTECTED] >> > data >> > subject: test >> > test >> > . >> > >> > Simply said, more info is needed to solve this for you. >> > >> > Regards, >> > >> > JP >> > >> > ----- Original Message ----- From: <[EMAIL PROTECTED]> >> > To: <qmailtoaster-list@qmailtoaster.com> >> > Sent: Wednesday, January 17, 2007 8:29 PM >> > Subject: [qmailtoaster] Re: Accepting mail from local mail servers >> > >> > >> >> Hi, >> >> >> >> I am not sure what the problem is and how to resolve it. I am >> hosting my >> >> company qmailtoaster server in the datacenter on an external ip, I >> also >> >> have some development machines inside the company behind the nat on >> >> internal ips. >> >> >> >> When an internal application sends email out to [EMAIL PROTECTED] using >> >> sendmail on localhost, I am not getting that email at [EMAIL PROTECTED] >> >> >> >> I am pretty sure qmail rejects these emails because they come from a >> >> mailserver behind nat which doesnt resolve to anything. >> >> >> >> What do I need to configure on qmailtoaster so I can allow my >> development >> >> machines to send me email to [EMAIL PROTECTED] Is there a setting >> where I >> >> can just specify my company external ip to allow all the mail from my >> >> internal subnet without being rejected? >> >> >> >> Thank you >> >> >> >> >> -- >> -Eric 'shubes' >> -- -Eric 'shubes' --------------------------------------------------------------------- QmailToaster hosted by: VR Hosted <http://www.vr.org> --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]