Thanks for that insight, EE!
I love it when I learn new stuff.
(If I could only remember more of it!) :)
Erik Espinoza wrote:
> ES,
>
> Only udp and icmp connections can be spoofed. The tcp handshake makes
> spoofing tcp impossible.
>
> The only way for such an attach to be feasible would be to hack a few
> different routers in between their link. At that point, they got
> bigger problems than an open relya.
>
> Erik
>
> On 1/17/07, Eric Shubes <[EMAIL PROTECTED]> wrote:
>> What JP says would certainly help.
>>
>> Given what you *have* said though, and making a few presumptions, I might
>> have a fix for you. Since your internal machines are being nat'd, I'm
>> thinking that the smtp sessions for these will appear to the toaster
>> to be
>> coming from the external address of the natting device.
>>
>> Simply add that address (the external address of your natting device) to
>> /etc/tcprules.d/tcp.smtp file like so:
>> external.address.of.nat:allow,RELAYCLIENT=""
>> Regenerate your cdb file:
>> # qmailctl cdb
>> and you should be good to go.
>>
>> Note, this solution is a tad bit insecure. If someone were able to spoof
>> this address (while unlikely it *is* possible), they could use your
>> toaster
>> as an open relay. Not much of an issue if it's a private address,
>> somewhat
>> more so if it's public. The best solution, while not as easy but more
>> secure, would be to configure the sendmail clients to authenticate
>> themselves.
>>
>> Jean-Paul van de Plasse wrote:
>> > Hi,
>> >
>> > Any messages in the logfiles (on both qmailtoaster server and
>> > development machines)
>> > What do you get when you telnet from the development machine to the
>> > qmailtoaster on port 25 and type something like
>> > helo
>> > mail from:[EMAIL PROTECTED]
>> > rcpt to:[EMAIL PROTECTED]
>> > data
>> > subject: test
>> > test
>> > .
>> >
>> > Simply said, more info is needed to solve this for you.
>> >
>> > Regards,
>> >
>> > JP
>> >
>> > ----- Original Message ----- From: <[EMAIL PROTECTED]>
>> > To: <qmailtoaster-list@qmailtoaster.com>
>> > Sent: Wednesday, January 17, 2007 8:29 PM
>> > Subject: [qmailtoaster] Re: Accepting mail from local mail servers
>> >
>> >
>> >> Hi,
>> >>
>> >> I am not sure what the problem is and how to resolve it. I am
>> hosting my
>> >> company qmailtoaster server in the datacenter on an external ip, I
>> also
>> >> have some development machines inside the company behind the nat on
>> >> internal ips.
>> >>
>> >> When an internal application sends email out to [EMAIL PROTECTED] using
>> >> sendmail on localhost, I am not getting that email at [EMAIL PROTECTED]
>> >>
>> >> I am pretty sure qmail rejects these emails because they come from a
>> >> mailserver behind nat which doesnt resolve to anything.
>> >>
>> >> What do I need to configure on qmailtoaster so I can allow my
>> development
>> >> machines to send me email to [EMAIL PROTECTED] Is there a setting
>> where I
>> >> can just specify my company external ip to allow all the mail from my
>> >> internal subnet without being rejected?
>> >>
>> >> Thank you
>> >>
>>
>>
>> --
>> -Eric 'shubes'
>>
--
-Eric 'shubes'
---------------------------------------------------------------------
QmailToaster hosted by: VR Hosted <http://www.vr.org>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
