On 12/18/2014 10:08 AM, Peter Peltonen wrote:
On 12/15/2014 3:33 PM, Peter Peltonen wrote:
Hi,
I would like to force all users using my toaster to send mail to
authenticate. I've now managed to get Squirrelmail and Horde do that.
But I would like to know how to do this also with other (web)servers
that use the toaster as a smarthost? The other servers are running
Postfix.
The solution I posted above will not only force users to authenticate,
but also force them to use either submission or smtp-ssl to send
messages. The point to that is you can put all your most sophisticated
spam-filtering on the port 25 interface, and worry less about the other 2.
Another thing I remember that has been discussed in this list, but
what I couldn't find by searching the archives, was that if all users
authenticate, then one could blacklist all local domains in Spamdyke?
Is that advice still valid (and why should one do it, I'm curious)?
I do not know of any good reason to blacklist local domains -- in fact,
not only do I not know what this would accomplish, I think it would
break inter-domain messages.
If someone else can recall the reason or desired affect of this, I'm all
ears! :)
Another thing I'm thinking is about local user accounts on the toaster
server. How are those handled if localhost is not allowed to relay
mail? Do they inject the mail to qmail directly without using smtp?
Localhost should be allowed to relay mail -- that's how your typical web
interface works (the open relay is set to 127.0.0.1 in the tcp.smtp
setting).
Personally, I don't even allow local admins to have shell accounts,
unless they are experienced Linux user/admins. The dangers are just too
many. Thus, the only place most of my users have an "account" is in
vpopmail (and that is a mailbox "account").
Sorry I can't be of more help... the one "hole" I still am not
comfortable with is that, once authenticated, a user can send as anyone.
I wish there was a per-user setting that would allow me to override
that, but I also wish my mailserver could read my mind and block all the
messages I don't want to see... I don't think I'll get that anytime
soon, either! :)
Dan
--
IT4SOHO, LLC
33 - 4th Street N, Suite 211
St. Petersburg, FL 33701-3806
CALL TOLL FREE:
877-IT4SOHO
877-484-7646 Phone
727-647-7646 Local
727-490-4394 Fax
We have support plans for QMail!
---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
