There are many strategies for determining who can relay through your SMTP server. We restrict it to our IP netblocks by putting them in the access database followed by the keyword RELAY, this assumes you are using sendmail. Another approach is to use authenticated SMTP. A third approach which we use on some of our boxes is poprelayd (pop before relay), this is a PERL script which collects IP addresses from the qpopper log every 5 seconds and then caches those IP addresses in a sleepycat database for a configurable time, e.g. an hour. The idea is that the user has identified themselves by checking their POP mailbox with a valid username and password, so they are trusted and will be allowed to relay for some reasonable length of time. This last approach does not make sense if you users are on your local LAN, in that case you can easily restrict relaying by IP address.
Of course you should not run an open relay unless you are behind a firewall that disallows SMTP connections from outside the firewall, even so there is probably no reason to configure your server as an open relay.
At 05:48 PM 2/5/03 -0700, Donald Clouse wrote:
>>>>
Hello All, I have qpopper running on a RH 8.0 linux box. When one of the pop3 users comes into the box to check their email they get the message: Server: IP Address Port 25 SMTP Server error 550 5.7.1 Relaying Denied Secure SSL Server error 550 Err 0x800cc79 Any Ideas on why a user on the box would be denied the sending of any outgoing email? Thank You. Don
