subject:"Re\: \[courier\-users\] blacklist for courier how\?"

Re: [courier-users] blacklist for courier how?

2016-03-03 Thread Gordon Messmer


On 03/03/2016 06:32 PM, PICCORO McKAY Lenz wrote:
2016-03-02 21:38 GMT-04:30 Gordon Messmer >:

my courier used the OS pam authentication

...

my port 25 its authenticated by default... and also the ssl port too


I'm not sure what you mean by "authenticated by default."  It either 
allows authentication, or it does not.  And if it allows authentication, 
then it also allows relaying.


The simple solution would be to disable authentication on port 25. If 
users aren't going to relay, there's probably no reason to authenticate 
themselves.  It modifies a header, but it otherwise not useful.


Leave authentication on port 587, and modify /etc/pam.d/esmtp.  You 
could add pam_access to restrict authentication to specific users.


I want to CLARIFY THAT THE FILTER MANPAGE ARE VERY VAGE OR GENERIC and 
laks of examples.. so thanks for the examples u put to me below


I don't think that's true.  They accurately describe a complex 
interface.  Most of that complexity is handled in the perl and python 
APIs, but I still think the simplest way to accomplish your goal is 
simply to filter authentication with existing components, rather than 
writing your own.


--
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151=/4140___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] blacklist for courier how?

2016-03-03 Thread PICCORO McKAY Lenz

2016-03-02 21:38 GMT-04:30 Gordon Messmer :

> In fact, you might not even need a separate instance, depending on how
> your users are configured now.  If your users aren't using SMTP MSA,
> then edit /etc/courier/esmtp-msa and configure the service for
> authentication.  The method by which you filter users in the
> authentication depends on which auth service you use.
>
my courier used the OS pam authentication, the SQL module auth its only for
test period users (if are not yet in the payroll system as a solid and
stable)


>
> Everyone else, who doesn't need to relay, should use SMTP on port 25.
> /etc/courier/esmtpd should have ESMTPAUTH set to "" so that
> authentication is disabled.
>
my port 25 its authenticated by default... and also the ssl port too


> See "MAIL FILTER IMPLEMENTATION":
> http://www.courier-mta.org/courierfilter.html

I want to CLARIFY THAT THE FILTER MANPAGE ARE VERY VAGE OR GENERIC and laks
of examples.. so thanks for the examples u put to me below


>
> http://phantom.dragonsdawn.net/~gordon/courier-pythonfilter/
> http://search.cpan.org/dist/Courier-Filter/
>
>
--
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151=/4140___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] blacklist for courier how?

2016-03-02 Thread Gordon Messmer

On 03/01/2016 05:35 PM, PICCORO McKAY Lenz wrote:
> 2016-03-01 14:05 GMT-04:30 Gordon Messmer  >:
>
> Any user that authenticates is allowed to relay, so I'd think
> that's the
> part you need to protect.
>
> any user can sent to internal domain so that no so "so" protected but
> yes, in this part i need to filter as u suggested in the next part
>
> One option would be to disallow ESMTP authentication entirely on
> whatever server the users are using, and to set up a separate mail
> relay
> server where you can filter authentication to only specific
> whitelisted
> users.
>
> This solution its too complicated, inplicts another server, we must 
> keep simple and single..

Writing  a courierfilter is more complicated than putting up an instance 
of Courier's SMTP server whose only purpose is to relay mail for select 
authenticated users.

In fact, you might not even need a separate instance, depending on how 
your users are configured now.  If your users aren't using SMTP MSA, 
then edit /etc/courier/esmtp-msa and configure the service for 
authentication.  The method by which you filter users in the 
authentication depends on which auth service you use.

Everyone else, who doesn't need to relay, should use SMTP on port 25.  
/etc/courier/esmtpd should have ESMTPAUTH set to "" so that 
authentication is disabled.

> THIS IST LIKE I NEED:
>
>
> Another would be to allow authentication, but use a courierfilter to
> check the sender and recipients and apply a local policy to allow or
> deny relaying messages.
>
>
> NOW: my SMTP courier-mta its all authenticated, noone can sent without 
> auth,
>
> so as u mention i need to setup that "courierfilter" how could i do 
> this!!!

See "MAIL FILTER IMPLEMENTATION":
http://www.courier-mta.org/courierfilter.html

I maintain a python framework for writing filters.  There's a perl 
framework as well.  Courier ships with a couple of examples that don't 
use either.

http://phantom.dragonsdawn.net/~gordon/courier-pythonfilter/
http://search.cpan.org/dist/Courier-Filter/

--
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151=/4140
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] blacklist for courier how?

2016-03-01 Thread PICCORO McKAY Lenz

2016-03-01 14:05 GMT-04:30 Gordon Messmer :

> Any user that authenticates is allowed to relay, so I'd think that's the
> part you need to protect.
>
any user can sent to internal domain so that no so "so" protected but
yes, in this part i need to filter as u suggested in the next part


> One option would be to disallow ESMTP authentication entirely on
> whatever server the users are using, and to set up a separate mail relay
> server where you can filter authentication to only specific whitelisted
> users.
>
This solution its too complicated, inplicts another server, we must keep
simple and single..


THIS IST LIKE I NEED:

>
> Another would be to allow authentication, but use a courierfilter to
> check the sender and recipients and apply a local policy to allow or
> deny relaying messages.
>

NOW: my SMTP courier-mta its all authenticated, noone can sent without
auth,

so as u mention i need to setup that "courierfilter" how could i do
this!!!
--
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151=/4140___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] blacklist for courier how?

2016-03-01 Thread Gordon Messmer

On 03/01/2016 07:51 AM, PICCORO McKAY Lenz wrote:
> i mean, user"pepet...@dominio.co"  can send mails to externals but
> rest of users does not able to send outside domain ...

Any user that authenticates is allowed to relay, so I'd think that's the 
part you need to protect.

One option would be to disallow ESMTP authentication entirely on 
whatever server the users are using, and to set up a separate mail relay 
server where you can filter authentication to only specific whitelisted 
users.

Another would be to allow authentication, but use a courierfilter to 
check the sender and recipients and apply a local policy to allow or 
deny relaying messages.

--
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151=/4140
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] blacklist for courier how?

Re: [courier-users] blacklist for courier how?

Re: [courier-users] blacklist for courier how?

Re: [courier-users] blacklist for courier how?

Re: [courier-users] blacklist for courier how?

5 matches

Site Navigation

Mail list logo

Footer information