thanks for all your answers. There is no mailserver on that machine (yet) - the idea was to setup a slim and performant solution communicating with ah existing external hosters mailserver. this could be done with tine or oxchange but those are either slow or not slim at all. Maybe I should consider postfix as proposed. But still I think that smtp auth included in SOGo would be a good idea. rgds Beat
2011/10/16 Patrick Ben Koetter <p...@state-of-mind.de> > * Martin Rabl <users@sogo.nu>: > > Update ... ;-) > > > > Am 16.10.11 22:01, schrieb Martin Rabl: > > >Am 16.10.11 19:53, schrieb starfish: > > >>looks like many people miss smtp-auth. will it be available in SOGo 2 ? > > >SOGo itself delivers into the configured smarthost. > > Ok, when you need another mailserver (than the smarthost), which > > wants SOGo to authenticate itself, there could be a need. > > Strictly speaking an SMTP server that accepts messages from SOGo becomes an > MSA > (message submission agent). MSAs are special, because messages originiate > from > MSAs. Messages enter the mail transfer at the MSA and then relays and > border > filters (vulgo: Gateway) transfer it closer to the final destination where > it > they are delivered to an MDA. > > As an MSA the SMTP server has the special role to ensure the message > conforms > to Internet standards (complete envelope addresses etc.) and the MSA must > (!) > ensure the message was submitted only by authorized senders. > > The RFC for Submission states a client MUST use SMTP AUTH before it > authorizes > the client to submit the message and it MAY use TLS (to protect weak AUTH > mechanisms). > > I think if SOGo and MTA/MSA are on the same host, it should suffice to > create > a dedicated server instance that lets only clients from 127.0.0.1 submit > messages and do the MSA checks at this level. Something like this in > Postfix > master.cf will probably do: > > 127.0.0.1:25 inet n - n - - smtpd > -o smtpd_delay_reject=no > -o smtpd_client_restrictions=permit_mynetworks,reject > -o smtpd_helo_restrictions= > -o > smtpd_sender_restrictions=reject_non_fqdn_sender,reject_unknown_sender_domain > -o > smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_mynetworks,reject > -o smtpd_data_restrictions=reject_unauth_pipelining > -o smtpd_end_of_data_restrictions= > -o smtpd_restriction_classes= > -o mynetworks=127.0.0.1/32 > -o smtpd_client_connection_count_limit=0 > -o smtpd_client_connection_rate_limit=0 > -o > receive_override_options=no_header_body_checks,no_unknown_recipient_checks > -o local_header_rewrite_clients= > > And yes, if SOGo submits messages to an MSA that isn't on the same host > SOGo > should use SMTP AUTH. > > > > But, in this case IMHO it would be a better setup SOGo to deliver > > Mails to the localhost-mailserver, which is configured to relay to > > the mailserver with the smtp-auth-need. > > Easy setup ... > > > http://postfix.state-of-mind.de/patrick.koetter/smtpauth/smtp_auth_mailservers.html > > > > (Thank you, Patrick) > > Glad it is still of help. :) > > p@rick > > -- > state of mind () > > http://www.state-of-mind.de > > Franziskanerstraße 15 Telefon +49 89 3090 4664 > 81669 München Telefax +49 89 3090 4666 > > Amtsgericht München Partnerschaftsregister PR 563 > > -- > users@sogo.nu > https://inverse.ca/sogo/lists > -- users@sogo.nu https://inverse.ca/sogo/lists
