On Fri, Jun 28, 2002 at 07:53:03AM -0400, FreeportWeb Debian Support Account wrote:
| Actually, your both not totally correct. If you follow the "Life
| with qmail" document, its called "vpopmail smtp authentication".
[POP-before-SMTP]
| -- hence nobody can actually send e-mail through the server unless
| they have a username and password for qmail -- which is simply a
| passwd file that is managed by the vpop admin tools.
Actually, if someone else acquires that IP address before it expires
from the cache, you've just opened up a nice open relay for them :-).
Use SMTP AUTH -- it does what you intend for it to do.
I, too, recommend using exim. It is the default MTA on debian, easy
to work with, and Free.
The best solutions are (depends on what your requirements are) :
. You only need to relay from the LAN.
.. Just add the LAN's subnet to the list of address-based relaying.
. You need to relay from anywhere.
.. SMTP AUTH over TLS. See the archives. (the TLS can only be
enforced in exim4, IIRC)
. You need to relay from anywhere.
.. Open an ssh tunnel to the mail server. Tell mozilla the remote
server is "localhost". The mailserver doesn't need any extra
config other than relaying for localhost (it will see the
connection from localhost).
All three of these solutions are acceptable, IMO. (assuming in #1
that you don't have the possibility for Klez, etc, to be on the LAN,
in which case you really want to do AUTH anyways)
-D
--
The heart is deceitful above all things
and beyond cure.
Who can understand it?
I the Lord search the heart
and examine the mind,
to reward a man according to his conduct,
according to what his deeds deserve.
Jeremiah 17:9-10
http://dman.ddts.net/~dman/
Attachment:
pgpu26qnKPLRr.pgp
Description: PGP signature