[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Configuring a mail server...

This one time, at band camp, Calber Chainy said:
> El jue, 19-12-2002 a las 19:17, Bob Proulx escribió:
> > Calber Chainy <chainy@infonegocio.com> [2002-12-19 18:34:41 +0100]:
> > > 
> > > The objectives of the mail server is to give accounts to anyone in the
> > > internet, i followed some howtos but I don't know how to configure some
> > > things.  I searched but didn't find some comprehensive howto or
> > > documentation...
> > > 
> > > The two main problems are:
> > > 
> > > I have to relay mail for anyone in the internet, not only for my local
> > > network, what am I supposed to type then in /etc/mail/access?
> > 
> > Negative.  If you are giving accounts to people then you do not need
> > to give relay access to the Internet.  Relay access is the number one
> > source of spam.  Creating an open relay is one of the most unfriendly
> > and unneighborly network actions that you could possibly do.
> > 
> > Also note that if you do operate an open relay your server will be
> > listed in an open relay database.  At that time a large number of
> > people will refuse to accept mail from your server.  It will be less
> > than useful to operate a mail server from which people cannot receive
> > mail.
> > 
> > Bob
> Ok, thanks for the advice, but then how do i control the access to my
> smtp server? Actually I relay mail filtering by IP, but some people have
> dinamic ip addresses
> Chainy.

Use SMTP-AUTH, hopefully with SSL. How depends on the MTA you use, but exim
comes with example server-side AUTH sections at the end of exim.conf.
Pretty easy to set up.  The relevant bits are allowing relay for your
LAN, and then allowing anyone who has authenticated to relay.  This
should keep you from being an open relay.  I don't even open up
relaying for my LAN, as it seems too easy to spoof IP's - I just make the
boxes on my LAN authenticate first.

The second part, making your box answer to pop.domain.com and
mail.domain.com, is done with DNS - if you're running a nameserver, you
have to make the change, otherwise ask whoever's hosting your DNS to
change it for you.
|  Stephen Gran                  | What's a cult?  It just means not       |
|  steve@lobefin.net             | enough people to make a minority.   --  |
|  http://www.lobefin.net/~steve | Robert Altman                           |

Attachment: pgp_PPJ6t59UI.pgp
Description: PGP signature

Reply to: