SUMMARY: Sendmail V8.9.0 & RELAY

From: Charlie Mengler (charliem@anchorchips.com)
Date: Mon Jun 15 1998 - 13:52:31 CDT


As usual the folks on this list innundated me with responses.

Some kindly indicated that this was not an appropriate forum
and to try comp.mail.sendmail news group. However a couple
said that they had the same problem & wanted to see the answer(s).

Others suggested that the roamers REALLY should be using the
SMTP gateway system belonging to the ISP rather than my postoffice
for outgoing messages. This may work for some folks but not me.
By decree my local email addresses must not be fully qualified.
The combination of non fully qualified email names and the use
of a remote postoffice means that messages get bounced due to
bad addresses when they try to reply to locally sent messages.

A few folks recommended the use of the FEATURE(relay_local_from);
but was cautioned that this fix could be abused by SPAMMERS.

The best answer was from Claus Assmann <ca@informatik.uni-kiel.de>
who provided the following links

For POP users exists a nice trick:
http://www.informatik.uni-kiel.de/%7Eca/email/chk-rctp5.html
http://www.informatik.uni-kiel.de/%7Eca/email/chk-89f.html

By following these link you can make a minor change to qpopper
or similar daemon & then add a cron job & a few new rules to
sendmail.cf such that only authorized POP users can relay messages!
I don't have this working, but at least I now know my problem
can be solved while maintaining some amount of security. If one
were more paranoid than I am you could probably do the same to
apopper to avoid running clear text passwords across the 'Net.
Below is a copy of my original post. If folks still have more
questions about the various solutions, I'll try to answer them.
=============================================================

If I knew what I was doing, I would not need help.

The anti-relay feature of sendmail V8.9.0 works &
kind of works a little too well at the present time
for what I need to happen.

I have some sales folks who need to be able to dial
up a POP anywhere in the world from their laptop
into my sendmail V8.9.0 postoffice system to read &
send messages. The problem is that the anti-relay
feature precludes them from sending messages to
other folks outside our internal domain. It is
treating them as though they were spammers & trying
to relay messages off the postoffice system.

I do have the "access_db" feature enabled & I can
use it to explicitly REJECT incoming messages. I'm
not sure how to make the necessary entries for the
sales folks, since it seems to use DNS names or IP#s
to determine what to accept for RELAY or REJECT.
Since I can't predict from where these guys will
be calling, I have not been able to stumble upon
how to convince sendmail to RELAY messages for them.

Any advice, suggestions, or actual examples would be appreciated!

-- 
Charlie Mengler                 charliem@anchorchips.com
Anchor Chips                    Network/IT Manager
619-613-7916(V)                 619-676-6896(F)
12396 World Trade Drive #212    San Diego, CA 92128-3788
Fight SPAM! Join CAUCE -------- http://www.cauce.org



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:12:41 CDT