[Mimedefang] SMTP AUTH password can be used in Mimedefang?
skmimedefang at smail.inf.fh-bonn-rhein-sieg.de
Mon Nov 24 06:42:48 EST 2008
-----BEGIN PGP SIGNED MESSAGE-----
On Mon, 24 Nov 2008, sosogh wrote:
> The backend mail server holds three service:
> 1.SMTP service(serve for outbound mails)
> 2.MX service(serve for inbound mails)
> 3.POP3 service
> My users's outlook recognizes that POP3 server and SMTP server are both 18.104.22.168
> Outside world recognizes that mail server of domian backend.com is 22.214.171.124
>> You could configure the backend server to accept mail from the mail only proxy,
>> that way anybody not honoring your MX records is lost.
> If I do so , any SMTP connnection from users's outlook will be blocked by backend server.
So, service "1." and "2." are actually the same :) right?
Outbound mails are authentificated, hopefully. So, the backend server
(single Port 25 for 1. and 2.) accepts any authentificated mail (service
1.) and any mail from 126.96.36.199 (service 2).
> My user's outlook must access to backend server,but their IP are dynamic
Differ them by authentificated-status, not by IP range.
> So I have to set a "proxy",I set proxy server in a "bridge" mode,make it transparent.
> the network is as follow:
> eth0 eth1 eth0
> outside-----------> proxy ----------> backend
> 188.8.131.52 184.108.40.206
> I have to redirect any "SMTP to 220.127.116.11:25" to 18.104.22.168:25 using this cmd on proxy server :
> /sbin/iptables -t nat -A PREROUTING -p tcp -d 22.214.171.124 --dport 25 -j DNAT --to-destination 126.96.36.199
If you "redirect" via MX record, your users still use 188.8.131.52, I guess.
(Outlook does not honor MX, does it??)
Because non-auth'ed mails are rejected by 184.108.40.206 inbound mails must flow
>> How do you authentificate your users, with sendmail or postfix?
> Postfix . Because I set this "proxy server" with postfix and mimedefang
> postfix verify valid recipients like this:
> postfix call mimedefang , mimedefang call the function "md_check_against_smtp_server"
Again: Why do you use different MTAs one backend and proxy?
Is the backend Exchange?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the MIMEDefang