[Mimedefang] SMTP AUTH password can be used in Mimedefang?
Steffen Kaiser
skmimedefang at smail.inf.fh-bonn-rhein-sieg.de
Mon Nov 24 06:42:48 EST 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Mon, 24 Nov 2008, sosogh wrote:
> The backend mail server holds three service:
> 1.SMTP service(serve for outbound mails)
> 2.MX service(serve for inbound mails)
> 3.POP3 service
>
> My users's outlook recognizes that POP3 server and SMTP server are both 1.1.1.1
> Outside world recognizes that mail server of domian backend.com is 1.1.1.1
>
>> You could configure the backend server to accept mail from the mail only proxy,
>> that way anybody not honoring your MX records is lost.
>
> If I do so , any SMTP connnection from users's outlook will be blocked by backend server.
So, service "1." and "2." are actually the same :) right?
Outbound mails are authentificated, hopefully. So, the backend server
(single Port 25 for 1. and 2.) accepts any authentificated mail (service
1.) and any mail from 2.2.2.2 (service 2).
> My user's outlook must access to backend server,but their IP are dynamic
Differ them by authentificated-status, not by IP range.
> So I have to set a "proxy",I set proxy server in a "bridge" mode,make it transparent.
> the network is as follow:
>
>
> eth0 eth1 eth0
> outside-----------> proxy ----------> backend
> ==bridge==
> 2.2.2.2 1.1.1.1
>
> I have to redirect any "SMTP to 1.1.1.1:25" to 2.2.2.2:25 using this cmd on proxy server :
> /sbin/iptables -t nat -A PREROUTING -p tcp -d 1.1.1.1 --dport 25 -j DNAT --to-destination 2.2.2.2
If you "redirect" via MX record, your users still use 1.1.1.1, I guess.
(Outlook does not honor MX, does it??)
Because non-auth'ed mails are rejected by 1.1.1.1 inbound mails must flow
via 2.2.2.2.
>> How do you authentificate your users, with sendmail or postfix?
> Postfix . Because I set this "proxy server" with postfix and mimedefang
> postfix verify valid recipients like this:
> postfix call mimedefang , mimedefang call the function "md_check_against_smtp_server"
Again: Why do you use different MTAs one backend and proxy?
Is the backend Exchange?
Bye.
- --
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFJKpM65ThHZhj8SBwRApceAJ9k3evMkSdHVp2FdDDrX3MVbZY3YgCfdyqs
QgYMBahPtPBoGU+GYUgH28w=
=twvm
-----END PGP SIGNATURE-----
More information about the MIMEDefang
mailing list