[Mimedefang] SMTP AUTH password can be used in Mimedefang?

Steffen Kaiser skmimedefang at smail.inf.fh-bonn-rhein-sieg.de
Mon Nov 24 06:42:48 EST 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, 24 Nov 2008, sosogh wrote:

> The backend mail server holds three service:
> 1.SMTP service(serve for outbound mails)
> 2.MX service(serve for inbound mails)
> 3.POP3 service
>
> My users's outlook recognizes that POP3 server and SMTP server are both 1.1.1.1
> Outside world recognizes that mail server of domian backend.com is 1.1.1.1
>
>> You could configure the backend server to accept mail from the mail only proxy,
>> that way anybody not honoring your MX records is lost.
>
> If I do so , any SMTP connnection from users's outlook will be blocked by backend server.

So, service "1." and "2." are actually the same :) right?

Outbound mails are authentificated, hopefully. So, the backend server 
(single Port 25 for 1. and 2.) accepts any authentificated mail (service 
1.) and any mail from 2.2.2.2 (service 2).

> My user's outlook must access to backend server,but their IP are dynamic

Differ them by authentificated-status, not by IP range.

> So I have to set a "proxy",I set proxy server in a "bridge" mode,make it transparent.
> the network is as follow:
>
>
>                   eth0     eth1          eth0
> outside----------->    proxy   ----------> backend
>                    ==bridge==
>                      2.2.2.2              1.1.1.1
>
> I have to redirect any "SMTP to 1.1.1.1:25" to 2.2.2.2:25 using this cmd on proxy server :
> /sbin/iptables -t nat -A PREROUTING -p tcp -d 1.1.1.1 --dport 25 -j DNAT --to-destination 2.2.2.2

If you "redirect" via MX record, your users still use 1.1.1.1, I guess. 
(Outlook does not honor MX, does it??)

Because non-auth'ed mails are rejected by 1.1.1.1 inbound mails must flow 
via 2.2.2.2.

>> How do you authentificate your users, with sendmail or postfix?
> Postfix . Because I set this "proxy server" with postfix and mimedefang
> postfix verify valid recipients like this:
> postfix call mimedefang , mimedefang call the function "md_check_against_smtp_server"

Again: Why do you use different MTAs one backend and proxy?

Is the backend Exchange?

Bye.

- -- 
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFJKpM65ThHZhj8SBwRApceAJ9k3evMkSdHVp2FdDDrX3MVbZY3YgCfdyqs
QgYMBahPtPBoGU+GYUgH28w=
=twvm
-----END PGP SIGNATURE-----

More information about the MIMEDefang mailing list