[Mimedefang] SMTP AUTH password can be used in Mimedefang?

Tilman Schmidt t.schmidt at phoenixsoftware.de
Mon Nov 24 08:24:49 EST 2008 

On Mon, 24 Nov 2008 18:45:36 +0800, sosogh wrote:

>>That's easily prevented, either by configuring the backend server
>>itself to reject unauthenticated connections from IP addresses
>>that do not belong to your own organization or by blocking
>>access to the SMTP port of the backend server from the outside
>>on your firewall.
> 
> My user's outlook must access to backend server,but their IP are dynamic

That's what the authentication is for. It allows clients which
cannot be identified by their IP address (eg. dynamic addresses)
to be identified and allowed to send mail through your server.

> So I have to set a "proxy",I set proxy server in a "bridge" mode,make it transparent.

No, you don't have to do that, and I would recommend against
it. It complicates things needlessly.

In fact, your situation looks like a textbook example for the
benefits of a separate message submission port (MSA, RFC 2476).
Have your backend server accept authenticated mail submissions
on port 587 from everywhere, and unauthenticated transmissions
on port 25 only from your anti-spam relay. Then configure your
Outlook clients to send via port 587 of the backend server and
set your MX to point to the anti-spam relay server.

But even if for some unknown reason you don't want to implement
RFC 2476, configuring the backend server to accept authenticated
SMTP connections from anywhere, but unauthenticated ones only
from the anti-spam relay, should already do the trick.
Alternatively, configure the anti-spam relay to authenticate
itself to the backend too, and make the backend insist on
authentication from anywhere, period.

> Both these connections:
> 1.from outside world to 1.1.1.1:25
> 2.from user's outlook to 1.1.1.1:25
> are DNAT to 2.2.2.2:25,
> so "proxy server" should verify SMTP authentication

That requirement is an artifact of your DNAT/proxy/bridge
construction. Do away with that and the necessity to access
SMTP authentication information from MIMEDefang vanishes.

HTH
T.

-- 
Tilman Schmidt
Phoenix Software GmbH
Bonn, Germany

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
URL: <https://lists.mimedefang.org/pipermail/mimedefang_lists.mimedefang.org/attachments/20081124/15cb96ce/attachment.sig>

More information about the MIMEDefang mailing list