relaying mail between smtp servers and auth

relaying mail between smtp servers and auth

Post by vertig » Wed, 11 Feb 2004 05:52:58



Hello
        Let's assume that server A has postfix with authorization (Cyrus SASL).
Server B has postfix without auth.
User UA has account on A (and use smtp A).
User UB has account on B (and use smtp B).
User UB sends mail to UA. How is it possible that server A with auth
accepted mail to UA from server B ? (what login/password server B gave?).
How the A knows that this was server B sending message to user on server A ?
It is possible that A (with auth) will accept any mail to it's own users
  (you do not need to give login/password) ??
So in what cases do we use that authentication ?
(when i try to relay mail only??)

Thanx

 
 
 

relaying mail between smtp servers and auth

Post by P Gent » Thu, 12 Feb 2004 04:30:21



> Hello
>    Let's assume that server A has postfix with authorization (Cyrus SASL).
> Server B has postfix without auth.
> User UA has account on A (and use smtp A).
> User UB has account on B (and use smtp B).
> User UB sends mail to UA. How is it possible that server A with auth
> accepted mail to UA from server B ? (what login/password server B gave?).
> How the A knows that this was server B sending message to user on server A ?
> It is possible that A (with auth) will accept any mail to it's own users
>   (you do not need to give login/password) ??

Passively accepting forwarded/delivered mail is the general rule.

Quote:> So in what cases do we use that authentication ?
> (when i try to relay mail only??)

Authentication is usually only used when _retrieving_ mail, not when
sending.  Some ISPs require a retrieval attempt (which requires
authentication) just prior to sending mail as a kind of halfway
authorization to send.  Most just use acls (access control lists)
based on IP address when sending mail.

Quote:

> Thanx

Someone posting mail to a server (with or without authentication) is a
separate proccess/issue from mail _servers_ forwarding/exchanging mail
to/between each other.

Thus, user UA authenticates to serverA and posts mail or is denied.
ServerA decides if it can _deliver_ mail to recipient's mailbox.  If
so, it places mail in recipient's mailbox.  If not, it must forward
the mail to another server down the line (or refuse the request
entirely).  The server it forwards to may or may not require serverA
to authenticate.  This continues till the mail arrives at the server
that _can_ deliver the mail to the recipient's mailbox (serverB, in
this example, delivering mail to user UB).

This is why DNS uses MX (Mail eXchange) records to denote which mail
servers provide mail delivery to different domains.  The traffic
_between_ mail servers can be viewed as routing mail in a fashion
similar to routing IP packets.

For the purposes of _sending_ mail, most ISPs and servers use acls
(based on IP address) to decide if and how to deliver/forward mail.
Authentication, if it's required, is usually restricted to the input
side, ie., the user sending the mail is accepted/denied first thing.
Servers authenticating to each other is usually used in "special"
circumstances.

hth,
prg
email above disabled

 
 
 

1. MX cannot relay mail to a particular SMTP AUTH server

MX cannot relay mail to a particular SMTP AUTH server

now that i have smtp auth running on 8.12, i have discovered a new
problem for 1 particular address

the MX (server1) handles the domain
the SMTP AUTH (server2) handles roaming users' smtp

it so happens that on server1 i have an alias for my address which
points to server2

this is also how i relay all root account mail

the alias is like
rut:  root

the messages i am getting on the MX (server1) now are

pri=30231, relay=dns1.sunly.com., dsn=5.0.0, stat=Service unavailable

this never used to happen

i looked on a client and the returned mail message is 553
authetication required

so now i have another problem
perhaps there is more than one way to handle it

i *need* the mail to go there
i *need* the machine to enforce smtp authentication for users

i tried various gymnastics through the access.db but no go


slide past the authentication process.

if not, what must i enable on the MX *only* for this particular
address relay

2. Sorry! Addition to Wangtech posting..

3. Adding SMTP AUTH (+SSL) to any mail server

4. LinuxV1.0 wont dump core?

5. mail (pop3 + smtp) server using ODBC connections for user & auth info?

6. Linux freeware substitute for Autocad? (DXF target)

7. 550 relaying denied: How to get SMTP auth. for friends

8. Blank password field

9. Any Console Mail Client with POP3 and SMTP-auth supported??

10. MMDF SMTP fails to deliver mail in @relay:user@host format

11. How to set sendmail SMTP auth and SMTP SSL on Solaris 9 (x86)

12. Relay SMTP mail over a Novell network ?

13. SMTP Mail Relaying