Usually you just configure the daemon to listen additionally on port
587, with slightly tweaked params (to make connections on that port
force authorization).
What MTA is the mail server running? Sendmail?
Terry
Andrew Gutkowski wrote:
But our smtp server is not listening on port 587. Would we have to set
up a second smtp server and have it listening on port 587 just for these
users?
terry(_at_)ashtonwoodshomes(_dot_)com 4/14/2005 4:05:32 PM >>>
With SMTP AUTH the user does NOT use the ISP's mail server, he connects
directly to the College's mail server (usually on port 587, because
many
ISP's block port 25 to prevent zombies).
This works because although many ISP's block port 25, they don't block
587.
Read on for direct answers to your questions.
Terry
Andrew Gutkowski wrote:
That still doesn't help since our (the college's) users are not
connecting to our smtp agent.
Yes they would be, that is the very intention of SMTP AUTH, connect to
a
remote mail server whose LAN (or relay accepted IP's) you are currently
not using.
They are connecting to the ISPs smtp
agent to send mail with their college accountsl. Using smtp auth
still
would not send it back to our smtp agent.
SMTP AUTH says remote user can relay through this mail server because
they authenticated themselves as an authorized user of this mail server
despite they are not on the LAN.
In fact, wouldn't this make
thigs worse. The ISPs smtp agent would reject the mail because the
user
does not exist on that mail server. Please correct me if I am
understanding smtp_auth incorrectly.
SMTP AUTH bypasses the ISP mail server altogether. Hopefully that
clears it up: The client on the ISP network does not connect to the ISP
mail server, but connects directly to the remote College's server.
The same would apply to pop before smtp. The college's users are
connecting to the college's smtp agent to pop mail and then
connecting
to the ISPs smtp server to send mail.
Nope, they connect to the colleges server to pop and smtp.
Terry
terry(_at_)ashtonwoodshomes(_dot_)com 4/14/2005 1:05:28 PM >>>
All kinds of servers that don't (or cannot) implement SMTP AUTH aka
SASL
on port 587 can use "pop before SMTP" whereby the SMTP daemon
basically
looks at the logs for the pop daemon, and if said connecting IP
successfully authenticated with POP just recently then it is safe to
say
that IP is authorized to use (and hence relay through) the mail
server.
This (generally) requires your inbound and outbound mail servers to
be
the same server.
Terry
william(at)elan.net wrote:
On Thu, 14 Apr 2005, Andrew Gutkowski wrote:
Does anyone know if GroupWise supports SASL over port 587?
I don't think so, but don't take my word on it as I've not worked
with
Novell for a while. Note though that 587 is just like normal SMTP,
but
with required authentication, but you could drop that "required"
part
and
just setup separate instance of mail server on different port
(possibly
it'd have to be separate machine sharing network user
configuration).
I have never heard of this before. If they don't, we will have to
remove our SPF records because we cannot have users email blocked
by
other email servers.
I'm curious what Groupwise & SASL (or rather port 587 SUBMIT) has to
do
with SPF in your setup? Or do you mean that you're willing to let
all
your users come in and mail through your system?
--
Terry Fielder
terry(_at_)greatgulfhomes(_dot_)com
Associate Director Software Development and Deployment
Great Gulf Homes / Ashton Woods Homes
Fax: (416) 441-9085