Hi,
At 11:10 09.03.2007 -0600, Steve Brown wrote:
>My setup:
[I skip the rest ...]
>I've got a user that cannot send mail from home. They are on a DSL
>line that has been listed in Spamhaus Policy Black List, probably
>because its in a dynamic IP block. zen.spamhaus.org consults this
>list, so when the user tries to connect, there are logs returning a
>451 when querying the Spamhaus.
>
>All this is well and good, but my question is, shouldn't the user be
>allowed to relay based on the fact that he has an authenticated SMTP
>session? I thought that once the user is authenticated by vchkpw, the
>appropriate env vars are set so that relaying wouldn't be an issue?
>Obviously this is not the case, so is there a more appropriate way to
>handle this scenario than what I am currently doing?
Ok. You have two/three choices:
1. Don't use RBLs (and hence rblsmtpd).
My personal oppinon on RBL is, that they are obsolte and a welcome source
to everybody, who wishes to analyse your email traffic.
Use GREETDELAY instead -- it is at least as efficient.
2. For those guys who wish to communicate solely via SMTP Auth use a
didicated port (ie. 26). SMTP Auth is mainly used for Relaying. If you use
in addition a separate IP address simply remove rcpthosts and your are done.
3. A better solution would be to use port 465 to allow SMTP Auth + SSL.
With SPAMCONTROL you can enforce a valid SSL session and/or a valid SMTP
Authentication.
---
DJB did not implement into qmail-smtpd a libresolv library; for very good
reasons. Alle the gimmicks with DNS (even SPAMCONTROL uses) don't help very
much.
regards.
--eh.
Dr. Erwin Hoffmann | FEHCom | http://www.fehcom.de/
Wiener Weg 8, 50858 Cologne | T: +49 221 484 4923 | F: ...24
|