Topic: SMTP for 6.0b3 outside of primary ocal net

[Jim Huneycutt]

I have the following setup: SME 6.0b3 in server/gateway mode connected to the Internet via a Cisco router. The SME server has a static external ip of 65.xxx.xxx.xx. The SME does DHCP for a small number of users (less than 10) on the internal LAN - 192.168.nn.nn.

I must provide email accounts and SMTP service to additional users (as of now about 200) on the same external network in the (65.xxx.xxx.1-255 range) on which the SME server resides (my client owns this ip block). These users receive their ip address from another, non-SME, DHCP server and are of course also behind the Cisco router. Note that the addresses in this range are routable (hence I cannot use the SME server for DHCP for these users since the SME server is not designed to dish up routable addresses).

I know I can simply setup the user/mail accounts and make pop/imap access public. My question is how do I provide SMTP service to these accounts?

I don't think adding the external network as a local network to the SME server will work, because the router is not part of the LAN 192.168.nn.nn range. As I understand it, this is a requirement under 6.0b3. Securemail does not appear to be supported under 6.0b3 according to another post  here. While I could backtrack to SME 5.6 and possibly get securemail going, this would require a contact visit to all users to setup the SMTP login's - something the client would rather not do.

Using the ISP's SMTP service is not an option - this is a (small) ISP and the SMTP service I am trying to provide is for the existing customers. The existing SMTP server is going away due to a disagreement with the vendor. I am trying to pick up the pieces.

Is there some addon/contrib that could provide the SMTP serice on SME 6.0b3? Am I making this harder than it should be? Hopefully someone has a simple answer.

Thanks for your help and advice,
jim

[Jim Huneycutt]

Maybe my post was too long-winded. I need to do the following on 6.0b3:
1.) Add additional networks that are not on the internal LAN and thus enable SMTP (works on 5.6) or
2.) Enable SMTP for specific network blocks, ie 65.xxx.xxx.1-255 across multiple subnets.

Any help would be appreciatied.
jim

[Nathan Fowler]

Jim, let me summarize what I think you want:

1) Provide 65.xxx.yyy.zzz with relay rights on the SME SMTP server.
2) Provide 65.xxx.yyy.zzz with mailboxes on the SME server.
3) Retain existing security on the SME box
4) Avoid having to touch the clients, create a seamless transition/implementation.

What is your client base?  Win32, or *nix?

Thanks,
Nathan

[Jim Huneycutt]

Nathan,
That is a good summary. The client base is all windows as far as I can determine - from 95 to XP. Probably more 98 than anything else (rural area for the most part). I had a look at your pop before smtp http://www.stickit.nu/pop-before-smtp/ but I was concerned about your caveats (security, not all emails clients doing pop first) and that it did not appear to work on 6.0b3.

I welcome any suggestions. Currently I am looking into templating /etc/tcprules/tcp.smtp to add a line such as:

65.xxx.yyy.:allow,RELAYCLIENT=""

but in testing that did not seem to work.

I welcome any and all suggestions. Thank you in advance.

jim

[Jim Huneycutt]

Correction, Nathan. There are a couple of Apple iMac users among the email clients. They can be handled manually if necessary so I am not concerned about them.

Thanks,
jim

[Nathan Fowler]

I didn't realize I my code was so popular

Is there any reason why you couldn't add that subnet as a local network?  Forgive my lack of experience with 6.0b3, but if you could add that range as a local network you would be able to provide those services with the least amount of client configuration.

[Jim Huneycutt]

Thanks for the reply Nathan.

6.0b3 requires a router that is reachable on the internal LAN which in my case it is not. This is a good security feature I'm sure. To work around it we are now testing a custom template that modifies the tcprules to relay for only our address block.

While this seems to work in preliminary testing we are looking for a way to extend the rules so that only someone with a valid email account AND is in that required address range is allowed to relay. I suppose this is different from your pop-before-smtp in that we are limiting the relay to that address range rather than allowing a valid pop user from any ip address to relay.

Now if only someone would modify a certain script to make that happen on 6.0b3 there would be joy and happiness throughout the land - or at least at my customer site.

Cheers,
jim