Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Obsolete Releases
  3. SME Server 7.x
  4. Topic: qpsmtpd ssmtp mandatory auth
« previous next »
Pages: [1]   Go Down

qpsmtpd ssmtp mandatory auth

  • 3 Replies
  • 1959 Views

Offline czt

  • 3
  • +0/-0
qpsmtpd ssmtp mandatory auth
« on: September 25, 2008, 02:20:23 PM »
In email howto "How do I enable smtp authentication for users on the internal network" section the "config::qpsmtpd::Authentication" db variable is incorrect, as I find out, it should read: "config::ssmtpd::Authentication".
The main problem: this setting not makes authentication mandatory just a possibility.

Overwriting the default qpsmtpd template with the empty custom template as in: "How do I disable SMTP relay for unauthenticated LAN clients" disables local clients from relay on smtp port 25 but not on ssmtp port 465.

I want ssmtp relay access only from local clients and with mandatory authentication. Any help to achieve this?
« Last Edit: September 25, 2008, 04:07:30 PM by czt »
Logged

Offline CharlieBrady

  • *
  • 6,918
  • +3/-0
Re: qpsmtpd ssmtp mandatory auth
« Reply #1 on: September 25, 2008, 03:03:59 PM »
Quote from: czt on September 25, 2008, 02:20:23 PM
In email howto "How do I enable smtp authentication for users on the internal network" section the "config::qpsmtpd::Authentication" db variable is incorrect, as I find out, it should read: "config::ssmtpd::Authentication".

Please report all errors in documentation via the Bug Tracker (Documentation section). Thanks.
Logged

Offline janet

  • *****
  • 4,812
  • +0/-0
Re: qpsmtpd ssmtp mandatory auth
« Reply #2 on: September 25, 2008, 10:12:09 PM »
czt

I use those settings and the functionality works as described, and the documentation is correct.

You need to enable external authenticated relay access to your SMTP server (ie SSMTP access) in the server manager E-mail panel, under Change e-mail reception settings, and select Allow SSMTP (secure).

You also need to enable the provision of encrypted external (public) access to the POP3 & IMAP servers, (ie authentication) in the server manager panel, under E-mail Change e-mail access settings select Allow private and public (secure POP3S) and/or select Allow private and public (secure IMAPS).


You also (ie "as well as") need to do both steps referred to in the Email FAQ re
"How do I enable smtp authentication for users on the internal network"
and
"How do I disable SMTP relay for unauthenticated LAN clients"

Then you also need to reconfigure your email clients to use a secure SSL connection and port 465 for outgoing SMTP server & port 993 for incoming IMAP server.


Quote
...the "config::qpsmtpd::Authentication" db variable is incorrect, as I find out, it should read: "config::ssmtpd::Authentication"


No, it is correct in the documentation. Here's my servers settings:

config show qpsmtpd

qpsmtpd=service
    Authentication=enabled
    Bcc=disabled
    BccMode=cc
    BccUser=maillog
    DNSBL=disabled
    Instances=1
    LogLevel=6
    MaxScannerSize=25000000
    RBLList=bl.spamcop.net:combined.njabl.org:dnsbl.ahbl.org:dnsbl-1.uceprotect.net:dnsbl-2.uceprotect.net:list.dsbl.org:multihop.dsbl.org:psbl.surriel.com:sbl-xbl.spamhaus.org
    RHSBL=disabled
    RequireResolvableFromHost=no
    SBLList=bogusmx.rfc-ignorant.org:multi.surbl.org:black.uribl.com:rhsbl.sorbs.net:bulk.rhs.mailpolice.com:fraud.rhs.mailpolice.com:porn.rhs.mailpolice.com:adult.rhs.mailpolice.com:ex.dnsbl.org:blackhole.securitysage.com
    access=public
    qplogsumm=disabled
    status=enabled

config show smtpd

smtpd=service
    Authentication=disabled
    Instances=40
    InstancesPerIP=5
    MaximumDateOffset=0
    PatternsScan=disabled
    Proxy=enabled
    TCPPort=25
    TCPProxyPort=25
    VirusScan=disabled
    access=public
    status=enabled
    tnef2mime=enabled

config show ssmtpd

ssmtpd=service
    Authentication=enabled
    Instances=10
    TCPPort=465
    access=public
    status=enabled
« Last Edit: September 25, 2008, 10:28:40 PM by mary »
Logged
Please search before asking, an answer may already exist.
The Search & other links to useful information are at top of Forum.

Offline czt

  • 3
  • +0/-0
Re: qpsmtpd ssmtp mandatory auth
« Reply #3 on: September 26, 2008, 08:45:29 AM »
mary

Quote from: mary on September 25, 2008, 10:12:09 PM
You need to enable external authenticated relay access to your SMTP server (ie SSMTP access) in the server manager E-mail panel, under Change e-mail reception settings, and select Allow SSMTP (secure).

This is the actual setting.

Quote from: mary on September 25, 2008, 10:12:09 PM
You also need to enable the provision of encrypted external (public) access to the POP3 & IMAP servers, (ie authentication) in the server manager panel, under E-mail Change e-mail access settings select Allow private and public (secure POP3S) and/or select Allow private and public (secure IMAPS).

I don't see why would be necessary to enable external secure imap and pop3 for secure smtp, or I missed something.

Quote from: mary on September 25, 2008, 10:12:09 PM
config show qpsmtpd

qpsmtpd=service
    Authentication=enabled
...

config show ssmtpd

ssmtpd=service
    Authentication=enabled

So authentication enabled on booth place. I find out that the ssmtpd is relevant, but maybe wrong.

If you set an internal client to send with ssmtp (on port 465), but without setting SMTP Auth, will it be successful?

Thanks for the reply.
Logged
Pages: [1]   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Obsolete Releases
  3. SME Server 7.x
  4. Topic: qpsmtpd ssmtp mandatory auth