Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Obsolete Releases
  3. SME Server 8.x
  4. Topic: Help and advice on safely allowing external send email access (SMTP relay)
« previous next »
Pages: [1]   Go Down

Help and advice on safely allowing external send email access (SMTP relay)

  • 4 Replies
  • 857 Views

Offline stabilys

  • *
  • 76
  • +0/-0
  • Ah din't do it!!
    • Stabilys Ltd
Help and advice on safely allowing external send email access (SMTP relay)
« on: September 06, 2013, 03:37:42 PM »
Hello all.

A client of ours has an externally-hosted website (on Debian in Germany) and email hosted on their SME8 which is carryiong out all other usual server duties in their office.

The DNS MX record and email is properly set up with forward records for the website and mail; a reverse record is set up at the DSL IP.

All so far OK.

Their web developers have been sending emails from the webserver with (non-sensitive, account holders only so no financial info) order information from a PHP script on the webserver to the email server but spoofing the from address to be that of the company email.

 :shock:

This predictably has been causing issues (cough) so I am trying to find if there is a safe way to give them the ability to connect to the server and deliver email using it.

I have not thought of one.

Does anyone have any ideas or advice, thanks!

MeJ
Logged
This, too, will pass ;)

Offline Stefano

  • *
  • 10,894
  • +3/-0
Re: Help and advice on safely allowing external send email access (SMTP relay)
« Reply #1 on: September 06, 2013, 03:46:22 PM »
well.. create an ad hoc user on your server and tell the php programmers to use smtp authentication

it seems so simple to me that maybe I didn't understand the question :-)
Logged

Offline stabilys

  • *
  • 76
  • +0/-0
  • Ah din't do it!!
    • Stabilys Ltd
Re: Help and advice on safely allowing external send email access (SMTP relay)
« Reply #2 on: September 06, 2013, 03:50:34 PM »
Thanks Stefano,

is that actually safe? It worried me.

MeJ
Logged
This, too, will pass ;)

Offline Stefano

  • *
  • 10,894
  • +3/-0
Re: Help and advice on safely allowing external send email access (SMTP relay)
« Reply #3 on: September 06, 2013, 03:55:39 PM »
it is as safe as any other email client conneting to your server to send email

BTW:
1) be sure to use ssmtp (use port 465)
2) be SURE that the script and the credentials are securely stored on the other server.. if someone breaks that server, they have a key to send email
3) you should start thinking about a way to monitor your mail queue.. if normally the server sends let's say 1000 mails a day, you must know if it starts to send 10000 email messages..
Logged

Offline stabilys

  • *
  • 76
  • +0/-0
  • Ah din't do it!!
    • Stabilys Ltd
Re: Help and advice on safely allowing external send email access (SMTP relay)
« Reply #4 on: September 06, 2013, 04:00:51 PM »
Thanks again Stefano,

they were being a bit 'loose' about it and I was not happy. I've had 'interesting' weekends caused by mail relays.

I will follow your advice. Re point 2,  unfortunately the other server is entirely outside our control but I will emphasise the point and maybe add one of the mail monitor contribs if it seems fitting.

Thank you very much!

MeJ
Logged
This, too, will pass ;)
Pages: [1]   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Obsolete Releases
  3. SME Server 8.x
  4. Topic: Help and advice on safely allowing external send email access (SMTP relay)