Koozali.org: home of the SME Server
Obsolete Releases => SME Server 7.x => Topic started by: czt on September 25, 2008, 02:20:23 PM
-
In email howto "How do I enable smtp authentication for users on the internal network" section the "config::qpsmtpd::Authentication" db variable is incorrect, as I find out, it should read: "config::ssmtpd::Authentication".
The main problem: this setting not makes authentication mandatory just a possibility.
Overwriting the default qpsmtpd template with the empty custom template as in: "How do I disable SMTP relay for unauthenticated LAN clients" disables local clients from relay on smtp port 25 but not on ssmtp port 465.
I want ssmtp relay access only from local clients and with mandatory authentication. Any help to achieve this?
-
In email howto "How do I enable smtp authentication for users on the internal network" section the "config::qpsmtpd::Authentication" db variable is incorrect, as I find out, it should read: "config::ssmtpd::Authentication".
Please report all errors in documentation via the Bug Tracker (Documentation section). Thanks.
-
czt
I use those settings and the functionality works as described, and the documentation is correct.
You need to enable external authenticated relay access to your SMTP server (ie SSMTP access) in the server manager E-mail panel, under Change e-mail reception settings, and select Allow SSMTP (secure).
You also need to enable the provision of encrypted external (public) access to the POP3 & IMAP servers, (ie authentication) in the server manager panel, under E-mail Change e-mail access settings select Allow private and public (secure POP3S) and/or select Allow private and public (secure IMAPS).
You also (ie "as well as") need to do both steps referred to in the Email FAQ re
"How do I enable smtp authentication for users on the internal network"
and
"How do I disable SMTP relay for unauthenticated LAN clients"
Then you also need to reconfigure your email clients to use a secure SSL connection and port 465 for outgoing SMTP server & port 993 for incoming IMAP server.
...the "config::qpsmtpd::Authentication" db variable is incorrect, as I find out, it should read: "config::ssmtpd::Authentication"
No, it is correct in the documentation. Here's my servers settings:
config show qpsmtpd
qpsmtpd=service
Authentication=enabled
Bcc=disabled
BccMode=cc
BccUser=maillog
DNSBL=disabled
Instances=1
LogLevel=6
MaxScannerSize=25000000
RBLList=bl.spamcop.net:combined.njabl.org:dnsbl.ahbl.org:dnsbl-1.uceprotect.net:dnsbl-2.uceprotect.net:list.dsbl.org:multihop.dsbl.org:psbl.surriel.com:sbl-xbl.spamhaus.org
RHSBL=disabled
RequireResolvableFromHost=no
SBLList=bogusmx.rfc-ignorant.org:multi.surbl.org:black.uribl.com:rhsbl.sorbs.net:bulk.rhs.mailpolice.com:fraud.rhs.mailpolice.com:porn.rhs.mailpolice.com:adult.rhs.mailpolice.com:ex.dnsbl.org:blackhole.securitysage.com
access=public
qplogsumm=disabled
status=enabled
config show smtpd
smtpd=service
Authentication=disabled
Instances=40
InstancesPerIP=5
MaximumDateOffset=0
PatternsScan=disabled
Proxy=enabled
TCPPort=25
TCPProxyPort=25
VirusScan=disabled
access=public
status=enabled
tnef2mime=enabled
config show ssmtpd
ssmtpd=service
Authentication=enabled
Instances=10
TCPPort=465
access=public
status=enabled
-
mary
You need to enable external authenticated relay access to your SMTP server (ie SSMTP access) in the server manager E-mail panel, under Change e-mail reception settings, and select Allow SSMTP (secure).
This is the actual setting.
You also need to enable the provision of encrypted external (public) access to the POP3 & IMAP servers, (ie authentication) in the server manager panel, under E-mail Change e-mail access settings select Allow private and public (secure POP3S) and/or select Allow private and public (secure IMAPS).
I don't see why would be necessary to enable external secure imap and pop3 for secure smtp, or I missed something.
config show qpsmtpd
qpsmtpd=service
Authentication=enabled
...
config show ssmtpd
ssmtpd=service
Authentication=enabled
So authentication enabled on booth place. I find out that the ssmtpd is relevant, but maybe wrong.
If you set an internal client to send with ssmtp (on port 465), but without setting SMTP Auth, will it be successful?
Thanks for the reply.