Koozali.org: home of the SME Server

Obsolete Releases => SME Server 7.x => Topic started by: charlien on January 30, 2009, 12:10:49 AM

Title: Allow open relay from one LAN address
Post by: charlien on January 30, 2009, 12:10:49 AM: I need to allow my SME server to be an open relay for one IP address on our LAN. I want to make sure what I do will not open things up to the world. Can someone give me so direction. I'd appreciate it. To explain a little more, we have installed a voice mail that will send email notification to a user that there is a voice mail in there voicemail box. That server requires the use of an open relay. All the the intended recipients have mailboxes on the SME server (if that helps). The voice mail does not have any option for authentication on the SME server. I can only input the IP address of the SME box.
Title: Re: Allow open relay from one LAN address
Post by: David Harper on January 30, 2009, 12:19:05 AM: Try this:

Code: [Select]
config setprop qpsmtpd Authentication disabled signal-event email-update
AFAIK this will disable authentication for all LAN clients, but still not enable SMTP access to WAN clients. But I would do some testing just in case :-)
Title: Re: Allow open relay from one LAN address
Post by: charlien on January 30, 2009, 12:52:31 AM: "but still not enable SMTP access to WAN clients"

I'm not sure what that means. We allow ssl WAN access to our server so smartphone users can send/recieve email.
Title: Re: Allow open relay from one LAN address
Post by: David Harper on January 30, 2009, 12:56:56 AM: As far as I know altering the authentication settings will not affect this functionality - but do make sure to test the changes.
Title: Re: Allow open relay from one LAN address
Post by: charlien on January 30, 2009, 02:08:19 AM: Thanks David. I'm paranoid about becoming and open relay and wanted to bounce this off someone more knowledgeable than me. I will test it.
Title: Re: Allow open relay from one LAN address
Post by: David Harper on January 30, 2009, 02:12:55 AM: Let us know how you get along. AFAIK incoming WAN SMTP requests are blocked by the firewall, although SSMTP is allowed.

In the end, if it doesn't work, reverse the change as shown:

Code: [Select]
config setprop qpsmtpd Authentication enabled signal-event email-update
... and we will put our thinking caps on.
Title: Re: Allow open relay from one LAN address
Post by: CharlieBrady on January 30, 2009, 02:26:51 PM: Quote from: David Harper on January 30, 2009, 02:12:55 AM
Let us know how you get along. AFAIK incoming WAN SMTP requests are blocked by the firewall, although SSMTP is allowed.

No, incoming WAN SMTP is permitted - that's how email addressed to your domain arrives. Mail relaying, however, is not permitted from the WAN connection, i.e. mail for other domains is not accepted.
Title: Re: Allow open relay from one LAN address
Post by: David Harper on January 31, 2009, 12:57:38 AM: Ah, that makes sense :)