Koozali.org: home of the SME Server
Obsolete Releases => SME Server 8.x => Topic started by: nogero on May 02, 2013, 07:35:09 PM
-
I recently upgraded from 7.4 to 8.0. I have several automated devices on the internal LAN that email out messages on certain events. I like to use email addresses like "motion-detected@mydomain.com".
Since upgrading emailing out from within the LAN is failing with errors POP authorization failed. and 550 relay denied.
Can I set the email server so it will email out (relay) ALL messages from inside the LAN without checking for a valid address?
-
wiki is your friend
http://wiki.contribs.org/Email#How_do_I_disable_SMTP_relay_for_unauthenticated_LAN_clients (http://wiki.contribs.org/Email#How_do_I_disable_SMTP_relay_for_unauthenticated_LAN_clients)
-
Wiki might be my friend but that link doesn't solve the problem. On my stock 8.0 the default was unauthenticated LAN SMTP is denied. I want to ALLOW unauthenticated SMTP on the LAN only. The next entry allows unauthenticated SMTP for both LAN and internet apparently. That isn't good. So it appears nothing on that page addresses my problem.
"How do I disable SMTP relay for unauthenticated LAN clients" apparently is the default and that is my problem. I want to ENABLE unauthenticated SMTP relay on the LAN only.
-
The solution is just under:
http://wiki.contribs.org/Email#Allow_SMTP_relay_of_mail_without_encryption.2Fauthentication
-
I did a work-around of creating fake-users for the "From:" part of the email message, gave them passwords and stayed with the standard require-authentication. My 8.0 downloaded last week came default with require authentication.
The problem with your latest suggestion is it does not specify for the LAN only. I guess I could solve that by blocking port 25 to the internet so no unauthenticated could relay from the internet side. It seems odd they way it is currently setup and the wiki. Note that "Allow authenticated" and "Disallow unauthenticated" as stated in the wiki are the exact same result, or the wiki author forgot to write "for LAN".
But I have it solved for now with the work-around. Thanks.
-
The problem with your latest suggestion is it does not specify for the LAN only. I guess I could solve that by blocking port 25 to the internet so no unauthenticated could relay from the internet side
I've you tried the solution ? RelayRequiresAuth only affect local networks. Relay from the outside will always require auth. If setting RelayRequiresAuth to disabled allows relay from the outside, then there's a bug (I'm quite sure there's no bug)
-
nogero
"How do I disable SMTP relay for unauthenticated LAN clients" apparently is the default and that is my problem. I want to ENABLE unauthenticated SMTP relay on the LAN only.
You are best to leave the default as is, it is there to prevent local virus infection mail engines from using you server as a outgoing spam email box. (ie no athentication - no send).
The workaround you describe is really just you using the system as designed.
-
I did a work-around of creating fake-users for the "From:" part of the email message, gave them passwords and stayed with the standard require-authentication.
That doesn't sound like a workaround; that sounds like a proper solution to the problem.
-
That doesn't sound like a workaround; that sounds like a proper solution to the problem.
I allways have a slave user (named "SLAVE" with a HUGE AND DIFFICULT-TO-GUESS PASSWORD) to be used for administrative tasks.
( as automated install of software or multifuncion scanner who need network access).
It has no access to ANY shares besides those freely available (group anyone).
The same account could be used to send e-mail, just create an reply-to field to redirect replies.
I agree with Charlie: this is not workaroud. It's the RIGHT way to do things. ;)