[Techtalk] Allow all relays through sendmail
bsweeney at physics.ucsb.edu
Tue Nov 20 10:06:20 EST 2001
I will add myself to the long list of people saying...DON'T OPEN RELAY.
Not ONLY are you allowing your own system to be abused, you're giving
spammers a way to get to other people. To me, Running an open relay is
pretty irresponsible without a REALLY good reason. And I've yet to hear
> My usual solution in a case like this would be to set up POP-before-SMTP
> relaying: when a user successfully authenticates via POP, their IP
> address is added to /etc/mail/access, and makemap is run to re-compile
> /etc/mail/access.db. The IP is retained for N minutes, where the usual
> value for N is 15.
That's what I used to do as well. However, several people I work with
have had lots of success with SMTP AUTH. It's incorporated into a lot
of mail clients nowadays (Pine, Netscape/Mozilla, Outlook/Outlook
Express). There's a list of clients on sendmail's site that support it
currently, along with what encryption they support.
An excerpt from Sendmail's site
SMTP AUTH allows relaying for senders who have successfully
authenticated themselves. Per default, relaying is allowed
for any user who authenticated via a trusted mechanism, i.e.,
one that is defined via TRUST_AUTH_MECH(`list of mechanisms')
This is useful for roaming users and can replace
POP-before-SMTP hacks if the MUA supports SMTP AUTH.
The list of clients supported is at
Like I said, I know of a few people that have this running successfully,
and it's what I'm planning to implement over the next few months. Right
now, I've got a secure http server serving a web-based interface to my
mailserver, which authenticates and then allows people to send or
receive mail. Of course, this restricts users to a web-based mail
client, but hey, it works for now =).
Hope you get it working!
More information about the Techtalk