[Techtalk] Allow all relays through sendmail

[Brian Sweeney]

I will add myself to the long list of people saying...DON'T OPEN RELAY. 
  Not ONLY are you allowing your own system to be abused, you're giving 
spammers a way to get to other people.  To me, Running an open relay is 
pretty irresponsible without a REALLY good reason.  And I've yet to hear 
one ;-).

> My usual solution in a case like this would be to set up POP-before-SMTP 
> relaying: when a user successfully authenticates via POP, their IP 
> address is added to /etc/mail/access, and makemap is run to re-compile 
> /etc/mail/access.db. The IP is retained for N minutes, where the usual 
> value for N is 15.


That's what I used to do as well. However, several people I work with 
have had lots of success with SMTP AUTH.  It's incorporated into a lot 
of mail clients nowadays (Pine, Netscape/Mozilla, Outlook/Outlook 
Express).  There's a list of clients on sendmail's site that support it 
currently, along with what encryption they support.

An excerpt from Sendmail's site 
(http://www.sendmail.org/~ca/email/auth.html):

	SMTP AUTH allows relaying for senders who have successfully 

	authenticated themselves. Per default, relaying is allowed 

	for any user who authenticated via a trusted mechanism, i.e., 

	one that is defined via TRUST_AUTH_MECH(`list of mechanisms')
	This is useful for roaming users and can replace 

	POP-before-SMTP hacks if the MUA supports SMTP AUTH.


The list of clients supported is at 
http://www.sendmail.org/~ca/email/mel/SASL_ClientRef.html

Like I said, I know of a few people that have this running successfully, 
and it's what I'm planning to implement over the next few months.  Right 
now, I've got a secure http server serving a web-based interface to my 
mailserver, which authenticates and then allows people to send or 
receive mail.  Of course, this restricts users to a web-based mail 
client, but hey, it works for now =).

Hope you get it working!

-Brian