General discussion

Locked

Sendmail gateway access for remote users

By techpub ·
I have a Sun Solaris system running Sendmail Pro. I have setup the relay-domains file so that it will only relay mail for our corporate domain to avoid spammers.
The problem I have is how to allow my users to access the SMTP gateway while dialing in through their ISP's. The Sendmail system is located at our ISP and we are using a VPN to allow remote users to access our local systems. The VPN doesn't help my problem, because even if users come in through our VPN they still show up to our Sendmail system as coming from their ISP. The VPN software is setup so that any internet access goes out through the users ISP and doesn't go back through the VPN and out the corporate T1.
We have tried setting up users so that they use their ISP's SMTP gateway while traveling, but some ISP's have blocked any mail that doesn't originate from one of their e-mail accounts.
Has anyone run into this before? Should I setup a Sendmail gateway inside our corporate net, so that users can access it via the VPN? Is there any way

This conversation is currently closed to new comments.

13 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Sendmail gateway access for remote users

by skogan In reply to Sendmail gateway access f ...

There is no ideal solution for your case. If you permit your users with foreign IP-addresses to relay mail throught your sendmail - any user from those IPs can relay. If you prohibit foreign IPs from using your sendmail - your users cannot relay also. SMTP protocol doesn't provide any methods to identify users. :-(

In your case I see three possible (but non-ideal :-) solutions:

a) Use some kind of sendmail-like program on user PCs. Setup their mail programs to use localhost:25 as outgoingmail server and let their local sendmail to do the rest.

b) Use IP-tunneling and permit relaying for tunneled network.

c) Use "secret word" technique. Permit relaying from other IP-addresses if mail headers contain some secret word. Rewrite headers to remove "password" before relaying. You can do it by adding rules in sendmail.cf file.

Collapse -

Sendmail gateway access for remote users

by techpub In reply to Sendmail gateway access f ...

The question was auto-closed by TechRepublic

Collapse -

Sendmail gateway access for remote users

by dron In reply to Sendmail gateway access f ...

another idea.. not good, but.. -)
please setup another SendMail (on other machine, or with other IP address) with no relay for domain other from your own domain, and remote user can send mail to it SMTP server, but if address of receipment other from your domain - email will not relayed...

Collapse -

Sendmail gateway access for remote users

by techpub In reply to Sendmail gateway access f ...

The question was auto-closed by TechRepublic

Collapse -

Sendmail gateway access for remote users

by moflic In reply to Sendmail gateway access f ...

1. PPP dial-in server on your network (requires phone lines) (or just telnet will do). They'll use Hyperterminal and logon and send mail with local mail programs.
2. Allowing users to telnet, rlogin or ssh(best for security) from their ISP to your network and use a local program to send their mail (pine, elm, or another). -best IMHO
3. Sendmail on local network allowing relay from your users and sending the mail to the ISP's mail server.
4. A combination of those

Collapse -

Sendmail gateway access for remote users

by techpub In reply to Sendmail gateway access f ...

The question was auto-closed by TechRepublic

Collapse -

Sendmail gateway access for remote users

by fluteplayer In reply to Sendmail gateway access f ...

First of all you should be using Sendmail 8.9.x. It does default to a more paranoid setting if spam prevention is a concern. Using the documentation, you can build your own sendmail.cf file using the m4 macros. One of the features you can incorporate is to use the /etc/mail/access.db. This is a database you customize to allow or deny special circumstance users.

For instance, you can deny certain domains while accepting others. Or you can accept inbound mail only from your domain as well as one other host from outside your system. You can even get specific down to the user.

It's a real hassel to set it all up in the m4 files, but in the end it works wonderfully.

Lynn Ragan
Sun Certified Engineer

Collapse -

Sendmail gateway access for remote users

by techpub In reply to Sendmail gateway access f ...

The question was auto-closed by TechRepublic

Collapse -

Sendmail gateway access for remote users

by kasey In reply to Sendmail gateway access f ...

1. Use a VPN software.
- change the setting on the vpn setup to use the default route from the
remote side. This will make the 0.0.0.0 route point at the vpn tunnel
and will then make the users mailtool look like a local address in your
network.

2. Install autoauth.pl! I have been running a version of this script with
several different pop3/imap servers. The premise of this software is
to use the pop deamon's syslog entries as a way of trapping the user
nameand ip address. Then is can be written to make the access_db a
dynamic relay file. it can be rebuilt on the fly and addresses added/deleted when the meet a timeout criteria.

you will have to do some perl script hacking and some other shell scripting
but it is worth it......

http://www.agh.cc.kcl.ac.uk/unix/archive/checking/latest/checking.tar

Collapse -

Sendmail gateway access for remote users

by techpub In reply to Sendmail gateway access f ...

The question was auto-closed by TechRepublic

Back to Linux Forum
13 total posts (Page 1 of 2)   01 | 02   Next

Related Forums