Re: [Nolug] Email for Out of the Office from -ray on 2004-05-17 (nolugarchives)

From: -ray <ray_at_ops.selu.edu>
Date: Mon, 17 May 2004 18:53:26 -0500 (CDT)
Message-ID: <Pine.LNX.4.44.0405171834060.4689-100000@romulus.csd.selu.edu>

On Mon, 17 May 2004, Kent Busbee wrote:

> Is there a way to configure Sendmail to accept SMTP connections from valid
> users with accounts who are on their laptops out of the office? In
> particular, how can you have the following:
>
> 1. Avoiding open-relay and making it secure
> 2. Avoiding baulks from other email systems because the email is not
> "originating" from the email server.
> 3. Working with standard email clients such as outlook.
> 4. Configure it seamlessly so that whether out of the office (personal ISP
> internet), or in the office (Intranet), their email program works without
> changing settings.
> 5. Avoid SMTP port blocks from personal ISPs
>
> I think that about covers it. Surely there is a way, and hopefully not too
> complicated.
>
> Web-mail is not working. It is too slow, and does not work with standard
> email clients. And, most importantly, it is filling up the /var too much,
> not to mention the bandwidth problems of keeping those messages on the
> server. I want to avoid going to another email platform if possible (other
> than sendmail), but will go there as a last resort.
>
> Thoughts, PLEASE?

Kent,

I don't know of a way to satisfy all 5 requirements (you want secure AND
easy to use??). One way is to setup SMTP AUTH on sendmail using SSL or
TLS encryption. Sendmail will relay for a client after he authenticates,
and this way you get end to end encryption. It's pretty complex to setup,
however. This solves 1-4, but not 5.

A lot of isp's are proxying/redirecting smtp ports to their mail server,
or blocking the ports altogether. We have MS worms to thank for that. I
tell users if you're on say charter.net's network, you use charter.net
SMTP servers. If you're on their network, the ISP should relay for you
regardless of envelope addresses. This solves 5, at the expense of 2 and
4. And if SPF or RMX ever come into common usage for fighting spam, then
this won't work.

I would try to setup SMTP AUTH first, and use the 2nd option for ISP's
that block ports. My problem with SMTP AUTH was figuring out howto get
sendmail to authenticate against an existing LDAP tree. Good
documentation is pretty scarce.

ray
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Ray DeJean http://www.r-a-y.org
Systems Engineer Southeastern Louisiana University
IBM Certified Specialist AIX Administration, AIX Support
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

___________________
Nolug mailing list
nolug@nolug.org
Received on 05/17/04