james-server-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Renen Watermeyer" <ren...@gmail.com>
Subject RE: Opening SMTP
Date Mon, 09 Jul 2007 08:23:54 GMT
Thank you for the speedy reply.

I may have asked my question badly. Let me describe the scenario more
completely.

I have a James server that currently sends server generated email. Only a
specific application server is able to connect to the James server, and it
sends mail on behalf of several users (generally, workflow generated email).

The mx records, reverse DNS lookups etc are bound to the James server - and
everything seems to be working happily (and has been working for some time).
Mail is sent and received.

Because I am (sometimes!) a little nervous, I tried to prohibit relaying of
email (even legitimate email from, for example, myself). I did this by using
the <authorizedAddresses> setting and only allowing the application server
that sends email (which in hindsight may have been slightly misguided).

I would now like to allow trusted third parties (like myself) to send email
via the James server. To do this, I think I need to:

* Comment out the <RemoteAddrNotInNetwork> setting (because most of our
users use dynamic IP addresses);
* Leave the <authorizedAddresses> setting as I want the application server
to be able to send email without authenticating;
* Uncomment the <authRequired>true</authRequired> setting.

I am inclined to also uncomment the <verifyIdentity>true</verifyIdentity>
line - but I suspect that this will mean that the application server can't
send email on behalf of other users. Is this correct?


Have I got the general idea? And, from a James perspective, is there
anything more I can do to secure the server?

Thank you for your guidance!

Renen.


-----Original Message-----
From: Stefano Bagnara [mailto:apache@bago.org] 
Sent: 09 July 2007 09:53 AM
To: James Users List
Subject: Re: Opening SMTP

Renen Watermeyer ha scritto:
> Hello,
> 
> I have been sending mail locally from a James server for a couple of
years.
> I want to up the ante and send mail remotely - that is, from random
> computers located randomly on the internet. No, not spam: normal, user
> driven email.

Do you want JAMES to act as MX server for your domain? Or do you simply
want to enable an Authenticated-users only mail submission service?

The first is the default for JAMES Server, so simply revert changes you
did to remove the receiving part.

Unfortunately as soon as you'll accept mail for a domain you will also
receive spam. You can try enabling online blacklists and bayes filters,
but this will only help a bit.

Stefano

> What is the most secure / safest way to do this? I know can simply allow
> SMTP access via the conf file. But is this not opening a can of worms by
> doing that?
> 
> Thanks in advance!
> 
> Renen.



---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org


Mime
View raw message