james-server-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefano Bagnara <apa...@bago.org>
Subject Re: Opening SMTP
Date Mon, 09 Jul 2007 08:46:12 GMT
Renen Watermeyer ha scritto:
> Thank you for the speedy reply.
> 
> I may have asked my question badly. Let me describe the scenario more
> completely.
> 
> I have a James server that currently sends server generated email. Only a
> specific application server is able to connect to the James server, and it
> sends mail on behalf of several users (generally, workflow generated email).
> 
> The mx records, reverse DNS lookups etc are bound to the James server - and
> everything seems to be working happily (and has been working for some time).
> Mail is sent and received.
> 
> Because I am (sometimes!) a little nervous, I tried to prohibit relaying of
> email (even legitimate email from, for example, myself). I did this by using
> the <authorizedAddresses> setting and only allowing the application server
> that sends email (which in hindsight may have been slightly misguided).
> 
> I would now like to allow trusted third parties (like myself) to send email
> via the James server. To do this, I think I need to:
> 
> * Comment out the <RemoteAddrNotInNetwork> setting (because most of our
> users use dynamic IP addresses);
> * Leave the <authorizedAddresses> setting as I want the application server
> to be able to send email without authenticating;
> * Uncomment the <authRequired>true</authRequired> setting.

The best thing is create users with passwords and have them use a
password to authenticate the session (every mail client supports
authentication) from any IP in order to relay.

Just create users and configure the clients to use the user/pass you
assigned.

Stefano

> I am inclined to also uncomment the <verifyIdentity>true</verifyIdentity>
> line - but I suspect that this will mean that the application server can't
> send email on behalf of other users. Is this correct?
> 
> 
> Have I got the general idea? And, from a James perspective, is there
> anything more I can do to secure the server?
> 
> Thank you for your guidance!
> 
> Renen.
> 
> 
> -----Original Message-----
> From: Stefano Bagnara [mailto:apache@bago.org] 
> Sent: 09 July 2007 09:53 AM
> To: James Users List
> Subject: Re: Opening SMTP
> 
> Renen Watermeyer ha scritto:
>> Hello,
>>
>> I have been sending mail locally from a James server for a couple of
> years.
>> I want to up the ante and send mail remotely - that is, from random
>> computers located randomly on the internet. No, not spam: normal, user
>> driven email.
> 
> Do you want JAMES to act as MX server for your domain? Or do you simply
> want to enable an Authenticated-users only mail submission service?
> 
> The first is the default for JAMES Server, so simply revert changes you
> did to remove the receiving part.
> 
> Unfortunately as soon as you'll accept mail for a domain you will also
> receive spam. You can try enabling online blacklists and bayes filters,
> but this will only help a bit.
> 
> Stefano
> 
>> What is the most secure / safest way to do this? I know can simply allow
>> SMTP access via the conf file. But is this not opening a can of worms by
>> doing that?
>>
>> Thanks in advance!
>>
>> Renen.
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
> For additional commands, e-mail: server-user-help@james.apache.org
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
> For additional commands, e-mail: server-user-help@james.apache.org
> 
> 



---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org


Mime
View raw message