[nzlug] Regarding: Postfix + SASL authen............

Sat Mar 1 16:23:04 NZDT 2008

Graham,

What you suggest doesn't address the query.

Me, I'd probably just set up smtp-auth and run the SMTP server on another 
port, to achieve what is specifically being asked.

The reason for doing it that way?  Could be a number of reasons, but off 
the top of my head, the ISP concerned is quite likely Xtra, and thus the 
'normal internet email' method would be to relay the traffic through 
smtp.xtra.co.nz.  This of course puts a third party in the loop and makes 
the process invisible to you, and reliant on Xtra's reliability as a mail 
delivery agent.  They don't have the best track record, so I understand 
the desire to keep it in-house.

SMTP-Auth on a non-standard port would seem easiest, have I overlooked 
some reason that isn't an option? (Ok, its a daemon and not a mail client 
but surely this can be worked around...)

Another one may be smtp-after-pop type mechanisms, have the box connect to 
a dummy pop3 account every 15 minutes and rig it up so the IP that does so 
successfully is allowed to relay through you (on your non standard port) 
for a given period (say 35 minutes... just over two pop3 intervals) 
afterward.

Mark.

On Sat, 1 Mar 2008, graham dixon wrote:

> It is a strange ISP that doesn't allow emails !
> Why not just send the email through normal internet email ?
> (K.I.S.)
> cheers
> Graham
> =======================================
>
> Message: 5
> Date: Thu, 28 Feb 2008 20:42:07 +1300
> From: Philip Murray <pmurray at nevada.net.nz>
> Subject: Re: [nzlug] Postfix + SASL authencation to another Postfix
> To: NZLUG Mailing List <nzlug at linux.net.nz>
> Message-ID: <DB811EEE-7DB8-4644-8B67-3BB6DF82B047 at nevada.net.nz>
> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes
>
>
> On 28/02/2008, at 5:59 PM, Chris Hodgetts wrote:
>
>> Hey,
>>
>> I was wondering, if anyone knows how to do this?
>>
>> I have a machine outside my network, the ISP it's connected to blocks
>> port 25. (and has a non-static public address).
>>
>> I want the postfix instance on it to connect back to our primary
>> postfix
>> server(on a static IP), on another port, and authenticate via sasl so
>> this box can deliver messages back to us here in the office.
>>
>> Postfix on the hostile network is only listening to 127.0.0.1, and in
>> reality the only mail from this box will be log checks, and so forth,
>> standard admin emails.
>>
>> If the remote box had a static IP I would just add that address to
>> mynetworks but as it doesn't, I thought this could be a good way to
> do
>> it.
>>
>> Unless anyone has any other suggestions...
>>
>
> My other suggestion is to do it with an SSL client certificate. On
> your primary postfix, add another smtp transport (in master.cf, on
> whatever port is appropriate) and use the option
>
> smtpd_client_restrictions = check_ccert_access, ...etc...
>
> And add the certificate fingerprint to whatever access(5) table you
> want to use.
>
> On the client postfix, just configure it to send outbound email with
> your shiny new SSL cert.
>
> Digging around postconf(5) should give you all the options you need
>
> Cheers
>
>
> Send instant messages to your online friends http://au.messenger.yahoo.com
> _______________________________________________
> NZLUG mailing list NZLUG at linux.net.nz
> http://www.linux.net.nz/cgi-bin/mailman/listinfo/nzlug
>