[nzlug] Regarding: Postfix + SASL authen............

[Steve Holdoway]

On Sat, 01 Mar 2008 20:04:46 +1300
Chris Hodgetts <chris at archnetnz.com> wrote:

> Kinda not giving too much away...
> 
> Remote host is in some other country, not New Zealand.
> The ISP it's on allocates Dynamic IP, so I cant allow just one IP
> address to relay....
But you can allow a static name to relay? noip to the rescue? The only problem is if you aren't in control of the destination mail server, they may well be dumping mail from dynamic email addresses.
> 
> The ISP also appears to block port 25 out, so I cant just send mail from
> it, to somewhere else....
You're probably supposed to be sending mail via their smart hosts - a good idea anyway... see above. There's no way an isp will be completely denying mailing services. However, what you're trying to do is easy enough with sendmail - so should be with postfix. What I have done in the past is to forward the email address to a relay using a non-standard port for that particular user, then restore to port 25 at the destination firewall, rather than have multiple 'listeners' running. Just use starttls and you should be secure enough??
> 
> I only have one port 'pinholed' to this box from the external address,
> and it's a bit of a mission to get anything else forwarded.
> 
> Hence, why I though I might be able to get Postfix to give an
> authentication username and password, as this is already working on the
> "primary" box.
> 
> I have not attempted to do the SSL cert thing, I have just not had time.
I think you'll find certifcates are simpler and easier to manage. Even if thet're self-signed, they'll be providing you with encryption.

hth,

Steve
-- 
Steve Holdoway <steve at greengecko.co.nz>