Mailing List CGatePro@mail.stalker.com Message #92258
From: Nicolas Hatier <nicolas.hatier@niversoft.com>
Subject: Re: port 587 and authentication
Date: Thu, 16 Aug 2007 13:24:38 -0400
To: CommuniGate Pro Discussions <CGatePro@mail.stalker.com>
> Without authentication your server is an open relay

Sorry, but that's not true. By default, CGP will not accept a message with a local return-path and a non-local recipient without a form of authentication, regardless of the Force SMTP Auth setting. In this case, the authentication can be standard SMTP auth, being a client IP, or being a temp client IP (after authenticating for POP or IMAP, for instance).

When Force SMTP Auth: Everybody is used, anyone sending a message with a local return-path must authenticate first through SMTP auth. Being a client IP will not change that.

Force SMTP Auth is a good setting to prevent impersonation, but is not required to prevent running an open relay.

Regards
Nicolas Hatier

James Moe wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Karl Zander wrote:
  
So, in short - you don't need to configure SMTP Auth at 
all. Just configure these SMTP Listener ports:

Port     Init SSL/TLS
----------------------
25       off
465      on
587      off

And you're ready to go...
      
I'm confused....for a domain, the Domain Settings offer an 
option to "Force SMTP AUTH for:" for nobody, non-clients, 
clients, everybody.  Is that not forcing the use of SMTP 
AUTH if non-clients, clients or everybody is selected?

    
  You are confusing authentication with encryption. The above
configuration decides if a port expects an encrypted session or simply
offers it as an option.
  SMTP AUTH is requiring the client to offer a username and password to
authenticate itself to the server. Without authentication your server is
an open relay.

- --
jimoe (at) sohnen-moe (dot) com

  

--

Nicolas Hatier
Niversoft idées logicielles
http://www.niversoft.com


Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster