[CentOS] sendmail - smtp security/authentication & port 587 issues

Alexander Dalloz ad+lists at uni-x.org
Sat Jun 25 22:08:10 UTC 2011


Am 25.06.2011 23:50, schrieb Max Pyziur:
> 
> Greetings,
> 
> I'm refining a CentOs configuration installation, now just over one month 
> old running on a colocated production server. Previously, we ran a version 
> of Fedora for over seven years.
> 
> Specifically, I'm reviewing our sendmail configuration, both with respect 
> to authentication and port usage.
> 
> Previously, we had the following line in the sendmail.mc line:
> define(`confAUTH_MECHANISMS', `DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl

Though defined, you seem not to have made use of it; no SMTP AUTH in
your description of the previous setup.

> To authenticate, users would first have to POP their mail.
> 
> A klunky script would scan appropriate log files and copy relevant IP 
> addresses to the /etc/mail/access file that would be regenerated every 
> 5 minutes via cron.
> 
> Once the IP address was in the /etc/mail/access.db a user could be 
> authenticated and be allowed to send email using the machine as smtp.

That sounds as a poor version of POP-before-SMTP. Which mechanism
deletes the IP from the access_db?

By no means SMTP AUTH was used, just plain relay permission based on the
access_db.

> Is there a better way of doing this?

Definitely.

> Port 587 issues:
> Verizon DSL filters out requests on port 25 to smtp servers not belonging 
> to verizon.net. An alternative is to use port 587 for smtp purposes.
> 
> Are there any views in this CentOs user community on this?

Yes, configure SMTP AUTH and offer the submission service to the users.
Everything is prepared and documented within the sendmail.mc CentOS
ships with. You just have to think about which backend SASL shall use to
verify auth credentials.

> Much thanks.
> 
> Max Pyziur
> pyz at brama.com

Alexander




More information about the CentOS mailing list