Centos 5.x again...
Is there a way to limit port access on a per-user basis? My practical goal is to limit, who is allowed to use SMTP AUTH in Sendmail. Any possible solutions appreciated...
Obviously, limiting by ip will not work, since the very purpose of SMTP AUTH is to enable mail relaying for trusted users from *anywhere*.
- Jussi
-- Jussi Hirvi * Green Spot Topeliuksenkatu 15 C * 00250 Helsinki * Finland Tel. & fax +358 9 493 981 * Mobile +358 40 771 2098 (only sms) jussi.hirvi@greenspot.fi * http://www.greenspot.fi
Jussi Hirvi schrieb:
Centos 5.x again...
Is there a way to limit port access on a per-user basis? My practical goal is to limit, who is allowed to use SMTP AUTH in Sendmail. Any possible solutions appreciated...
Obviously, limiting by ip will not work, since the very purpose of SMTP AUTH is to enable mail relaying for trusted users from *anywhere*.
- Jussi
Pretty simple. If your intention is to define SMTP AUTH usage independent from shell access (i.e. by SSH) - side node: really think about whether it is a good idea to have user logins on your mail server - you should use sasldb as your SASL backend. You have to create the sasldb manually and this way you control who is permitted to relay remotely.
Alexander
Alexander Dalloz (ad+lists@uni-x.org) kirjoitteli (21.8.2008 14:46):
Pretty simple. If your intention is to define SMTP AUTH usage independent from shell access (i.e. by SSH)
Yes, though ssh access is not used by many users on this mail server. The important thing is to allow for *all users* relaying from port 25 without AUTH (of course as limited by the access list etc.).
- side node: really think
about whether it is a good idea to have user logins on your mail server
Do you mean ssh logins? I could actually consider limiting that. The easiest way would probably be to edit (or remove) the shell declatarions in /etc/passwd.
- you should use sasldb as your SASL backend. You have to create the
sasldb manually and this way you control who is permitted to relay remotely.
Ok, thanks I will take a look at this soon.
- Jussi
-- Jussi Hirvi * Green Spot Topeliuksenkatu 15 C * 00250 Helsinki * Finland Tel. & fax +358 9 493 981 * Mobile +358 40 771 2098 (only sms) jussi.hirvi@greenspot.fi * http://www.greenspot.fi
Jussi Hirvi wrote:
Is there a way to limit port access on a per-user basis? My practical goal is to limit, who is allowed to use SMTP AUTH in Sendmail. Any possible solutions appreciated...
Obviously, limiting by ip will not work, since the very purpose of SMTP AUTH is to enable mail relaying for trusted users from *anywhere*.
You could use new ability of milter-greylist (from 4.0 version), that provides method to limit connections by any criteria, such as remote ip, sender/recipient address, authentication status and many more. You could extend configuration by using external helper, that can be reached by, for example, ldap or http protocols.
-
Alexander Dalloz -
Jussi Hirvi -
Sergey Podushkin