著者: John W. Baxter 日付: To: exim-users 題目: Re: [Exim] "transparent" smtp server
On 9/16/2003 3:46, "Chris Knipe" <savage@???> wrote:
> Yeah, it definately is. In SA (specific) most ISPs uses virtual dialup
> networks from other 1st tier providers. Obviously, the ISP (2nd tier)
> *MUST* use auth to allow only *their* customers to relay their email via the
> ISPs mail servers
Well, no. Two alternatives come to mind (not counting the third: using the
SMTP server provided by the modem provider...that happens too).
1. ISP tells the modem provider what SMTP server(s) to allow (by IP) for a
given realm, and modem provider applies suitable filters (in the NAS and/or
a convenient router: NAS is probably easier, since it's trivial RADIUS
stuff) on connections established for that realm; or
2. ISP sends filter reply items with the authentication accepted RADIUS
reply for its realm, which the modem provider (possibly through an
intermediate proxy along the way) applies to the port in the NAS.
We're using instances of each of 1 and 2...both are working except that 2 is
breaking down in Miami and Ft Lauderdale, Florida, where the modem provider
is letting an ISP get away without supplying proper filters: on those IP
pools we're requiring authentication.
Authentication would be nice. As soon as Netscape 4 and earlier go away
(Netscape 4 requires a password at the first attempted send each time it is
started up, and users "resist"*), we'd like to require authentication. But
by then some other MUA will come into use which doesn't speak SMTP AUTH the
way Exim does. Sigh!
And, of course, Netscape 4 insists on authenticating if it is advertised,
while the sensible clients refuse to try if it is not advertised.
--John
* Resistance in this case means screaming and switching providers.