Re: [Exim] SMTP

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Dennis Davis
Date:  
À: exim-users
Sujet: Re: [Exim] SMTP
>From: Ron McKeating <R.J.Mckeating@???>
>To: "Exim-Users (E-mail)" <exim-users@???>
>Subject: [Exim] SMTP
>Date: Wed, 30 Jun 2004 12:40:32 +0100
>
>I am trying very hard to make the case to our management that
>we should do authenticated smtp through our servers from off
>campus. The response I am getting is "What do others do?".


We offer this on our outward facing mail servers. Brief details are
at:

http://www.bath.ac.uk/bucs/email/offcampus.shtml

but these details do need expanding. For example, there's no
details of client configuration. We do need to document this better
as I would like to push this service a bit harder than we do now.

>In general is that the accepted way of doing things. Is that the
>'only' proper way to allow your users to route through your servers
>from off site.


Alternatives include webmail and offering a VPN service. We offer
both. Our webmail service is on:

https://webmail.bath.ac.uk/

and details of VPN are at:

http://www.bath.ac.uk/bucs/ad/vpn/

Users can also ssh into one of our unix servers and then use pine.

>We obviously do not wish to be an open relay, and I have already
>issued dire warnings of blacklisting if we do it any other way.


Quite. It's bad enough when the useless oiks at SpamCop can't
analyse trace information and falsely accuse you of being the source
of spam. I've seen outside mail servers blacklisted withing a few
short hours of being brought into service. Just because they're an
open relay.

>We have bought wildcard (multiple domains on one certificate) ssl
>certificates from geotrust so it will all be encrypted.


We got ours (Common Name: smtphost.bath.ac.uk) from Thawte. The
exim daemon on smtphost.bath.ac.uk listens on both port 25 (SMTP)
and 587 (MSA). I use a different acl_smtp_rcpt for each port. The
acl_smtp_rcpt for port 587 is somewhat simpler (eg no RBLs). I
insist on high or medium grade TLS ciphers. Authentication is
against our kerberos server using the Cyrus saslauthd.

Judging from comments in this thread it looks like I might have to
set up an exim daemon listening on port 465 (SMTPS). I'd hoped to
avoid this.