Graeme Fowler wrote:
> Apologies in advance for the slightly obtuse answer, which will no doubt
> raise hackles, but you'll understand why in a moment...
>
> On Wed, 2009-05-20 at 09:12 -0400, B. Cook wrote:
>> Is it possible?
>
> Yes.
>
>> Does it work?
>
> Yes.
>
> How it works depends entirely on context - when you say "local account",
> do you mean:
>
> a. an account with shell access to the system sending mail via the
> "mail" binary, or equivalent?
>
> b. an account with which a user can send authenticated SMTP from a
> remote client?
>
> c. an account used for webmail, where the webmail application lives on
> the same machine and sends via SMTP to the local SMTP daemon?
>
> d. as (c) but using local input via (for example) PHP libraries or by
> calling the "mail" binary itself?
>
> This is an important distinction, because the way you would achieve rate
> limiting will differ (the position within your ACL flow will differ, for
> one) depending on how the mail is injected.
>
> Graeme
>
>
Hello (and thank you)
This was a squirrel mail account (webmail) where the imap server and
smtp server all live on the same machine.
below is info from the squirrelmail config..
SMTP Settings
-------------
4. SMTP Server : localhost
5. SMTP Port : 25
6. POP before SMTP : false
7. SMTP Authentication : none
8. Secure SMTP (TLS) : false
9. Header encryption key :
A. Update IMAP Settings : localhost:143 (dovecot)
H. Hide SMTP Settings
And here is the (seemingly relevant portion) of the configure..
acl_check_rcpt:
require verify = sender/callout
require verify = recipient/callout
accept authenticated = *
control = submission/domain=
warn
ratelimit = 0 / 1d / strict
log_message = Sender rate $sender_rate > $sender_rate_limit /
$sender_rate_period / $authenticated_id
accept hosts = +relay_from_hosts
control = submission/domain=
drop message = sorry, relay by your ip is not permitted.\n \
You should setup smtp authentication.\n \
Please call PHONENUMBER if you need assistance.
log_message = relay not permitted
(and further down in the config.. )
begin authenticators
login:
driver = dovecot
public_name = LOGIN
server_socket = /var/run/dovecot/auth-client
server_set_id = $1
plain:
driver = dovecot
public_name = PLAIN
server_socket = /var/run/dovecot/auth-client
server_set_id = $1
(dovecot config..)
auth default {
mechanisms = plain login
user = vpopmail
passdb vpopmail {
}
userdb vpopmail {
}
socket listen {
client {
path = /var/run/dovecot/auth-client
mode = 0666
}
}
}
(some words about how it works.. )
we are running vpopmail as the main system where the mailboxes live.
(this gets the mail to them..)
begin routers
localhost:
transport = remote_smtp
driver = manualroute
route_list = +localqmail 127.0.0.1::8125
self = send
domainlist localqmail = lsearch;/var/qmail/control/rcpthosts
so what happens is this..
when people auth to squirrelmail they do not use their full email
address just username / password.
Smtp auth needs full email address / password.. so I've asked all 1k
teachers to use their email address to login (which didn't happen) so
that I could set the mailserver to do smtp auth when they relay.. (like
I said that didn't happen)
So unless I can figure out a way to "do the auth one way" when they use
webmail and "do the auth another way" when they remote smtp.. I am stuck
using relaying by IP (127.0.0.1).
Does that make sense?
