Rejecting clients that are not valid users only

Paul Bender pbender at qualcomm.com
Tue Jan 20 09:23:54 EST 2004


In order to allow my Cyrus IMAP mail users to send mail from anywhere, I
have configured sendmail so that any user that authenticates
successfully using SMTP AUTH is allowed to relay email. Since both Cyrus
IMAP and sendmail use SASL, my Cyrus IMAP mail users are able to
authenticate.

Since most of my Cyrus users send their passwords in the clear, I have
enabled START_TLS and SSL (using stunnel) in sendmail. Finally, I have
sendmail listen on the standard MSA port rather than the standard MTA
port for authenticated access.

On Tue, 2004-01-20 at 01:35, Troy McKinnon wrote:
> I am basically trying to configure my mail system so:
> 
> 1) remote clients (cyrus mail users) can send from any location to any
> location with no restrictions
> 2) incoming mail will be routed to local users (i.e. if it is final
> destination)... from anywhere
> 
> I want my remote clients to be able to send whereever from whereever they
> may be but I want to protect myself from ppl (Non users) just using my
> server to send email.
> 
> While looking in my logs I noticed however that I was getting the following
> error:
> 
> NOQUEUE: reject: RCPT from unknown[xxx.xxx.xxx.xxx]: 450 Client host
> rejected: cannot find your hostname, [xxx.xxx.xxx.xxx];
> from=<troy at mydomain.com> to=<troy at myotherdomain.com> proto=ESMTP
> helo=<xxx.someotherdomain.com>
> 
> I found this possible solution:
> 
> http://mail-archives.engardelinux.org/engarde-users/2001/Aug/0132.html
> 
> i.e. the removal of:   smtpd_client_restrictions = reject_unknown_client
> 
> I am not sure if I like that solution.  Will that basically give me what I
> am looking for? I don't want my users to not receive email from someone just
> because their mail servers reverse lookup was not set up correctly. I want
> to make sure they get all the email sent to them.  But I only want my cyrus
> users to be able to send or relay email thru my system.
> 
> What setting should I set for this?
> 
> 
> ALSO!! :) while I am on the subject...
> 
> Is there a way to have any rejected email for any of my virtual domains, to
> any user be directed to my postmaster account... if it fails to find a valid
> match elsewhere?
> 
> 
> 





More information about the Info-cyrus mailing list