sendmail authentication: correction

sendmail authentication: correction

[Chuck Hallenbeck]

The other day I posted a link I thought might help me figure out
how to send my mail to an email service that requires an
authenticated smtp connection. It turns out the link I sent was
not helpful. It was aimed at configuring sendmail so that it
required an authenticating client, and what I needed was to
configure my own sendmail as such an authenticating client to
another smtp server that required one.

If that is confusing, imagine how I feel about it! <smile>

Anyway forget about http://www.jonfullmer.com/smtpauth/
unless you want to configure your own sendmail so that it
requires authentication of originating senders.

Chuck



-- 
The Moon is Waning Crescent (41% of Full)
So visit me sometime at http://www.mhonline.net/~chuckh
My public key is also posted there.

Re: sendmail authentication: correction

[Janina Sajka]

I understand, Chuck. It's a bit like "Who's On First."


Chuck Hallenbeck writes:
> From: Chuck Hallenbeck <chuckh@sent.com>
> 
> The other day I posted a link I thought might help me figure out
> how to send my mail to an email service that requires an
> authenticated smtp connection. It turns out the link I sent was
> not helpful. It was aimed at configuring sendmail so that it
> required an authenticating client, and what I needed was to
> configure my own sendmail as such an authenticating client to
> another smtp server that required one.
> 
> If that is confusing, imagine how I feel about it! <smile>
> 
> Anyway forget about http://www.jonfullmer.com/smtpauth/
> unless you want to configure your own sendmail so that it
> requires authentication of originating senders.
> 
> Chuck
> 
> 
> 
> -- 
> The Moon is Waning Crescent (41% of Full)
> So visit me sometime at http://www.mhonline.net/~chuckh
> My public key is also posted there.
> 
> 
> _______________________________________________
> Speakup mailing list
> Speakup@braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup

-- 
	
				Janina Sajka, Director
				Technology Research and Development
				Governmental Relations Group
				American Foundation for the Blind (AFB)

Email: janina@afb.net		Phone: (202) 408-8175

Re: sendmail authentication: correction

[Andrew Hodgson]

Chuck Hallenbeck in
<Pine.LNX.4.44.0306220952220.3048-100000@Champion.sent.com>:

>The other day I posted a link I thought might help me figure out
>how to send my mail to an email service that requires an
>authenticated smtp connection. It turns out the link I sent was
>not helpful. It was aimed at configuring sendmail so that it
>required an authenticating client, and what I needed was to
>configure my own sendmail as such an authenticating client to
>another smtp server that required one.

I take it there is a reason you can't do direct end-to-end delivery
using your copy of Sendmail?

Andrew.
-- 
Andrew Hodgson, Bromyard, Herefordshire, UK.
Email: Andrew@hodgsonfamily.org

Re: sendmail authentication: correction

[Adam Myrow]

On Sun, 22 Jun 2003, Andrew Hodgson wrote:

> I take it there is a reason you can't do direct end-to-end delivery
> using your copy of Sendmail?

Well, nobody should do that.  Before I really knew what I was doing with
Linux, that was what I attempted.  A large number of ISPS will bounce your
mail if you do that.  They consider it a security risk since spammers love
to use this method to send their garbage.

Re: sendmail authentication: correction

[Andrew Hodgson]

Adam Myrow in
<Pine.LNX.4.53.0306221042110.4421@homerun.midsouth.rr.com>:

>On Sun, 22 Jun 2003, Andrew Hodgson wrote:
>
>> I take it there is a reason you can't do direct end-to-end delivery
>> using your copy of Sendmail?
>
>Well, nobody should do that.  Before I really knew what I was doing with
>Linux, that was what I attempted.  A large number of ISPS will bounce your
>mail if you do that.  They consider it a security risk since spammers love
>to use this method to send their garbage.

Well this is how mail normally propergates around the Internet, so I
am not sure why we shouldn't be doing that.  I would rather ensure
that my mail gets delivered to its destination than to put the
responsability onto another machine.  I realise that some isps block
people who are on a dynamicip, but for people like mw who have a
static ip this is not an issue.

Andrew.
-- 
Andrew Hodgson, Bromyard, Herefordshire, UK.
Email: Andrew@hodgsonfamily.org

Re: sendmail authentication: correction

[Adam Myrow]

I think ISPS will block a dial-up or DHCP user who tries direct sending.
I assume that more people on this list are using such a setup than those
using a static IP.

Re: sendmail authentication: correction

[Chuck Hallenbeck]

Hi Andrew,

On Sun, 22 Jun 2003, Andrew Hodgson wrote:

> I take it there is a reason you can't do direct end-to-end delivery
> using your copy of Sendmail?

I am not sure I know what you mean by that. Here is the
situation:
I have an account on a service which does not have any dialup
access. I dial into my ISP to get to the net, and then what I
want to do is fetch my mail directly from the new service instead
of my ISP, which works fine, and send my mail to the smtp on the
new service instead of the smtp of my ISP. The difficulty is that
the new service expects me to authenticate and I am trying to
figure out how to do that. They let me send mail to other
addresses on their domain, but when I try sending mail through
the new service's smtp to someone outside their domain, such as
my own address at my ISP, the new service bounces it with error
554, relay not permitted.

I think I am getting close to a solution, but I am not there yet.
I have my sendmail configured to use the access data base and
have put "AuthInfo:" information in it, as the docs suggest, but
evidently that is not enough to inform my new service of who I
am.

At the moment I have finessed the problem by using my ISP's smtp
server with masquerading to make my "from" address look like it's
coming from the new service.

What I want to do if possible is to avoid my ISP's smtp and pop3
servers entirely, relying on the new service for smtp and imap
servers.

Chuck


-- 
The Moon is Waning Crescent (40% of Full)
So visit me sometime at http://www.mhonline.net/~chuckh
My public key is also posted there.

Re: sendmail authentication: correction

[Andrew Hodgson]

Chuck Hallenbeck in
<Pine.LNX.4.44.0306221245410.433-100000@Champion.sent.com>:

>Hi Andrew,
>
>On Sun, 22 Jun 2003, Andrew Hodgson wrote:
>
>> I take it there is a reason you can't do direct end-to-end delivery
>> using your copy of Sendmail?
>
>I am not sure I know what you mean by that. Here is the
>situation:
>I have an account on a service which does not have any dialup
>access. I dial into my ISP to get to the net, and then what I
>want to do is fetch my mail directly from the new service instead
>of my ISP, which works fine, and send my mail to the smtp on the
>new service instead of the smtp of my ISP. The difficulty is that
>the new service expects me to authenticate and I am trying to
>figure out how to do that. They let me send mail to other
>addresses on their domain, but when I try sending mail through
>the new service's smtp to someone outside their domain, such as
>my own address at my ISP, the new service bounces it with error
>554, relay not permitted.

Ok, but since you already have a full server, why not just use this
server to send messages out to the real world?  What Sendmail can do
for you is to look up the mx record of the domain of the recipient,
then send the mail directly to the smtp server specified in that
record.  For example, when I send this message to my MTA, it will then
look up the mx record for braille.uwo.ca, and send the message to the
host it finds there.  This would bypass both your isp's and the other
companies SMTP server for you.

If this is not an option for you, I will see if I can work out how to
get SM to do this on a test setup.

Andrew.
>
>I think I am getting close to a solution, but I am not there yet.
>I have my sendmail configured to use the access data base and
>have put "AuthInfo:" information in it, as the docs suggest, but
>evidently that is not enough to inform my new service of who I
>am.
>
>At the moment I have finessed the problem by using my ISP's smtp
>server with masquerading to make my "from" address look like it's
>coming from the new service.
>
>What I want to do if possible is to avoid my ISP's smtp and pop3
>servers entirely, relying on the new service for smtp and imap
>servers.
>
>Chuck

-- 
Andrew Hodgson, Bromyard, Herefordshire, UK.
Email: Andrew@hodgsonfamily.org

Re: sendmail authentication: correction

[Chuck Hallenbeck]

On Sun, 22 Jun 2003, Andrew Hodgson wrote:

> Ok, but since you already have a full server, why not just use this
> server to send messages out to the real world?  What Sendmail can do
> for you is to look up the mx record of the domain of the recipient,
> then send the mail directly to the smtp server specified in that
> record.  For example, when I send this message to my MTA, it will then
> look up the mx record for braille.uwo.ca, and send the message to the
> host it finds there.  This would bypass both your isp's and the other
> companies SMTP server for you.
>
> If this is not an option for you, I will see if I can work out how to
> get SM to do this on a test setup.


Okay, I get the picture. In other words my own sendmail might
have all the smarts and capabilities it needs without either my
ISP or the new service's smtp. If that works I guess I have got
it made. I think I know how to check that out. Let me think about
it a minute.

Chuck



-- 
The Moon is Waning Crescent (40% of Full)
So visit me sometime at http://www.mhonline.net/~chuckh
My public key is also posted there.

Re: sendmail authentication: correction

[Chuck Hallenbeck]

Hey! Andrew! It works!

Well I'll be damned! It works! I do not seem to need either the
smtp of my ISP or the smtp of the new service at all. For some
strange reason I had got into the habit of defining a "smart
host" in my sendmail configuration which forces all my outgoing
mail to be funneled through someone else's smtp service, when all
the while I have a perfectly capable full service smtp right here
on my own box!

Here is my acid proof test (tell me if I am mistaken):

(adult language follows)

My ISP novocon.net screens incoming and outgoing mail for
objectionable language, and when found, mail is bounced with
error 550: "Your spam is not welcome here"

I agree with Mark Twain that profanity provides a degree of relief
that is denied even to prayer, and furthermore I do not
appreciate filters perusing the contents of my incoming and
outgoing email.

Consequently when the phrase "enlarge your penis" appears in
email reaching my ISP, it is bye-bye email.

With "smart host" in sendmail set to "mail.novocon.net" (their
smtp) I get bounced when trying to send such a message (and
probably other phrases as well) but when I remove the "smart
host" configuration, I can send such messages without hindrance.

I guess I don't need authentication on my new service at all,
since obviously I am already authenticated to use my own
sendmail.

Many thanks for pointing that out, Andrew. I have been busting my
brain trying to solve a non-problem.

Chuck


-- 
The Moon is Waning Crescent (40% of Full)
So visit me sometime at http://www.mhonline.net/~chuckh
My public key is also posted there.

Why smart hosts are sometimes necessary was:Re: sendmail authentication: correction

[Thomas Stivers]

While being your own mail server works most of the time, there are
situations where you cannot get mail through from your dialup box. For
example AOL *shudder* doesn't allow in "spam" from dynamic addresses. One
good way to solve this is to set things up so that you can add domains
that require the use of your isp's smtp server to a file that is
examined by your mta and when mail is sent to these domains it goes
through your smart host. I am using exim not sendmail so I can't tell
you how to do this, but I am sure you will figure it out when you need
to send mail to AOL.

-- 
Unix is a user friendly operating system. It just picks its friends more
carefully than others.
Thomas Stivers	e-mail: stivers_t@tomass.dyndns.org	gpg: 45CBBABD

Re: Why smart hosts are sometimes necessary was:Re: sendmail authentication: correction

[Chuck Hallenbeck]

Hmmm -- Thanks, Thomas. I guess there is still a lot to learn.



-- 
The Moon is Waning Crescent (39% of Full)
So visit me sometime at http://www.mhonline.net/~chuckh
My public key is also posted there.

Re: sendmail authentication: correction

[Janina Sajka]

Except there's acatch ...

Since you're on a dialup connection, you have a different address, or
may well have a different one every time you connect. This will
definitely trigger a lot of bounced mail.

I know. I have the same problem when I'm on the road. So, when I'm
traveling, I no longer send mail directly--for this very reason.

Chuck Hallenbeck writes:
> From: Chuck Hallenbeck <chuckh@sent.com>
> 
> On Sun, 22 Jun 2003, Andrew Hodgson wrote:
> 
> > Ok, but since you already have a full server, why not just use this
> > server to send messages out to the real world?  What Sendmail can do
> > for you is to look up the mx record of the domain of the recipient,
> > then send the mail directly to the smtp server specified in that
> > record.  For example, when I send this message to my MTA, it will then
> > look up the mx record for braille.uwo.ca, and send the message to the
> > host it finds there.  This would bypass both your isp's and the other
> > companies SMTP server for you.
> >
> > If this is not an option for you, I will see if I can work out how to
> > get SM to do this on a test setup.
> 
> 
> Okay, I get the picture. In other words my own sendmail might
> have all the smarts and capabilities it needs without either my
> ISP or the new service's smtp. If that works I guess I have got
> it made. I think I know how to check that out. Let me think about
> it a minute.
> 
> Chuck
> 
> 
> 
> -- 
> The Moon is Waning Crescent (40% of Full)
> So visit me sometime at http://www.mhonline.net/~chuckh
> My public key is also posted there.
> 
> 
> _______________________________________________
> Speakup mailing list
> Speakup@braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup

-- 
	
				Janina Sajka, Director
				Technology Research and Development
				Governmental Relations Group
				American Foundation for the Blind (AFB)

Email: janina@afb.net		Phone: (202) 408-8175

Re: sendmail authentication: correction

[Janina Sajka]

But, if it works for your setup, Chuck, I sure wouldn't fix it! <grin>


Chuck Hallenbeck writes:
> From: Chuck Hallenbeck <chuckh@sent.com>
> 
> Hey! Andrew! It works!
> 
> Well I'll be damned! It works! I do not seem to need either the
> smtp of my ISP or the smtp of the new service at all. For some
> strange reason I had got into the habit of defining a "smart
> host" in my sendmail configuration which forces all my outgoing
> mail to be funneled through someone else's smtp service, when all
> the while I have a perfectly capable full service smtp right here
> on my own box!
> 
> Here is my acid proof test (tell me if I am mistaken):
> 
> (adult language follows)
> 
> My ISP novocon.net screens incoming and outgoing mail for
> objectionable language, and when found, mail is bounced with
> error 550: "Your spam is not welcome here"
> 
> I agree with Mark Twain that profanity provides a degree of relief
> that is denied even to prayer, and furthermore I do not
> appreciate filters perusing the contents of my incoming and
> outgoing email.
> 
> Consequently when the phrase "enlarge your penis" appears in
> email reaching my ISP, it is bye-bye email.
> 
> With "smart host" in sendmail set to "mail.novocon.net" (their
> smtp) I get bounced when trying to send such a message (and
> probably other phrases as well) but when I remove the "smart
> host" configuration, I can send such messages without hindrance.
> 
> I guess I don't need authentication on my new service at all,
> since obviously I am already authenticated to use my own
> sendmail.
> 
> Many thanks for pointing that out, Andrew. I have been busting my
> brain trying to solve a non-problem.
> 
> Chuck
> 
> 
> -- 
> The Moon is Waning Crescent (40% of Full)
> So visit me sometime at http://www.mhonline.net/~chuckh
> My public key is also posted there.
> 
> 
> _______________________________________________
> Speakup mailing list
> Speakup@braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup

-- 
	
				Janina Sajka, Director
				Technology Research and Development
				Governmental Relations Group
				American Foundation for the Blind (AFB)

Email: janina@afb.net		Phone: (202) 408-8175

Re: sendmail authentication: correction

[Steve Holmes]

I have had at least two ISP's do this a while back when I had dial-up
accounts.  But I must say that the default configurations for sendmail
in Slackware do direct sending and make no mention of smart hosting.
In fact, I used to smart host my mail to earthlink, the default mail
host for Sprint Brod Band and Earthlink's DNS would not resolve
properly for mail being sent to the speakup list.  I had to go back to
direct sending of my mail since Sprint's local DNS's were properly
configured and my mail would get through this way.

So now, all my "inside" machines on my LAN use a "smart host" to my
router/mailer, now running Slackware 9 and that machine dies a direct
send as I just mentioned.  I have Exim running on all my linux boxes
and life is good:).

On Sun, Jun 22, 2003 at 11:10:19AM -0500, Adam Myrow wrote:
> I think ISPS will block a dial-up or DHCP user who tries direct sending.
> I assume that more people on this list are using such a setup than those
> using a static IP.
> 
> 
> _______________________________________________
> Speakup mailing list
> Speakup@braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup

-- 
Please avoid sending me Word or PowerPoint attachments.
   See http://www.fsf.org/philosophy/no-word-attachments.html

Re: sendmail authentication: correction

[John covici]

I have always done direct sending and have had a couple of domains
block it -- whereupon I used the sendmail mailertable to tell
sendmail to use my isp's outgoing smtp machine, but the rest I do
directly.

on Sunday 06/22/2003 Steve Holmes(steve@holmesgrown.com) wrote
 > I have had at least two ISP's do this a while back when I had dial-up
 > accounts.  But I must say that the default configurations for sendmail
 > in Slackware do direct sending and make no mention of smart hosting.
 > In fact, I used to smart host my mail to earthlink, the default mail
 > host for Sprint Brod Band and Earthlink's DNS would not resolve
 > properly for mail being sent to the speakup list.  I had to go back to
 > direct sending of my mail since Sprint's local DNS's were properly
 > configured and my mail would get through this way.
 > 
 > So now, all my "inside" machines on my LAN use a "smart host" to my
 > router/mailer, now running Slackware 9 and that machine dies a direct
 > send as I just mentioned.  I have Exim running on all my linux boxes
 > and life is good:).
 > 
 > On Sun, Jun 22, 2003 at 11:10:19AM -0500, Adam Myrow wrote:
 > > I think ISPS will block a dial-up or DHCP user who tries direct sending.
 > > I assume that more people on this list are using such a setup than those
 > > using a static IP.
 > > 
 > > 
 > > _______________________________________________
 > > Speakup mailing list
 > > Speakup@braille.uwo.ca
 > > http://speech.braille.uwo.ca/mailman/listinfo/speakup
 > 
 > -- 
 > Please avoid sending me Word or PowerPoint attachments.
 >    See http://www.fsf.org/philosophy/no-word-attachments.html
 > 
 > _______________________________________________
 > Speakup mailing list
 > Speakup@braille.uwo.ca
 > http://speech.braille.uwo.ca/mailman/listinfo/speakup

-- 
         John Covici
         covici@ccs.covici.com

RE: sendmail authentication: correction

[Steven M. Sawczyn]

Actually, I appreciate the link you did send as I'm trying to configure
my server to allow authenticated relaying.

Steve


-----Original Message-----
From: speakup-admin@braille.uwo.ca 
[mailto:speakup-admin@braille.uwo.ca] On Behalf Of Chuck Hallenbeck
Sent: Sunday, June 22, 2003 9:57 AM
To: Speakup Distribution List
Subject: sendmail authentication: correction


The other day I posted a link I thought might help me figure out
how to send my mail to an email service that requires an
authenticated smtp connection. It turns out the link I sent was
not helpful. It was aimed at configuring sendmail so that it
required an authenticating client, and what I needed was to
configure my own sendmail as such an authenticating client to
another smtp server that required one.

If that is confusing, imagine how I feel about it! <smile>

Anyway forget about http://www.jonfullmer.com/smtpauth/
unless you want to configure your own sendmail so that it
requires authentication of originating senders.

Chuck



-- 
The Moon is Waning Crescent (41% of Full)
So visit me sometime at http://www.mhonline.net/~chuckh
My public key is also posted there.


_______________________________________________
Speakup mailing list
Speakup@braille.uwo.ca
http://speech.braille.uwo.ca/mailman/listinfo/speakup

RE: sendmail authentication: correction

[Chuck Hallenbeck]

Hi Steve,

The article was extremely well done, it was just not what I
needed. I think my problem is that I am trying to get started
with "plain text" authentication to my email provider, but they
require a secure encrypted mechanism, so I will have to go the
extra mile and implement the security infrastructure they
require. Meanwhile I have a "Plan B" which seems to fill the bill
so far.

Chuck

On Tue, 24 Jun 2003, Steven M. Sawczyn wrote:

> Actually, I appreciate the link you did send as I'm trying to configure
> my server to allow authenticated relaying.
>
> Steve
>


-- 
The Moon is Waning Crescent (21% of Full)
So visit me sometime at http://www.mhonline.net/~chuckh
My public key is also posted there.

Re: sendmail authentication: correction

[Toby Fisher]

On Sun, 22 Jun 2003, Adam Myrow wrote:

> On Sun, 22 Jun 2003, Andrew Hodgson wrote:
>
> > I take it there is a reason you can't do direct end-to-end delivery
> > using your copy of Sendmail?
>
> Well, nobody should do that.  Before I really knew what I was doing with
> Linux, that was what I attempted.  A large number of ISPS will bounce your
> mail if you do that.  They consider it a security risk since spammers love
> to use this method to send their garbage.

Only if you're on dial-up.  If you have a static ip address, then it's
kind of expected that you might want to consider doing your own mail
deliveries.

Cheers.

-- 
Toby Fisher	Email: toby@tjfisher.co.uk
Tel.: +44(0)1480 417272	Mobile: +44(0)7974 363239
ICQ: #61744808
   Please avoid sending me Word or PowerPoint attachments.
   See http://www.fsf.org/philosophy/no-word-attachments.html