Note: This content is accessible to all versions of every browser. However, this browser may not support basic Web standards, preventing the display of our site's design details. We support the mission of the Web Standards Project in the campaign encouraging users to upgrade their browsers.
Saturday, March 06, 2004 11:17 // Symbion, Copenhagen, Denmark // href
by Patrick Koetter
How to support mobile users to use your server as a mail relay. IP based restrictions do not work as the mobile users will have random IP addresses.
SMTP AUTH
Using Cyrus SASL2 and OpenSSL together with Postfix. You can configure postfix such that it allows relaying access for users who are properly authenticated. Most mail clients support snmtp authentication.
The problematic thing is to properly configure SASL. Get the CVS version as it is less buggy then the official 2.1.17, it even has some minimal documentation.
SASL configuration is governed by a config file called the same as the program using the sasl library. In our case this is smtpd.conf.
If you use SASL with plaintext passwords, make sure it only allows AUTH when TLS is in operation.
Check out Patricks howto on this (postfix.state-of-mind.de ...)
Certificate based Relaying
For people running mobile Unix it is possible to setup a local mailserver which just forwards all mail to the official mailserver of your site. By configuring the postfix smtp daemon to use TLS on the client, and you store the clients cert on the server. Now configure the server to ask clients for a certificate when they connect. If a client submits a vlid (known) certificate it will be allowed to relay even if it has an ip number outside the local network.
The cool thing about this is, that now any program on the mobile unix client can send mail via the local mail server to the company mailserver without further problem.
Content © by Tobias Oetiker