Re: opendkim and sendmail starttls auth

From: Philippe TEMESI <philippe.temesi_at_gmail.com>
Date: Thu, 07 Jun 2012 11:40:08 +0200

Hi,

No It's not an open relay of course.
Users authenticate with a local sasldb. This is the most basic
authentication method with Sendmail... without ldap, etc.

I wonder why OpenDKIM does not detect that.

The IP address cannot be listed in InternalHosts as users may send mail
from everywhere (after authentication!).

Kind regards,

Philippe

On 7/06/2012 11:29, SM wrote:
> Hi Philippe,
> At 00:44 07-06-2012, Philippe TEMESI wrote:
>> My sendmail MTA is configured to relay authenticated users (sasldb,
>> etc).
>> I'm wondering what's the correct way to handle this with OpeDKIM.
>>
>> When a user sends an email OpenDKIM does not sign it as user is
>> relaying from an external IP.
>> I have no way to include the external IPs in my configuration.
>> The users may connect from everywhere, from a WiFi hotspot, from
>> home, etc.
>>
>> Does OpenDKIM make a difference between a basic relay and an
>> authenticated relay?
>
> Yes it does. OpenDKIM will detect that the message was an
> authenticated submission.
>
>> For the moment I've got something like 'external host [1.2.3.4]
>> attempted to send as domain.com' in sendmail's logs (it's an example
>> of course) whenever a user sends an email from outside.
>
> That's because the IP address is not listed in the InternalHosts dataset.
>
> Are you operating an open relay or do you have specific rules to allow
> a user to relay through your mail server?
>
> Regards,
> -sm
Received on Thu Jun 07 2012 - 09:40:27 PST

This archive was generated by hypermail 2.3.0 : Mon Oct 29 2012 - 23:20:40 PST