Re: poprelayd and sendmail relay authentication problem (Cobalt Raq3)

[Walter Reed <walt () hubinternet com>]

On Mon, Jul 09, 2001 at 06:59:04PM +0100, Jason Clifford wrote:
> On Sat, 7 Jul 2001, Chris Adams wrote:
>
> > Better yet, have your POP daemon update the access file directly, and
> > then you don't have any of the hokey "tail the log file" stuff going on
> > at all.  All you need to add is a daemon to remove entries from the
> > access file.
>
> All of which is an awful horrendous hack.
>
> SMTP AUTH is fairly easy to implement. It's reliable. You don't have to
> worry about IPs being accidentally left in a hash resulting in unwanted
> relaying and you can properly trace the sender of mails.

Actually, I've found SMTP AUTH rather a pain to get right. You have to get a
number of different packages (sasl, openssl, etc.) figure out how to get all
the configure options right, build in the right order, beat sendmail over the
head to get things linked right, etc. Now get the thing to authenticate with an
NT domain controller. This is far from trivial and the howto is weak. I haven't
had the several days it takes to get it working. I don't quite know how I'm
going to do the NT dom auth yet, maybe through a pam module. Anyone do this
already?

Sendmail / postfix / etc need to integrate SMTP AUTH into the base rather than
the add-on mess we have. It needs to be the default. This may help combat
the open-relay disease we have today as well.