Hi group.

First of all.  I have read the FAQ and RTFM but I am still lost!

Setup:
Debian Sarge, Sendmail, Dovecot.

What I want:
I want to be able to use the server to send and receive mail using any
computer with an email client configured.  I want it secure so my IP
does not get blacklisted because of spam relaying.

Problem:
Logged in via SSH I can send and receive mail fine from the terminal.
Trying to setup client access via Outlook though is proving horrible.
I send a mail and I get one back immediately saying " 550 5.7.1
<XXXXXXXXXXXX>... Relaying denied"


Please help, I am going nuts.  I have been trying to solve this for
days and I have got no closer.  The manuals and FAQ do not make much
sense to me.  Thanks in advance.

(The XX's being the email address I am trying to send to.)

[ Post a follow-up to this message ]

OK, I added the lines:

define(`confAUTH_OPTIONS', `A')dnl
TRUST_AUTH_MECH(`DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl

to sendmail.cf and remade the file.  Now i get the error:

"Relaying denied. Proper authentication required."


Am I any closer or am I just making this worse??!!

[ Post a follow-up to this message ]

p.s. I have set the authentication to be the same as the incoming
server for the outgoing server.

[ Post a follow-up to this message ]

On Wed, 31 Aug 2005 13:16:48 -0700, google_groups3 wrote:


> Problem:
> Logged in via SSH I can send and receive mail fine from the terminal.
> Trying to setup client access via Outlook though is proving horrible. I
> send a mail and I get one back immediately saying " 550 5.7.1
> <XXXXXXXXXXXX>... Relaying denied"

Somewhere in your Sendmail configuration will be a parameter or parameters
that specify who is allowed to relay mail.  (Sorry, I'm not familiar with
the specifics of Sendmail).  Normally it's set to include the ip addresses
of the local lan only.  You want to be very careful not to allow spammers
to relay mail.

When you ssh to the machine, you're sending from the ip address of the
same machine where Sendmail is installed, so there is no problem.  When
you connect with Outlook, the ip address is from a different machine that
you need to allow by setting the right parameters in the config file.

Sendmail has a reputation as being a bit difficult to configure.  You
might want to consider Postfix or Exim.

Dan

[ Post a follow-up to this message ]

On Wed, 31 Aug 2005 13:37:44 -0700, google_groups3 wrote:

> OK, I added the lines:
>
>  define(`confAUTH_OPTIONS', `A')dnl
> TRUST_AUTH_MECH(`DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
> define(`confAUTH_MECHANISMS', `DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
>
> to sendmail.cf and remade the file.  Now i get the error:
>
> "Relaying denied. Proper authentication required."
>
>
> Am I any closer or am I just making this worse??!!

Normally you don't need authentication for smtp, you're probably
making it worse.

You need to allow relaying for the ip addresses from your lan in your
config file.

Dan

[ Post a follow-up to this message ]

thanks, but what if this server will be used be many different people
on many different networks?  that means i cannot restrict access via
network address.  is there no way to do it via userid and password?

for example, yahoo mail has no idea what network you will connect from
using outlook but you can still do it.

[ Post a follow-up to this message ]

On Wed, 31 Aug 2005 22:33:52 -0700, google_groups3 wrote:

> thanks, but what if this server will be used be many different people on
> many different networks?  that means i cannot restrict access via network
> address.  is there no way to do it via userid and password?

> for example, yahoo mail has no idea what network you will connect from
> using outlook but you can still do it.


You need to differentiate between SMTP (sending mail) and POP (collecting
mail from a mailbox).

POP requires username and password.  A POP mailbox is usually accessible
from anywhere.

SMTP, on the other hand, normally doesn't require authentication, so the
SMTP server (Sendmail) will restrict who can relay mail through it.

You normally configure your email client (Outlook in your case) to send
mail via the ISP's SMTP server.  The ISP will accept and relay mail onward
because you're part of its local network.

There are some SMTP authentication protocols, but they don't seem to be
widely used.  I believe that Microsoft clients are not considered to be
particularly secure.

You might find some useful hints at the following site:

http://dannelson.net/LSH/mail.html


Dan

[ Post a follow-up to this message ]

Thanks Dan.  This I understand better now but I am still stuck!

My problem is that the server is going to be used by many different
people so I cannot restrict access based on network address.  Also,
some of the ISP's used do not provide SMTP relaying services.  This is
my biggest problem

I assume it can be done because hotmail, yahoo and other free providers
have this service.  My personal account uses an SMTP server on a
different network to mine and I have to authenticate with it via the
same userid and password as the pop3 server.  This means that there can
be no restricion on network address because with this userid and
password i can access it from anywhere.
In the outlook config, there is an Outgoing Server tab.  Here you can
specify a userid and password for the outgoing email server.

If this is not possible, is there another MTA that can do this?

[ Post a follow-up to this message ]

In alt.os.linux.debian, google_groups3@hotmail.com uttered the immortal
words:

> Thanks Dan.  This I understand better now but I am still stuck!

Please read <http://groups.google.com/googlegrou...ting_style.html>
paying particular attention to "Summarize what you are following up". Thank
you.

--
Andy.

[ Post a follow-up to this message ]

Dan N <dan@localhost.localdomain> wrote:

> ...
> SMTP, on the other hand, normally doesn't require authentication,

I beg to differ - smtp authentication is the prefered method of
identifying users authorised to send using the server on all but locally
secured LAN installations.

> ...
> I believe that Microsoft clients are not considered to be
> particularly secure.

It's the protocol which is not secure.

There are secure methods which (typically) use a different port - Many
mailers (including Outlook Express) support this option.

--
William Tasso

[ Post a follow-up to this message ]