I got this setup a few months back and everything has been fine. I can use desktop mail clients to connect to the secure-mail server and send/receive mail. However, an issue has came up with regard to sending mail from servers via ssmtp relay. If I want to relay mail to an address found in the virtual mail tables, all is well, I just have this as my ssmtp.conf: Code: root=username mailhub=mx-1.mydomain.com ... However, this obviously only works for internal addresses; it can't be used to send something to [email protected] because relay is disabled for outside addresses. No big deal right? Just set it up to use smtp auth on the secure-mail subdomain... Code: mailhub=secure-mail.mydomain.com [email protected] AuthPassword=somepassword UseSTARTTLS=YES UseTLS=YES ... Except, this always returns 503 authentication failed, even though I could not be more positive that the username and password are correct. If I remove UseSTARTTLS=Yes then it just spits out "cannot open [smtp server]" I can't figure out why this is because I can use the smtp server to send authenticated e-mails via other means like desktop mail clients, but it simply will not work when using ssmtp. So, two questions: 1) Is there anyone out there who has any clue why this would be happening? 2) If not, is there a way I can set it so relay to any address is accepted IF the connection is coming from the internal network (i.e. mx-1.internal.mydomain.com) or would this not provide the security from using the smtp server for spam like I think it would? Thanks!
Following the normal cycle of "try to fix for a couple days, post on forums, instantly come up with a solution" I managed to implement (2) above by adding my private network submask to mynetworks. Obviously my biggest concern is with spammers hijacking the smtp server to bulk e-mail people; am I missing anything here that could cause this? when: mailhub=mx-1.mydomain.com FAIL: sendmail [email protected] < test when: mailhub=mx-1.internal.mydomain.com SUCCESS: sendmail [email protected] < test This is the desired result, but I am wondering if I'm missing any security implications of having the private network submask in mynetworks...
