Roger Schmid wrote:
Dear Swinog members
Until now, we provided an authenticated smtp-server for our customers
and a separate "open" smtp-server for customers with email-adresses
from other providers. We would like to shut down the relaying server
and have the customers use the smtp-servers from their mail-provider
(gmx, gmail, bluewin etc.).
Which is the one they should be using unless they are using an
authenticated gateway. Note that with the advent of SPF/DKIM etc using a
host not inside the authorized set of servers might at one point not be
Now we found out that bluewin doesn't allow
from users outside their ip-range, so all our customers with
bluewin-mailadresses would have no smtp-server available.
I am wondering what your setup is here. Is it:
a) cust-in-your-address-space -> $you -> $bluewin
b) cust-in-bluewin-address-space -> $you -> $bluewin
c) something else ?
Also, if those people are using email provided by BlueWin, why would you
be relaying mail for them, with their From, why are they not using the
Bluewin mailservers (which I hope do SMTP-AUTH).
I am sure that some of you had the same issue and
would be interested
how other (small) isp's have resolved this problem.
SMTP AUTH doesn't care about what the From/To are.
You can perfectly authenticate with the local user/pass for the relay
and then allow any From/To combo you want, the user is authenticated anyway.
Also you can even enable having this in the headers, eg:
Received: from [IPv6:2001:41e0:ff42:b00:216:cfff:fe00:e7d0]
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested) (Authenticated sender: jeroen)
(Postfix) with ESMTPSA id 1E5E335A523
for <nanog(a)nanog.org>rg>; Fri, 16 May 2008 19:09:42 +0200 (CEST)
(postfix main.cf: smtpd_sasl_authenticated_header = yes)
Which quite clearly shows that it was me sending mail. This is a good
thing btw, as then you can, when an abuse report comes in, easily see
who it was, instead of having to find it in the logs and crossmatch