Hi,
The openbsd-proto.mc file has these lines:
FEATURE(`no_default_msa')dnl
DAEMON_OPTIONS(`Family=inet, Address=0.0.0.0, Name=MTA')dnl
DAEMON_OPTIONS(`Family=inet6, Address=::, Name=MTA6, M=O')dnl
DAEMON_OPTIONS(`Family=inet, Address=0.0.0.0, Port=587, Name=MSA, M=E')dnl
DAEMON_OPTIONS(`Family=inet6, Address=::, Port=587, Name=MSA6, M=O,
M=E')dnl
According to the /usr/share/sendmail/README file, it is necessary to
add the "a" modifier to the line that define the MSA: "Additionally, by
using the M=a modifier you can require authentication before messages
are accepted by the MSA"
If I understood well the line:
DAEMON_OPTIONS(`Family=inet, Address=0.0.0.0, Port=587, Name=MSA, M=E')dnl
would be:
DAEMON_OPTIONS(`Family=inet, Address=0.0.0.0, Port=587, Name=MSA, M=Ea')dnl
and then the smtp auth must work on port 587.
Why the original line (without the "a" modifier) port 587 requires
authentication as well?. Is it implicit in other place? I already
checked several times the send process with/without the "a" modifier and
I needed the authentication in both cases all the times to be able to
send an email trough the 587 port.
My question is because, as I said in my previous email, I want to
separate the dnsbl verification just for port 25 and let the clients to
authenticate and send the email on port 587 without pass trough the
dnsbl lists verifications (as is defined by the line FEATURE(`dnsbl',
`zen.spamhaus.org' that I added to openbsd-proto.mc).
I just add the "a" modifier and I noticed a little delay when the
client software (thunderbird on this case) do the authentication process
for send the email. My problem is that I have users that connect to the
server with dynamic IP addresses and they are rejected after the
authentication process because the IP is on the PBL list with this message:
" This IP range has been identified by Spamhaus as not meeting our
policy for IPs which should deliver 'direct-to-mx' mail to PBL users. "
Spamhouse said that the only thing I need to avoid that "error" is to
have SMTP AUTH enable on the server on port 587 (which I already have as
my previous question about the lines on openbsd-proto.mc).
Can I assume that the MSA configuration (with the "a" modifier) will
authenticate the user and let him send the email without pass trough the
PBL verification, just doing the authentication process? In case my
assumption is not correct...is there any way to separate that without
to run another sendmail process (with a separate configuration) on port
587? Sadly I can test it myself because my IP does not appear on PBL
lists and my users will connect during my sleep time (I am 8 hours behind).
Some light here will be appreciate.
Regards
Alvaro
Alvaro Mantilla Gimenez wrote:
> Hello,
>
> Is there any way to apply dnsbl feature just on port 25 on the
> default openbsd sendmail configuration and do not apply that on port 587
> (just auth smtp)?
>
> I googled it looking for answers but it seems people disabled dnsbl
> feature on sendmail and used it with spamassasin (which is not an option
> for me).
>
> Any advice?
>
>
> Thanks,
>
>
> Alvaro
