Is there a way to provide authentication services on only port 587 (and
not port 25 as well)?

Reason: Right now we have two separate servers, one that handles our
incoming e-mail (from the outside world) which only has port 25 open.
Port 587 has been shut down. Then I have a second server with only port
587 enabled and it offers authentication for our (external) users to be
able to relay through.

I'd like to combine these two into one machine, which means I need to
leave both ports open to the outside world. So is there a way to
restrict the authentication to only work on port 587 (and not work/fail
on port 25)?

Thanks.

"Ashley M. Kirchner" <ashley+news [at] pcraft.com> writes:

> Is there a way to provide authentication services on only port
> 587 (and not port 25 as well)?

You can disable SMTP AUTH by using M=A flag in DAEMON_OPTIONS

DAEMON_OPTIONS(`Family=inet, Name=MTA-v4, Port=smtp, Modify=A')dnl

> [...]

P.S.
Using "Modify=a" *requires* use of SMTP AUTH - consider using it for MSA.

--
[pl>en: Andrew] Andrzej Adam Filip : anfi [at] priv.onet.pl : anfi [at] xl.wp.pl
I just know I'm a better manager when I have Joe DiMaggio in center field.
-- Casey Stengel

Andrzej Adam Filip wrote:
> "Ashley M. Kirchner" <ashley+news [at] pcraft.com> writes:
>
>> Is there a way to provide authentication services on only port
>> 587 (and not port 25 as well)?
>
> You can disable SMTP AUTH by using M=A flag in DAEMON_OPTIONS
>
> DAEMON_OPTIONS(`Family=inet, Name=MTA-v4, Port=smtp, Modify=A')dnl
>
>> [...]
>
> P.S.
> Using "Modify=a" *requires* use of SMTP AUTH - consider using it for MSA.
>

When you say it requires use of AUTH...not sure I understand what
you're telling me there.

What I want is:
port 25 is open for inbound e-mail from the outside world, plain and
simple, the way it functions now, however it does not offer any
authentication and would flat out refuse any connections attempting to
relay through the server.

port 587 is open for connections as well, however it *requires* a user
to authenticate before they can relay messages through.

So, port 25 no relay, port 587 relay with authentication only.

-- A

"Ashley M. Kirchner" <ashley+news [at] pcraft.com> writes:

> Andrzej Adam Filip wrote:
>> "Ashley M. Kirchner" <ashley+news [at] pcraft.com> writes:
>>
>>> Is there a way to provide authentication services on only port
>>> 587 (and not port 25 as well)?
>>
>> You can disable SMTP AUTH by using M=A flag in DAEMON_OPTIONS
>>
>> DAEMON_OPTIONS(`Family=inet, Name=MTA-v4, Port=smtp, Modify=A')dnl
>>
>>> [...]
>>
>> P.S.
>> Using "Modify=a" *requires* use of SMTP AUTH - consider using it for MSA.
>>
>
> When you say it requires use of AUTH...not sure I understand
> what you're telling me there.
>
> What I want is:
> port 25 is open for inbound e-mail from the outside world,
> plain and simple, the way it functions now, however it does not offer
> any authentication and would flat out refuse any connections
> attempting to relay through the server.

.... Modify=A ...

> port 587 is open for connections as well, however it
> *requires* a user to authenticate before they can relay messages
> through.

.... Modify=a ...

> So, port 25 no relay, port 587 relay with authentication only.
> -- A

--
[pl>en: Andrew] Andrzej Adam Filip : anfi [at] priv.onet.pl : anfi [at] xl.wp.pl
The only two things that motivate me and that matter to me are revenge
and guilt.
-- Elvis Costello

Andrzej Adam Filip wrote:
>> port 25 is open for inbound e-mail from the outside world,
>> plain and simple, the way it functions now, however it does not offer
>> any authentication and would flat out refuse any connections
>> attempting to relay through the server.
>
> ... Modify=A ...
>
>> port 587 is open for connections as well, however it
>> *requires* a user to authenticate before they can relay messages
>> through.
>
> ... Modify=a ...

Aha. I didn't realize that A != a in your previous e-mail. So I need
to add two DAEMON_OPTIONS lines, one for each port? I'm going after
your initial reply in which you stated that I can disable authentication by:

DAEMON_OPTIONS(`Family=inet, Name=MTA-v4, Port=smtp, Modify=A')dnl

...which takes care of the smtp port (25). Since this doesn't apply to
port 587, I would have to specify it as well, correct?

"Ashley M. Kirchner" <ashley+news [at] pcraft.com> writes:

> Andrzej Adam Filip wrote:
>>> port 25 is open for inbound e-mail from the outside world,
>>> plain and simple, the way it functions now, however it does not offer
>>> any authentication and would flat out refuse any connections
>>> attempting to relay through the server.
>>
>> ... Modify=A ...
>>
>>> port 587 is open for connections as well, however it
>>> *requires* a user to authenticate before they can relay messages
>>> through.
>>
>> ... Modify=a ...
>
> Aha. I didn't realize that A != a in your previous e-mail.
> So I need to add two DAEMON_OPTIONS lines, one for each port? I'm
> going after your initial reply in which you stated that I can disable
> authentication by:
>
> DAEMON_OPTIONS(`Family=inet, Name=MTA-v4, Port=smtp, Modify=A')dnl
>
> ...which takes care of the smtp port (25). Since this doesn't
> apply to port 587, I would have to specify it as well, correct?

Yes, but "remember" that:
unless you use FEATURE(`no_default_msa') your sendmail.cf contains
default "MSA listener" configuration. So try the lines below:

FEATURE(`no_default_msa')
DAEMON_OPTIONS(`Family=inet, Name=MSA, Port=587, Modify=Ea')
DAEMON_OPTIONS(`Family=inet, Name=MTA, Port=25, Modify=A')dnl

Modify=E disables ETRN handling (it is used by default MSA configuration).

--
[pl>en: Andrew] Andrzej Adam Filip : anfi [at] priv.onet.pl : anfi [at] xl.wp.pl
I have just had eighteen whiskeys in a row. I do believe that is a record.
-- Dylan Thomas, his last words