Roger Schmid wrote:
Dear Swinog members
Until now, we provided an authenticated smtp-server for our customers and a separate "open" smtp-server for customers with email-adresses from other providers. We would like to shut down the relaying server and have the customers use the smtp-servers from their mail-provider (gmx, gmail, bluewin etc.).
Which is the one they should be using unless they are using an authenticated gateway. Note that with the advent of SPF/DKIM etc using a host not inside the authorized set of servers might at one point not be possible anymore.
Now we found out that bluewin doesn't allow authenticated smtp-relay from users outside their ip-range, so all our customers with bluewin-mailadresses would have no smtp-server available.
I am wondering what your setup is here. Is it:
a) cust-in-your-address-space -> $you -> $bluewin b) cust-in-bluewin-address-space -> $you -> $bluewin c) something else ?
Also, if those people are using email provided by BlueWin, why would you be relaying mail for them, with their From, why are they not using the Bluewin mailservers (which I hope do SMTP-AUTH).
I am sure that some of you had the same issue and would be interested how other (small) isp's have resolved this problem.
SMTP AUTH doesn't care about what the From/To are. You can perfectly authenticate with the local user/pass for the relay and then allow any From/To combo you want, the user is authenticated anyway.
Also you can even enable having this in the headers, eg:
Received: from [IPv6:2001:41e0:ff42:b00:216:cfff:fe00:e7d0] (spaghetti.ch.unfix.org [IPv6:2001:41e0:ff42:b00:216:cfff:fe00:e7d0]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: jeroen) by abaddon.unfix.org (Postfix) with ESMTPSA id 1E5E335A523 for nanog@nanog.org; Fri, 16 May 2008 19:09:42 +0200 (CEST)
(postfix main.cf: smtpd_sasl_authenticated_header = yes)
Which quite clearly shows that it was me sending mail. This is a good thing btw, as then you can, when an abuse report comes in, easily see who it was, instead of having to find it in the logs and crossmatch message-id's.
Greets, Jeroen