Require SMTP-AUTH on port 25

Is there a way somehow to set the SMTP sending on port 25 to always require authentication?
I know only 127.0.0.1 can relay but anybody can enter smtp commands via telnet and in this way of course send emails without authentication.
Don’t you think it is a security risk?

Thanks, Gabor.

Hi Gabor

Good question, and one which is asked a lot.

I personally think if set correctly, it should be fine, and is used in certain circumstances to detect issues or be notified of issues, but others may disagree, hence this is just my thoughts only, and of course, we set it so they can AUTH, and over TLS if required. Also, please remember, with TLS, if used, it first connects using port 25, then upgrades to TLS prior to any communication.

If you wish to check for open relay, which is what your referring too, I use external tests such as http://www.mailradar.com/openrelay/, which gve a good indicator and a good run of tests, which you have to remember, when admins test manually, they often forget that there connecting IP maybe treat differently, depending upon how they set up rules.

I hope that helps a little

Many thanks

John

Hi Gabor

Sorry, have you looked at spamdyke.

I posted how to install and have it running quickly, and if you look at the options, you can set it auth if needed.

Many thanks

John

Sorry John but I didn’t understand well, did you post the installation method somewhere?
Thanks, Gabor.

Hi Gabor

Sorry, it must be me not explaining too well sorry.

Yes, please see this post http://forums.interworx.com/threads/3263-Forward-Email-to-Learn-Spam?p=25854#post25854

You can set spamdyke to require AUTH and reject if not AUTH, but please have a read about the spamdyke.conf file, and use spamdyke -help from ssh.

Also, I’m sure your aware, but just a reminder, to test you will need to encrypt your username and password when testing, base64 I think from memory and you have to invoke AUTH, and starttls if using TLS, but in the first instance, I would use port 25 for testing.

Also, if going to use TLS, you will need this in spamdyke.conf, so it can work with TLS
tls-certificate-file=/var/qmail/control/servercert.pem

If you want, we tested AUTH with TLS, and I can PM you a test account we used, so you can see how it works.

I hope that helps

Many thanks

John