Relay options

This forum contains features that has been archived. This section contains implemented features, duplicate requests, and requests which we have decided not to implement.
Post Reply
User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Relay options

Post by martin » 2004-06-22 20:25

I'm thinking on reworking the relaying options in 3.3.
Today there are some conflicting settings which is really confusing.

Example:
Under Settings->SMTP->Security->Relaying, you can select "Never allow relay".
Then you can add an ip range that says "Allow SMTP relaying".
What happens if you do the both? No-one knows. :)

I was thinking on removing the relaying options and only use IP ranges.

On domain level, the "Require SMTP authentication" will be replaced with

Require SMTP authentication:
- for incoming deliveries
- for outgoing deliveries

The following options will be availible on every IP ranges.

Allow connections:
- SMTP
- POP3
- IMAP

Allow deliveries:
- From local domains to local domains
- From local domains to external domains
- From external domains to local domains from
- From external domains to external domains

When the user creates a new database, an ip range is automatically setup that allows SMTP/POP3/IMAP, delivers to local domains and

deliveres from local users to external domains.

I think this would be easier for users to understand than today were we have several conflicting options.

Comments anyone? :)
Last edited by martin on 2004-06-23 09:05, edited 1 time in total.

User avatar
Bram
Senior user
Senior user
Posts: 417
Joined: 2004-05-24 22:57
Location: The Netherlands
Contact:

Post by Bram » 2004-06-22 20:52

I think it is a good option. Some time ago i wanted to set relay-ip-ranges but i did'n exactly know what would happen so i just was affraid of turning them on. I think making relay options on each domain will take the confusion away. But there has to by a good manual to make the good settings.

polarunion
Normal user
Normal user
Posts: 245
Joined: 2004-04-05 20:21
Location: Ottawa, Canada
Contact:

Post by polarunion » 2004-06-22 21:26

first off, what is the difference between allow local user relay, allow domain relay etc. etc. To me, users of a domain hosted on hmail are also the users of that domain - so isn't this redundant?

I'm a bit confused by the current settings and thier differences so I agree that a rework would be beneficial.

Essentially from what I gather, most of us all want our local users to be the only ones allowed to send and recieve mail. We require that it not act as an open relay for external spam servers and messages sent from a local address should be addressed with that address only and not of an external domain address. For example it should not be possible for you@hmailserver.com to be allowed to send mail as anotherguy@yahoo.com because you are not part of that domain.

The only exception is if the hmailserver is also acting as a MX relay backup host to other servers on other domains. We could allow for this server to relay messages by allowing servers of a specified ip address or range.

But any thought on how a server1 can recieve mail addressed to another primary (server2) and hold onto it to be deliverred at a later time until server2 comes back online?? The backup server will have to know to accept mail from server2.com (directed to server1 as a successive MX) if it's down, hold onto it, and try to send it repeatedly until server2.com comes back online.

Another thought.

Not that I'm worried about this because I won't use this features, but other users (larger network admins) requested a relay to an internal smtp server for his users on his internal network. There must be a way to direct all mail from an IP to another IP that the host can reach - whether it be external or internal.

Basically we need an email conductor directing traffic -

you're good mail - go here, you're bad mail, can't come here, go, stop, it's not working so we'll try later. You're lost? it's this way.

How to do this? can it be configured manually for internal redirecting - and use DNS for external redirecting?

Just a few thoughts because I could have really used a backup server last night. Still haven't found one so thought I'd throw some oppinions in.

User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Post by martin » 2004-06-22 22:45

A backup feature will be implemented in 3.3. Will be quite simple. Will be possible to specify which domains the server should act as a backup for...

calvi
Normal user
Normal user
Posts: 65
Joined: 2004-03-17 23:34
Location: Melbourne, Australia

Post by calvi » 2004-06-23 00:18

I agree totally, probably should have posted it as a feature request myself.

The IP relay section is excellent, the otherone is well..... not necessary.

JC.

MG
New user
New user
Posts: 12
Joined: 2004-05-26 04:42
Location: Nebraska

Post by MG » 2004-06-23 16:50

Polarunion wrote:
> ...We require that it not act as an open relay for external spam servers
> and messages sent from a local address should be addressed with that
> address only and not of an external domain address. For example it
> should not be possible for you@hmailserver.com to be allowed to send
> mail as anotherguy@yahoo.com because you are not part of that
> domain.

There are times when I want to do just that. I would like to be able to authenticate and then be able to send as either a local domain or as a user from a list of relay domains.

User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Post by martin » 2004-06-23 17:31

I still think it's a good idea to simply remove the relay options and only using IP ranges. I'll make sure that the default IP range setup works fine for most users so that most users won't have to think about it...

User avatar
TimS
Normal user
Normal user
Posts: 45
Joined: 2003-11-30 18:39
Location: Clarkston, MI
Contact:

Post by TimS » 2004-06-24 06:26

As long as the default set up relays for locale users out of the box i would agree with you that using the more complicated and feature rich IP rangers would be the best way to go.
thedeveloper wrote:I still think it's a good idea to simply remove the relay options and only using IP ranges. I'll make sure that the default IP range setup works fine for most users so that most users won't have to think about it...
Tim S

User avatar
olger901
Normal user
Normal user
Posts: 186
Joined: 2004-02-07 20:44

Post by olger901 » 2004-06-24 14:34

Would that mean you would simply said need to specify the IP's or IP ranges with wildcards who are allowed to relay?

User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Post by martin » 2004-06-24 14:36

No. Simply said, you won't have to do anything. The default setup will be enough for most users. It will allow relaying for users on the server (regardless of their IP). It will not allow relaying for external users (=users without account on the server).

User avatar
olger901
Normal user
Normal user
Posts: 186
Joined: 2004-02-07 20:44

Post by olger901 » 2004-06-24 14:45

Yes but I got a people who are using POP3 and SMTP externally on their home PC. So currently I set it to always allow relay but and turned on the option require authentication. So will I be able to do this with future versions aswell?

Or will I be able to enter the IPs of the people who will be able to use it or some sort of thing?

User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Post by martin » 2004-06-27 22:53

olger901:
You should never use "always allow relay". Switch over to "allow relay for local users". Always allow relay will make it possible for anyone to use your server for spamming. The "Require SMTP Authentication" option is only valid for the specific domain.

This is why the behaviour is going to be changed. It's hard to really understand what's happening. :)

The default setup in 3.3 will suit you fine without modifications.

User avatar
olger901
Normal user
Normal user
Posts: 186
Joined: 2004-02-07 20:44

Post by olger901 » 2004-06-28 18:44

I know that it's per domain, and I only have 1 domain, so there is nothing wrong actually thx for the advice though

User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Post by martin » 2004-06-28 20:17

Yes, but if you use "Always allow relay", anyone can send email through your server. Anyone can send from dummy@microsoft.com unless you have added the domain microsoft.com as a domain to your server.
This is why "Always allow relay" just is no good and never should be selected. :)

nickp
New user
New user
Posts: 11
Joined: 2004-06-26 23:48

Backup options

Post by nickp » 2004-07-02 19:24

thedeveloper wrote:A backup feature will be implemented in 3.3. Will be quite simple. Will be possible to specify which domains the server should act as a backup for...
I'm very interested in this feature.
Will the server know to hang onto mail for the domain it is backing up for longer than normal?
Will the server recognise that is the primary mail server is down it shouldn't send the mail to teh backup i.e. itself?

This feature and the ability to specify a gateway on a per destination basis is all I need to switch over.

Nick

nwkit
Normal user
Normal user
Posts: 133
Joined: 2004-04-19 03:57
Location: Canada

Post by nwkit » 2004-07-02 21:56

will there be documentation on the ip ranges thing when the new version comes out? cuz i'm a little bit confused about it...

User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Post by martin » 2004-07-02 21:57

There will be documentation...
And the gui will be better, so I don't think you'll need the documentation when you see it.

nwkit
Normal user
Normal user
Posts: 133
Joined: 2004-04-19 03:57
Location: Canada

Post by nwkit » 2004-07-02 21:58

*thumbs up*...nice work martin

User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Post by martin » 2004-07-12 20:43

I have made a prototype now..

If someone has the time, take the look att this images:
http://www.hmailserver.com/gfx/temp/ipr ... creen1.gif
http://www.hmailserver.com/gfx/temp/ipr ... creen2.gif
http://www.hmailserver.com/gfx/temp/ipr ... creen3.gif

The "My computer"-range applies to the local computer. The "Internet"-range applies to all other computers on the internet. So now all authentication and relaying settings are gathered together at the same place.

Does it make any sense?

User avatar
Bram
Senior user
Senior user
Posts: 417
Joined: 2004-05-24 22:57
Location: The Netherlands
Contact:

Post by Bram » 2004-07-12 22:54

I think this wil make it much easier. Is it possible when someone makes an open relay to give this person a warning that he does?

Keep up the good work! Its getting better and better every day!!

:wink:

calvi
Normal user
Normal user
Posts: 65
Joined: 2004-03-17 23:34
Location: Melbourne, Australia

Post by calvi » 2004-07-12 23:45

Makes perfect sense to me.

Looks terrific Martin,

Much better!!!!

User avatar
Jason Weir
Normal user
Normal user
Posts: 58
Joined: 2004-02-02 23:41
Location: Chichester, NH
Contact:

Post by Jason Weir » 2004-07-13 01:17

look great

Thanks,
Jason

Stef Levolger
New user
New user
Posts: 13
Joined: 2004-07-08 00:11

Post by Stef Levolger » 2004-07-13 02:00

Looks great :D

polarunion
Normal user
Normal user
Posts: 245
Joined: 2004-04-05 20:21
Location: Ottawa, Canada
Contact:

Post by polarunion » 2004-07-13 02:54

can't wait to try it out...

nice work buddy.

User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Post by martin » 2004-07-13 08:58

You guys are really positive. :)
An account which is not defined on a domain on the server.
Should it be called "Remote" or "External" account?
I call it "Remote" today but I'm not sure it's the best word for it.

User avatar
Bram
Senior user
Senior user
Posts: 417
Joined: 2004-05-24 22:57
Location: The Netherlands
Contact:

Post by Bram » 2004-07-13 09:02

I think 'external' is a better word. But who am i :twisted:

ScottyWH
New user
New user
Posts: 16
Joined: 2004-07-13 17:07

Post by ScottyWH » 2004-07-14 17:17

RealDesign wrote:I think 'external' is a better word. But who am i :twisted:
I agree... external sounds more appropriate (though both make sense)...

...and I assume that if one were using squirrelmail in conjunction with hmail (assuming it is installed on the same server) that it would appear to the hmail server as authenticating all squirrelmail users from localhost... is that correct?

theTerran
Senior user
Senior user
Posts: 287
Joined: 2004-06-22 18:07
Location: Florida

Post by theTerran » 2004-07-16 00:40

Another possible wording:

Allow deliveries
[ ] between local accounts
[ ] outgoing from local accounts
[ ] incoming to local accounts
[ ] between non-local accounts

New admin screens look great, by the way. Nice work as usual!
Last edited by theTerran on 2004-07-16 00:48, edited 1 time in total.

theTerran
Senior user
Senior user
Posts: 287
Joined: 2004-06-22 18:07
Location: Florida

Post by theTerran » 2004-07-16 00:46

Just a late-in-the-day thought... Something like the following might allow for a more thorough set of options:

Allow deliveries
[ ] between local accounts
[ ] outgoing from local accounts
[ ] incoming to local accounts

Allow relaying
[ ] for authenticated users
[ ] for anyone

Is it possible to send From a non-local account, but to authenticate with the server using a local account username/password? This is purely hypothetical, but say you want to send an email through hMailServer that comes "From:" an account on a domain hosted elsewhere.

An example might be that you have a personal account with Yahoo! which does not allow you to send large attachments, but you need to send a large attachment to someone from your Yahoo! address. If you could authenticate using your hMailServer local account, but address your message from your Yahoo! account, then you could accomplish relaying for authenticated users without leaving your server as a public open relay.

Maybe this is already permitted by the setting "Require authentication for [x] Deliveries to remote accounts"? But it does not seem to apply.

casualprogrammer
New user
New user
Posts: 2
Joined: 2004-09-10 11:16

Relay options local vs. remote

Post by casualprogrammer » 2004-09-12 10:47

I am not fully sure wether this issue has been covered somewhere in here already:

I set up hMailServer as personal SMTP/POP3 service for Outlook 2002 on a few notebooks in a peer to peer network without dedicated server.

While they all have access to their respective ISP accounts on the net, we needed a means of sending / forwarding mails "internally" in the local network, without having to bother about encryption and communication bills.

While this works nicely, each notebook being it's own domain, we can send and receive via Outlook 2002 accounts, relaying to an external ( Internet ) recipient is somewhat restricted, as most mail servers tend to verify the sender against an MX record or by querying the senders domain for a "live" sender.

As our local "domains" are not accessible from the outside ( no dedicated IP ) we can not relay to those servers, except by giving the a sender that is readily verified ( our ISP Email account ).

Using Telnet I can readily relay to any mailserver, by giving my "real" sender address, which can be verified in the mail from: command.

I would appreciate the ability for hMailServer to enter an alias for the mail from: handling, so the message appears to be coming through my real ISP carried mail address, rather than from the internal account.

This is not crucial, but would keep us from having to administer external and internal accounts at the same time. ( No, we are not a SPAM gang, if I just wanted to spoof my senders address for good, there are other tools, including the IIS5 SMTP Service built into WinXP )

Sincerely, Casual

Post Reply