Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Allowing authenticated external users to relay mails from anywhere through internal sendmail

Posted on 2000-05-05
Medium Priority
Last Modified: 2010-03-18
I have setup a sendmail (8.10.0) on a Redhat Linux 6.1 machine.  Since anti-relay is by default on, users cannot send mails through the company sendmail server from home or any other places.
I suppose the best way to allow that is to use some kind of authentication mechanism according to user address name before the user can relay their mails.  Anyone knows how that can be done.  Is SMTP AUTH a good way?  If so, how is it setup?
Question by:kevintsang
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +1
LVL 40

Expert Comment

ID: 2784179
Caveat... I've not yet tried to enable that feature on an 8.10.1. But my reading of the doc's indicate that it would be the easiest way to allow per-user relaying. It looks to me that you need a functioning Cyrus SASL (avail at for authenticating users.

Another possibility is to set up a Web mail interface for your users. That can be run over an SSL enabled http server and it side-steps the anti-relay problem as your remote users are always within the domain. A pretty good free web mail system can be found at and another that I've not tried is at

From a security stand point, only allowing access to the mail system via http (or preferrably https) is better than allowing direct SMTP/IMAP/POP. It also has the advantage on not requiring per-client setup's. As long as the remote client system has a Web browser that user is "good to go".

Expert Comment

ID: 2794817

at my place of work, we have a firewall that stops up from doing just that, however, we have punched holes in it by allowing access through the firewall based on ip address.



Expert Comment

ID: 2802464
Sendmail 8.10 has some decent relay rule controls,
but you must be configured with
the appropriate features. In paticular it sounds
like you could make good use of the access_db
feature, which will allow you to add/reject
hosts in a /etc/mail/access hashed file, in the
same manner that the aliases and mailertable db's
are handled.

I suggest you take a look at ...
for an overview.  If you are not familiar with
customizing your with m4, you'll
either need to dig into "the" Sendmail book or
have a sendmail guru create one for you.

After reading that web page tho, take a look at
your current /etc/mail directory and
file ... what you need make already be configured
in there.

I have RH 6.1 loaded at home and will take a look
at what they ship by default tonite (at work
running Solaris now!).

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Expert Comment

ID: 2802831
Under RH 6.1 (and probably other Linuxes), /etc/mail has the proper config ...
there's and access file you can modify to allow host and user@host entry to
the smtp service. When done just run "make" as root when in that directory and
it should rehash the .db files.

Bear in mind that allowing user@host accesdoes open some potential abuse

Actuall user password authentication say against an ldap service is much more
complex but as I understand it possible ... I haven't done that yet but probably
will in the near future.


Author Comment

ID: 2813520
THanks for your input.  I've made the SMTP AUTH work.
In my case, web-based interface is already in place but I haven't found one that can totally replace a mail client program like outlook.  Our users need those functions like rule-based filtering and subfolders under folder, etc.
We have to rely on SMTP AUTH because we would never have any clue where the user is connecting from and thus we can never allow access based on IP.
Basically, I need to know if there is a better way because I believe there should be people out there facing similar problem.
LVL 40

Accepted Solution

jlevie earned 200 total points
ID: 2814800
SMTP AUTH is the best way to allow your server to be used by roaming users without leaving your site wide open to un-wanted relaying. In my opinion the only thing better would be SMTP AUTH/POP/IMAP over SSL.

Expert Comment

ID: 2814883
if you are using a exchange mail server, it does have a web mail client that emulates outlook, and has most of the functionality

Author Comment

ID: 2816907
rtheriot, we tried the Outlook Web Access already.  It is pretty good already but still can't fulfill all of our requirements.  For example, web-based interface does not allow offline email access.  Mobile users are not online all the time.  Anyway, appreciate your help.

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question