Setting Up Pop before SMTP on Openexchange Server

Support knowledgebase (rsimai_slox_drac)
Applies to

Openexchange Server: Version 4

Situation

You want to set up 'Pop before SMTP' by means of DRAC (Dynamic Relay Authorization Control) to enable relaying after an authentication process.

What Is Relaying?

Relaying means that your mail server accepts mail messages for external domains and forwards them via SMTP.
Relaying should be done for your own users only!
Accepting mail messages for one's own domain is not relaying and should always work.

Alternative to Pop before SMTP

The authentication via SMTP (SMTP-AUTH) represents an alternative to POP before SMTP. This function can be activated in the configuration frontend and thus, made available to all system users.

By using SMTP-AUTH, you can avoid an uncommon but very unpleasant problem:
Let us assume that some of your users connect to the Openexchange Server through a router with masquerading via the Internet. Thus, all users 'behind' that router have the same IP address, i.e. that of the router. If a user successfully establishes a POP or IMAP connection, all users will be able to relay through your server because the server does not distinguish between users with the same IP address. Therefore, you will have a partially open relay to say the least and, in a worst-case scenario, your server might be registered in an open relay database.

Drac Setup

  1. Installation

    The package is not included on the CDs. Install dracd.rpm from our Maintenance Web with the command
    openexchange:~ # rpm -ivh dracd.rpm
    
    Follow the instructions included in the maintenance articles!
    Note: the portmapper must be installed and running on the server. This is usually the case after a standard installation.
  2. Postfix Configuration

    Edit the file /etc/postfix/main.cf and change the line starting with smtpd_recipient_restrictions. Before check_relay_domains, insert the entry
    check_client_access btree:/etc/postfix/dracd
    
    The complete line will be similar to:
    smtpd_recipient_restrictions= ldap:ldapmailenab,permit_tls_clientcerts,permit_sasl_authenticated,permit_mynetworks, 
    check_client_access btree:/etc/postfix/dracd, check_relay_domains
    
    Make sure the line does not contain word-wrapping or spelling mistakes.
    If you want to use word-wrapping, the next lines cannot start at the beginning of the line. This can be avoided, for example, by inserting a blank at the beginning of the line.
  3. Cyrus Configuration

    Edit the file /etc/imapd.conf and change the line
    dracinterval: 0
    
    to
    dracinterval: 4
    
    This parameter defines the time interval (in minutes) the dracd waits before searching for open POP or IMAP connections.
  4. Dracd Configuration

    You can also edit the file /etc/sysconfig/dracd and adapt the value
    DRACD_RELAYTIME="5"
    
    This value sets for how long (in minutes) an IP adddress is kept in the database.
  5. Services Start

    Create the start link for Drac:
    openexchange:~ # insserv -d -f /etc/init.d/dracd
    
    (or alternatively with YaST's runlevel editor for the runlevels 3 and 5) and restart the services:
    openexchange:~ # rcdracd start
    openexchange:~ # rccyrus restart
    openexchange:~ # rcportmap restart
    openexchange:~ # rcpostfix restart 
    
  6. Test

    Test this function by starting a POP or IMAP fetch process from a known IP adddress (for example: 192.168.0.1).
    In the output of the command
    openexchange:~ # postmap -q  192.168.0.1 btree:/etc/postfix/dracd
    
    a time stamp is displayed. According to the above-configured settings, the host 192.168.0.1 is activated for relaying during 5 minutes.

Information

A detailed description of DRAC is available at the URL:
http://mail.cc.umanitoba.ca/drac
or locally under /usr/share/doc/packages/drac
Keywords: SLOX, OPENEXCHANGESERVER, DRACD, POP, BEFORE, SMTP, RELAYING

Categories: SuSE Linux IMAP Server

Feedback welcome: Send Mail to srsimai@suse.de (Please give the following subject: SDB-rsimai_slox_drac)
SDB-rsimai_slox_drac, Copyright SuSE Linux AG, Nürnberg, Germany - Version: 03. Mar 2003
SuSE Linux AG - Last generated: 03. Mar 2003 by afaber (sdb_gen 1.40.0)