[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: New to list + SMTP authentication when sending email



On Sun, 18 Jul 2010, Stroller wrote:

I would say that best practice is to use sendmail / sendmail-command-
line-compatibility, in the way already followed.

and if LSMB is in a third party hosting environment (currently probably not practical, but possible in future maybe), and the web facing machine does not provide mail capabilities?

Our web systems, for example, have only the most basic mail support. If a user wants to do more than send mail as their account name (not usually a routable email address), they will have to do it with something other than /usr/bin/sendmail. If they use that, the message envelope sender will end up as either their username, or ..hidden.., which is usually rather undesirable.

Of course, they can spoof the sender, and most/all do, but that envelope information is still there for any over-active spam trap to find interesting enough to mess with the message.

If someone wants to authentically send from their own domain, at all levels of the mail transaction, they must have the app connect to the mail server and authenticate.

If you DO need that, then I'm pretty sure that Postfix can route to
different upstream servers depending upon the from: domain.

Probably not from:, but mail from, maybe, via transport maps. Still, that is a breakpoint waiting to happen, unless your database setups are kept very very up to date, and if you don't control the mail software, you're out of luck with that one.

Load shouldn't be a problem that you need to run Postfix on
a > different box, but if you do then it can be secured in various ways
(still compatible with the above).

That is a highly subjective comment. Load can come in many forms, and unless you control every aspect of the server infrastructure, that level of transport is rather unlikely. Maybe the specific user does control his setup at that level, as I could if I wanted to do this sort of thing; but SMTP-Auth does seem to me to be a reasonable addition to an application that has the potential to depend upon the ability to send mail.

Regards,

Luke