[wplug] IMAP revisited... to send mail?

Bill Moran wmoran at potentialtech.com
Sat Nov 20 08:34:30 EST 2004


On Sat, 20 Nov 2004 03:08:14 -0500 (EST)
Brandon Kuczenski <brandon at 301south.net> wrote:
> ... Maybe I'm just missing something incredibly obvious, but how does one
> configure an IMAP server for *sending* mail?  None of the docs seem to
> talk about this.  It seems to me that the IMAP server wouldn't have
> anything to do with *sending* mail, anyway -- but now that I have the
> *checking* mail part working just fine, I'm realizing that the other half
> of the equation isn't there.

IMAP doesn't have any way to send mail built into it.

> Is this an issue that I have to solve by configuring the MTA? (which is
> postfix, in this case)

Yes.  You have to configure Postfix to relay mail from trusted senders.
But you need to ensure that it won't relay mail for just anyone or you'll
end up being a source of spam as people hijack your server.

> Or what?  Is that what this mysterious "SASL" is
> about?  And how is that different from "SSL"?

First off, Internet mail was developed in an environment where people didn't
abuse the system, then it had to grow up and learn to protect itself.

SMTP (which is used for sending mail) didn't originally have any way to
authenticate, as it didn't seem necessary.  Spammers proved that it WAS
necessary, years later.

So stuff had to be added to SMTP to secure it.  SASL is a component of
SMTP AUTH.  SMTP AUTH allows a user to authenticate to the SMTP server
before using it, SASL is how the SMTP server determines whether or not
that authentication succeeds or not.  Confusing?  Yes, a little, but it's
because it was added on later, and not part of the original system.

Anyway, SMTP AUTH works well to authenticate you to your server to know
whether you're allowed to relay mail or just send mail to people on that
server (those are really the two choices: authenticated users can relay
mail, non-authenticated users can only send mail to users on that server)

The problem is that SMTP AUTH takes place over untrusted Internet
connections, and people can sniff the network traffic to see your
password.  So SSL is also needed.  SSL encrypts everything between the
client and the server, so your username, password, and even the mail
you send is protected from prying eyes.

There's one more component that you're like to run into, and that's the
fact that a lot of ISPs these days are blocking SMTP traffic to anywhere
but their own mail servers.  As a result, there is a new system called
"mail submission".  It's actually not very complicated.  Basically, you
configure a second SMTP server to run on a different port (587 is what's
registered) and you configure it to ONLY let users who are authenticated
do _anything_.  As a result, it can't receive mail, but can be used to
allow users to relay mail.  And as a result, it's safe for ISPs to allow
you to connect to without them worrying about you being a spammer.

> Sometimes I feel just hopeless about this stuff.

There's a lot to know, it takes time.

-- 
Bill Moran
Potential Technologies
http://www.potentialtech.com


More information about the wplug mailing list