Sidebar
how_to:allowing_mail_relay_through_vpop3
This is an old revision of the document!
How To Allow Mail Relay Through vPOP3
If you are allowing remote access into VPOP3 to collect mail then you may also want those remote users to be able to send their outgoing mail through VPOP3 as well.
This is more complex than allowing users to collect mail, because, by default, SMTP connections are not authenticated. This means that when someone tries to send a message through VPOP3, VPOP3 doesn't know who that user is. This can cause a problem if unauthorised users try to send mail through VPOP3, as you will want to block those users, whilst still allowing legitimate users to send mail.
The default VPOP3 settings will tell VPOP3 which computer IP addresses are allowed to send outgoing messages, so VPOP3 checks the IP address of the computer which is connected to it to work out whether that user can send outgoing messages. However, if you want to allow remote users to send mail, you may not know the IP addresses of the remote users' PCs.
In this case, you need to change the VPOP3 configuration to make it use the 'Authentication' extension to the SMTP protocol so that your remote users can log on before sending mail. This works fine as long as the remote users are using email client software which supports SMTP authentication. (Most modern email clients do, but some older ones don't).
To do this, go to the Services → SMTP page in the VPOP3 settings.
Click on Require SMTP Authentication and Do not require SMTP authentication for internal/incoming mail
Make sure the SMTP Anti-Relay Protection method is set to Check Client IP Address.
You now need to modify the entries in the Access Restrictions box. If you currently have there something like:
192.168.1.0 255.255.255.0
change it to
NOGLOBAL 192.168.1.0 255.255.255.0 noauth 0.0.0.0 0.0.0.0
This tells VPOP3 that users on the 192.168.1.0 subnet can send mail without needing to authenticate, and users on the rest of the Internet (0.0.0.0 0.0.0.0) can send mail as long as they authenticate first. The NOGLOBAL tells VPOP3 not to let the global access restrictions (set on the Services page) override the SMTP service specific settings.
The Do not require SMTP authentication for internal/incoming mail option tells VPOP3 to still allow incoming SMTP messages if you use that facility.
You can optionally add VPOP3 account names to the 0.0.0.0 0.0.0.0 line if you want to restrict the users who can send mail from the Internet, eg
0.0.0.0 0.0.0.0 fred bob
means that only the fred' and bob user accounts can send mail from the Internet
If you want all users (including local users) to have to authenticate with VPOP3 before sending mail, you can remove the noauth'' text at the end of the line allowing access from your local LAN.
how_to/allowing_mail_relay_through_vpop3.1246971608.txt.gz · Last modified: 2018/11/14 10:44 (external edit)
