Home Download News FAQ / Knowledge Base Screenshots Documentation Support
philosophical imaginary


This shows you the differences between two versions of the page.

faq:installation:relay [2013/02/26 12:31]
dothebart using Stunnel for TLS
faq:installation:relay [2017/04/18 10:23] (current)
Line 1: Line 1:
-=====Configuring Relaying===== +===== Configuring Relaying =====
-If your system is behind a DSL line or not public available IP address, you need to configure a Mailserver you will send the mail out via. +
-Citadel offers this in: +
-<code> +There are several situations in which you may not want your Citadel server to deliver mail directly to recipients over the public Internet.  These include: 
-Administration->Domain names and Internet mail configuration->Smart hosts +  * Your organization requires all outbound mail to be sent through a relay 
-</code>+  * You want to use an outbound mail filtering/scanning service 
 +  * You are on a private network and your ISP requires all outbound mail to be sent through //their// mail server
-Depending on your situations this can be several items.+If this is the case, you can relay all outbound mail through a **smart host**.  You can configure a smart host two ways: 
 +  * From WebCit, select Administration --> Domain names and Internet mail configuration --> Smart hosts 
 +  * From the text client, select **.**<**A**>dmin <**S**>ystem configuration <**I**>nternet, and add a smart host.
-====Identification / Authentication==== +You can specify any valid SMTP URI.  At the very leastyou must specify host namebut if you need to add port number, username and password, or SMTPS instead of SMTP, these options are all accepted The full URI syntax is: 
-Since relay access usualy must not be available to the public (since its abused to send spam) the relaying mailserver has to be protected from alowing random persons on the internet doing a relay. If your server sends via a VPNor is always coming from defined IPalowing relay access for this ip may be solution. +<code>  
- + [smtp[s]://][username:password@]host[:port]
-If notor if using public servers not under your control specifying username password is the way to go. The syntax herefore is: +
-<code> +
 </code> </code>
-  - Portnumber defaults to 25; can be ommitted. 
-  - yourrelay.com the hostname. If you know that the IP of your relay doesn't change, you should directly configure an IP here. This reduces the risk of failure if i.e. the DNS is unavailable. 
-  - Password: your secret. If it contains special characters (:@ and so on) you have to URL-encode them @ -> %40 : -> %3A 
-  - Username: The user on the system. If it contains special characters (:@ and so on) you have to URL-encode them @ -> %40 : -> %3A 
-  - you may use i.e. [[http://meyerweb.com/eric/tools/dencoder/]] to do the URL encoding for you; Please note you should only submit the nonsecret parts for security reasons. 
-====TLS/SSL==== +If you configure multiple smart-hostsone will be selected at random for each message that is delivered.
-Currently citadel itsel does not support TLS on this way on its own. There is a workaround for this:  +
- +
-[[http://stunnel.org]] +
- +
-All modern distributions ship stunnel; on some the package is named stunnel4 since version 3 is also available but has no config file. +
- +
-here is a sample stunnel configuration to configure a gmail relay: (put them i.e. to /etc/stunnel4/smtprelay.conf) +
-<code> +
-sslVersion = SSLv3 +
- +
-chroot = /var/lib/stunnel4/ +
-setuid = stunnel4 +
-setgid = stunnel4 +
- +
-pid = /stunnel4.pid +
- +
-socket = l:TCP_NODELAY=1 +
-socket = r:TCP_NODELAY=1 +
- +
-client = yes +
- +
-[ssmtprelay] +
-protocol = smtp +
-accept  = +
-connect = smtp.googlemail.com:25 +
- +
-</code> +
- +
-Once you restart stunnelyou should find it binding port 8025 for you to relay: +
-<code bash> +
-netstat -alnpt |grep stunnel +
-tcp        0      0*               LISTEN      17523/stunnel4   +
-</code> +
- +
-now you configure this relay in citservers Smart Host tab: +
-<code> +
-somebody%40gmail.com:opensesame@ +
-</code> +
-now you should be able to test your relay.+
Copyright © 1987-2017 Uncensored Communications Group. All rights reserved.     Login (site admin)