Home Download News FAQ / Knowledge Base Screenshots Documentation Support
philosophical imaginary

Differences

This shows you the differences between two versions of the page.

faq:installation:relay [2013/02/26 12:44]
dothebart per user relay config
faq:installation:relay [2017/04/18 10:23] (current)
ajc
Line 1: Line 1:
-=====Configuring Relaying===== +===== Configuring Relaying =====
-If your system is behind a DSL line or not public available IP address, you need to configure a Mailserver you will send the mail out via. +
-Citadel offers this in: +
  
-<code> +There are several situations in which you may not want your Citadel server to deliver mail directly to recipients over the public Internet.  These include: 
-Administration->Domain names and Internet mail configuration->Smart hosts +  * Your organization requires all outbound mail to be sent through a relay 
-</code>+  * You want to use an outbound mail filtering/scanning service 
 +  * You are on a private network and your ISP requires all outbound mail to be sent through //their// mail server
  
-Depending on your situations this can be several items. +If this is the caseyou can relay all outbound mail through **smart host**.  You can configure a smart host two ways: 
- +  * From WebCitselect Administration --> Domain names and Internet mail configuration --> Smart hosts 
-====Identification / Authentication==== +  * From the text client, select **.**<**A**>dmin <**S**>ystem configuration <**I**>nternet, and add a smart host.
-Since relay access usualy must not be available to the public (since its abused to send spam) the relaying mailserver has to be protected from alowing random persons on the internet doing a relay. If your server sends via a VPNor is always coming from a defined IP, alowing relay access for this ip may be solution. +
- +
-If not, or if using public servers not under your control specifying username / password is the way to go. The syntax herefore is: +
-<code> +
-username:password@yourrelay.com:portnumber +
-</code> +
-  - Portnumber defaults to 25; can be ommitted. +
-  - yourrelay.com the hostname. If you know that the IP of your relay doesn't changeyou should directly configure an IP here. This reduces the risk of failure if i.e. the DNS is unavailable. +
-  Password: your secret. If it contains special characters (:@ and so on) you have to URL-encode them @ -> %40 : -> %3A +
-  - Username: The user on the system. If it contains special characters (:@ and so on) you have to URL-encode them @ -> %40 : -> %3A +
-  - you may use i.e. [[http://meyerweb.com/eric/tools/dencoder/]] to do the URL encoding for you; Please note you should only submit the nonsecret parts for security reasons. +
- +
-====TLS/SSL==== +
-Currently citadel itsel does not support TLS on this way on its own. There is a workaround for this:  +
- +
-[[http://stunnel.org]] +
- +
-All modern distributions ship stunnel; on some the package is named stunnel4 - since version 3 is also available but has no config file. +
- +
-here is a sample stunnel configuration to configure a gmail relay: (put them i.e. to /etc/stunnel4/smtprelay.conf) +
-<code> +
-sslVersion = SSLv3 +
- +
-chroot = /var/lib/stunnel4/ +
-setuid = stunnel4 +
-setgid = stunnel4 +
- +
-pid = /stunnel4.pid +
- +
-socket = l:TCP_NODELAY=1 +
-socket = r:TCP_NODELAY=1 +
- +
-client = yes +
- +
-[ssmtprelay] +
-protocol = smtp +
-accept  = 127.0.0.1:8025 +
-connect = smtp.googlemail.com:25 +
- +
-</code> +
- +
-Once you restart stunnel, you should find it binding port 8025 for you to relay: +
-<code bash> +
-netstat -alnpt |grep stunnel +
-tcp        0      0 127.0.0.1:8025          0.0.0.0:*               LISTEN      17523/stunnel4   +
-</code>+
  
-now you configure this relay in citservers Smart Host tab+You can specify any valid SMTP URI.  At the very least, you must specify a host name, but if you need to add a port number, username and password, or SMTPS instead of SMTP, these options are all accepted.  The full URI syntax is
-<code> +<code>  
-somebody%40gmail.com:opensesame@127.0.0.1:8025+ [smtp[s]://][username:password@]host[:port]
 </code> </code>
-now you should be able to test your relay. 
  
-====Configuring per user Relay==== +If you configure multiple smart-hosts, one will be selected at random for each message that is delivered.
-//this is an unrelased feature it will be part of citadel 8.2x// +
-So maybe you're only allowed to send mails as the user that was authenticated for relaying - which may be not nice if you have several users using your system. +
-This setup is a little more complicated. Follow these steps. +
-  - collect all relay domains you're going to send mails via, add them to //Masqueradable domains//. +
-  - configure several relay addresses like this: somemailaddress@somewhere.org username:password@relayhost  (please note the blank between email and relay) +
-  - edit the users personal vcard, add somemailaddress@somewhere.org to his email addresses.+
  
-Once the user chooses somemailaddress@somewhere.org as his sender, this relay will be used. 
Copyright © 1987-2017 Uncensored Communications Group. All rights reserved.     Login (site admin)