Hi.

I'm in the process of configuring pmdf to require authenticated smtp for specific
subnets within our university network. I thought I understood the process pretty
well, but I think I need some clarification on the switchchannel options.

Basically, I've setup a mapping table with the networks requiring authenticated smtp,
such as,

!
! IP's requiring SMTP authentication
!
AUTH_REQUIRED_IP

! test addresses
130.108.127.198 $Y
130.108.127.45 $Y
! modem subnets
$(130.108.108.0/24) $Y
$(130.108.110.0/24) $Y
$(130.108.111.0/24) $Y
* $N

I've then added a routing entry to pmdf.cnf of the format

!
! Do mapping lookup for networks requiring authentication
[] $E$R${AUTH_REQUIRED_IP,$L}$U%[$L]@TCP-AUTH

Which is located above the entry to route internal hosts to the tcp-internal
channel.

The "defaults" channel is defined as,

! The defaults channel
!
defaults logging noswitchchannel


And the TCP-AUTH channel is defined as,

tcp_auth smtp single_sys mx subdirs 20 maytlsserver mustsaslserver msexchange
TCP-AUTH

What I've found is that unless I add an 'allowswitchchannel' option to the 'tcp_auth'
channel, this configuration doesn't work. According to the documentation, this pretty
much makes sense to me, but then I'm not certain how the normal SASL configuration (as
provided in the manual section 14.4) works since it defines a 'noswitchchannel' option
on the 'tcp_auth' channel, which according to the manual says "noswitchchannel specifies
that no channel switching should be done to or from the channel".

Any clarification on this would greatly appreciated.

Thanks,

John


--
John Meyers
Computing Services
Wright State University