This website uses cookies. If you continue using this website you agree to use cookies. More information.

deutschenglish

CompanyJobsw3/blogHow to find us

DEEN

News from w3logistics

w3/blog – The w3logistics Blog

12. Juli 2019

Smarthost load balancing with Sendmail

Abgelegt unter: Hacker's Corner — Thomas Omerzu @ 13:47

If you have multiple smart hosts that can work as outgoing mail relays, you might wish to implement a kind of load balancing.

On the Internet, you often find the proposal to use something like

   DSesmtp:[smarthost1]:[smarthost2]

as smart host definition in your sendmail.cf. Unfortunately, for us this didn’t work: It implements only a failover, as Sendmail always uses the first host as long as it is reachable.

So we finally came to this solution:

   DSesmtp:smarthost

(note the missing square brackets, which mean that an MX record lookup will take place). In the DNS, we then define

   smarthost  MX  42 smarthost1
              MX  42 smarthost2

And voilà: Sendmail automatically balances outgoing mails between those two MX hosts as they have equal priority.

12. Februar 2019

EAP-MSCHAPv2 for pppd-2.4.7

Abgelegt unter: Hacker's Corner — Thomas Omerzu @ 15:34

Recently, a customer wanted us to connect to his servers in a Microsoft Azure Cloud environment.

This connection required an SSTP tunnel with EAP-MSCHAPv2 authentication. We didn’t want to use the provided VPN client for Windows, but rather preferred to use our Linux gateway to make the connection.

An SSTP client for Linux is available at Sourceforge, but unfortunately the current pppd-2.4.7 does not support the required EAP encapsulated MSCHAPv2 authentication.

There is a patch implementing a PEAP encapsulated MSCHAPv2 at Github, but this didn’t solve our problem either, as the gateway doesn’t support PEAP.

Inspired by that implementation, we created our own EAP-MSCHAPv2 patch for pppd-2.4.7, which you can download here.

The implementation is incomplete in the way that only client mode is supported. Nevertheless, it works well for us. Please use at own risk.