On Sat, Nov 01, 2003 at 09:52:41AM +0100, Martin Lesser wrote: > > The file doesn't belong to vpopmail exclusively. It really belongs to > > qmail, and vpopmail wants to add and remove items from it for it's > > misguiding implementation of relaying. > What do you mean with misguiding? vpopmail - like others - only tries to > record the REMOTEIP for SMTP after POP purposes. I personally believe that /etc/tcp.smtp should not be writable by anybody other than the root user himself, setting it up.
> > Qmail looks at /etc/tcp.smtp via tcpserver, which only allows a single > > file to be specified, so there is also a tcp.smtp is in > > /var/vpopmail/etc, then qmail NEVER looks at it, as it really needs > > /etc/tcp.smtp. > Just for clarifying: tcpserver (and not qmail) looks into a cdb-file > which you define as option for tcpserver with -x /path/to/file.cdb. That is exactly what I said: 'Qmail looks at /etc/tcp.smtp via tcpserver'. > So if one uses vpopmail the run-file for qmail-smtpd could be changed in > a way that tcpserver looks in another cdb-file for which vpopmail has > write access. The vanilla vpopmail suggests this IIRC. The problem is that tcpserver only takes the last '-x' parameter it is passed, so you cannot give it multiple cdbfiles. I'd like to enforce a clean seperation between the tcp.smtp that is set by the administrator and the tcp.smtp that vpopmail wants to create. No application should ever re-write configuration files as it goes, there is too much potential for disaster, and ideally should have no permissions to write to the files even. [snip standard information about how qmail-smtpd uses tcpserver]. Worst case scenario: somebody finds a way to exploit vpopmail and add arbitrary information to your cdb-file. now they use your mail server to send spam etc. I can simply turn off the extra relaying added in by vpopmail, and leave my original (and seperate) tcp.smtp file intact. > > A much better overall solution is to use the relay-ctrl package (see my > > notes in the latest qmail conf-smtpd and courier-imap stuff about it). > Ack. Why 'Ack'? The relay-ctrl package is simply the RELAYCLIENT stuff abstracted and made a lot more useful. It also doesn't violate my configuration files. I don't see any convincing reasons why it is less suitable than vpopmail's less than idea implementation of relay after auth. Another nastiness with vpopmail, is that is I wanted to remove the relay after auth only, I'd have to recompile it, versus just flipping a configuration setting. -- Robin Hugh Johnson E-Mail : [EMAIL PROTECTED] Home Page : http://www.orbis-terrarum.net/?l=people.robbat2 ICQ# : 30269588 or 41961639 GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85
pgp00000.pgp
Description: PGP signature
