Please make relaying disabled if there is no rcpthosts file :) --Adam -----Original Message----- From: Timothy L. Mayo <[EMAIL PROTECTED]> To: Roger O. Svenning <[EMAIL PROTECTED]> Cc: [EMAIL PROTECTED] <[EMAIL PROTECTED]> Date: Wednesday, January 06, 1999 9:54 AM Subject: Re: Tcpserver quiz :What is in your rcpthosts file? That is the FIRST point that needs to be :in place to prevent relaying. RELAYCLIENT overrides the rcpthosts file, :it does not replace it. : :On Wed, 6 Jan 1999, Roger O. Svenning wrote: : :> I installed tcpserver for use with qmail 1.03 yesterday so :> I could allow and restrict relaying. (According to the instrucions in FAQ 5.4) :> After setting up the tcp.smtp file and rebuilding the cdb, mail relaying worked :> ... for everyone :) :> :> I tried to just make a test tcp.smtp with the following content :> :> 123.12.:allow,RELAYCLIENT="" :> :allow :> :> After rebuilding I was still able to relay mail trough our server from whatever host :> I wanted (I tried from several different shell accounts). :> Guess I have to put in deny entries too to keep other ppl away but will they be able to :> deliver mail to local addresses then ? (I have several virtual domains on the server), :> and if this is the case then the FAQ is wrong and should be corrected ... cause it does :> not say anything about adding 'deny' entries. :> :> Anyway ... I moved pop3 from inetd to tcpserver and it looked like it worked just perfectly :> until one customer called and complained about he could not authenticate on one of their :> accounts. This customer has 8 accounts belonging to the same virtual domain and he got :> 7 of them to work. I tried to access that account from my workstation and it worked just fine :> but no matter what he did he could not access that particular account. :> Then .. just out of the blue sky .. I tried to put his ip into the tcp.smtp and voila .. he could open :> that account too ... how is this possible??, that a customer from one computer can open :> [EMAIL PROTECTED] but not [EMAIL PROTECTED] .. though if tcpserver had worked correctly he should not :> have been able to log in at all. :> :> To answer some questions before you ask them: :> No .. I do not run tcpserver from inetd :) .. it's started trough rc.local :> And (again) .. yes I did build the cdb .. over and over again :> :> Any suggestions ? :> :> Roger O. Svenning :> :> : :--------------------------------- :Timothy L. Mayo mailto:[EMAIL PROTECTED] :Senior Systems Manager http://www.mayod.nb.net/ :The National Business Network Inc. :localconnect(sm) http://www.nb.net/ : :