On Wed, Jan 06, 1999 at 03:34:19PM +0100, Roger O. Svenning wrote:
> I installed tcpserver for use with qmail 1.03 yesterday so
> I could allow and restrict relaying. (According to the instrucions in FAQ 5.4)
> After setting up the tcp.smtp file and rebuilding the cdb, mail relaying worked
> ... for everyone :)
>
> I tried to just make a test tcp.smtp with the following content
>
> 123.12.:allow,RELAYCLIENT=""
> :allow
>
> After rebuilding I was still able to relay mail trough our server from whatever host
> I wanted (I tried from several different shell accounts).
> Guess I have to put in deny entries too to keep other ppl away but will they be able
>to
> deliver mail to local addresses then ? (I have several virtual domains on the
>server),
> and if this is the case then the FAQ is wrong and should be corrected ... cause it
>does
> not say anything about adding 'deny' entries.
You don't need (or want) any deny entries. You're not trying to deny anyone a
connection to your SMTP server; you're just trying to set RELAYCLIENT for
certain clients.
If you have a control/rcpthosts file with the hosts you'd like to receive mail
for and you're running tcpserver with the correct arguments, then it will work
with the entries in tcp.smtp you've provided above. How are you starting
tcpserver for qmail-smtpd?
> Anyway ... I moved pop3 from inetd to tcpserver and it looked like it worked just
>perfectly
> until one customer called and complained about he could not authenticate on one of
>their
> accounts. This customer has 8 accounts belonging to the same virtual domain and he
>got
> 7 of them to work. I tried to access that account from my workstation and it worked
>just fine
> but no matter what he did he could not access that particular account.
> Then .. just out of the blue sky .. I tried to put his ip into the tcp.smtp and
>voila .. he could open
> that account too ... how is this possible??,
It's not possible, unless you've got things seriously ass-backwards. Your
tcp.smtp.cdb should never be looked at for a POP3 connection. If yours is,
you've got things wired up wrong. How are you starting tcpserver for POP3?
> that a customer from one computer can open [EMAIL PROTECTED] but not [EMAIL PROTECTED]
> .. though if tcpserver had worked correctly he should not have been able to
> log in at all.
tcpserver does work correctly. Most likely, you're not using it correctly.
> To answer some questions before you ask them: No .. I do not run tcpserver
> from inetd :) .. it's started trough rc.local And (again) .. yes I did build
> the cdb .. over and over again
>
> Any suggestions ?
Send the contents of control/rcpthosts and your tcpserver invocations. If
you've got anything non-standard about your setup, send details.
Chris
