James wrote:
> 1) I have had qmail working wonderfully on RedHat Mandrake 6.0 for many
> months now.. but I am having a problem with relaying. I've gone through
> the steps on this page:
>
> http://www.palomine.net/qmail/relaying.html
>
> but I am confused about something.. if I set up an ip address in
> rcpthosts, *and* in RELAYCLIENT, does this mean the user can ONLY send
> mail if he/she is connected to the server (say, with telnet)? I have
> added the user's ip address to both, and user cannot use server as a relay
> when not connected directly to the server.
rcpthosts lists domains that qmail will deliver mail to no matter who uses
the relay to send mail to them. For instance your rcpthosts is:
cia.gov
nsa.gov
This allows _anyone_ connecting to your qmail server to send messages to
those domains. If I am a Russian spy and I telnet to port 25 on your qmail
server. I can then do a:
mail from: [EMAIL PROTECTED]
rcpt to: [EMAIL PROTECTED]
data
Blah blah blah
.
This message will be delivered.
If I as the Russian spy telnetting to your qmail port 25 did this same thing
to [EMAIL PROTECTED], the message would not be delivered to hotmail.com
because hotmail.com is not in your rcpthosts. Now people can not use your
qmail server to spam the world because the qmail server will only send
messages to cia.gov and nsa.gov. This presents a problem to your local
users because now they can't send mail out to hotmail.com since it is not in
the rcpthosts.
You can however set up tcpserver to pass a RELAYCLIENT environment variable
to the qmail server for ip addresses of your choosing. Say you have set up
your tcp.smtp with a:
192.168.10.:allow, RELAYCLIENT=""
:allow
and have recompiled the rules
tcprules tcp.smtp.cdb tcp.smtp.temp < tcp.smtp
and then stopped and restarted qmail and tcpserver
Now everyone with an address in the subnet 192.168.10 should be able to send
mail to any host they wish. Everyone not in the subnet 192.168.10
connecting to qmail will only be able to send mail to nsa.gov and cia.gov.
Putting an address for Joe Smith at 192.168.10.103 in rcpthosts just simply
allows mail to be delivered to host 192.168.10.103, and has no bearing on
where Joe Smith can send mail.
Your rcpthosts should only contain domains you receive mail for. Your
tcp.smtp should contain the subnets and/or ip addresses of the users you
wish to be able to use the qmail server as a relay to send mail anywhere.
Forgive my rambling....
Fox
[EMAIL PROTECTED]
