>From the FAQ:
<snip>
4.1. How do I forward unrecognized usernames to another host? I'd like
to set up a LUSER_RELAY pointing at bigbang.af.mil.
Answer: Put
| forward "$LOCAL"@bigbang.af.mil
into ~alias/.qmail-default.
</snip>
If bigbang.af.mil is a sendmail server, 'properly' configured, this trick
might have your qmail end up in ORBS.
What's the problem: One of the relay tests that ORBS does is
user%domain@[yourip]. Doing this directly to the sendmail server will have the
sendmail server reject it - relaying not allowed. A qmail server without the
FAQ4.1 trick will bounce the message - user 'user%domain' does not exist on
your qmail system, probably.
But... suppose you do have this config and the sendmail in this case allows
relaying from your qmail server (which is not unlikely as they're in the
same netblock). The sendmail server will receive the message for
user%domain@[ip], but since the qmail server is allowed to relay thru it,
it will accept the message. It then parses it for the % and relays the message
to the intended destination. Not good.
Check http://www.orbs.org/cgi-bin/verify.cgi?address=194.178.232.122 to see
what I mean.
I have temporarily fixed this problem by disallowing all inbound access to
this mailserver from outside our netblock, since it doesn't really serve any
purpose for the outside right now.
I will think of a better fix in a couple of days, hints are welcome. My first
urge was to just have it bounce everything with a % in it, another idea is to
give it a list of valid users on the sendmail machine. I have users/assign
generated from a database so that should be an easy trick, it just has one line
for default delivery now (which makes my solution slightly different from
FAQ4.1 but with the same problem).
Greetz, Peter.
--
Peter van Dijk - student/sysadmin/ircoper/womanizer/pretending coder
|
| 'C makes it easy to shoot yourself in the foot;
| C++ makes it harder, but when you do it blows your whole leg off.'
| Bjarne Stroustrup, Inventor of C++
