Hi again,
No one seems to have an answer on this, which leads me to believe that my
question is either (1) a dumb question well covered in a doc somewhere, or
(2) an extremely difficult question that has everyone stumped. Could
someone at least clue me in on which one it is?
thanks,
Todd
I'm trying to set up a virtual pop server, and I've run into a problem that
I can't solve. I've been talking with a knowledgeable friend and qmail
advocate, and I have him stumped. He recommended that I forward my problem
to this list, in the hope of finding a solution.
Rather than restate everything and probably get something wrong, my
discussion with him follows.
qmail is running, I can inject mail into it and it will be delivered. I
also have a few accounts set up on it, and mail is being properly delivered
to them. I can also mail directly from the command line on the machine.
The problem: domain.org is the domain that is set up on qmail.
[EMAIL PROTECTED] is a valid account on the system. If I try to send mail
to any host not listed in control/rcpthosts, it
bounces with a 553, "sorry that domain isn't in my list of allowed
rcpthosts".
I thought, "That looks suspiciously like a FAQ". Sure enough. question
5.4 seemed relevant, reproduced here for reference:
-------------------------------------------------------------------------------
5.4. How do I allow selected clients to use this host as a relay? I see
that qmail-smtpd rejects messages to any host not listed in
control/rcpthosts.
Answer: Three steps. First, install tcp-wrappers, available separately,
including hosts_options. Second, change your qmail-smtpd line in
inetd.conf to
smtp stream tcp nowait qmaild /usr/local/bin/tcpd
/var/qmail/bin/tcp-env /var/qmail/bin/qmail-smtpd
(all on one line) and give inetd a HUP. Third, in tcpd's hosts.allow,
make a line setting the environment variable RELAYCLIENT to the empty
string for the selected clients:
tcp-env: 1.2.3.4, 1.2.3.5: setenv = RELAYCLIENT
Here 1.2.3.4 and 1.2.3.5 are the clients' IP addresses. qmail-smtpd
ignores control/rcpthosts when RELAYCLIENT is set. (It also appends
RELAYCLIENT to each envelope recipient address. See question 5.5 for an
application.)
--------------------------------------------------------------------------------
I found a message in the mail archives that says that removing rcpthosts
will open up the machine, but this is of course not a solution. I moved
rcpthosts as a test, and all messages are delivered properly.
My /etc/inetd.conf line reads:
smtp stream tcp nowait qmaild /usr/sbin/tcpd /var/qmail/bin/tcp-env
/var/qmail/bin/qmail-smtpd
and my /etc/hosts.allow line reads:
tcp-env: 209.218.13.127: setenv = RELAYCLIENT
209.218.13.127 is the ip address of my linux box here at home, behind which
my Windows box running Eudora (crash.domain.com) lives.
Looking at tcpdmatch, I can't understand why this is being declined:
[root@sonata tcp_wrappers_7.6]# /usr/sbin/tcpdmatch -d tcp-env
209.218.13.127
client: address 209.218.13.127
server: process tcp-env
access: granted
Let's see if I understand what you are doing.
You have a machine which I will call mail.domain.org. You have setup
qmail as the MTA. If you use a program on that machine to send mail from
[EMAIL PROTECTED] to [EMAIL PROTECTED], it works. If you go over
to otherDomain.com and send mail to [EMAIL PROTECTED], it gets delivered.
Correct so far?
This is correct.
Now you take a windows box, crash.otherDomain.com, and you configure
Eudora to get mail from mail.domain.org through POP3, and to use
[EMAIL PROTECTED] as the sender, and that mail.domain.org will be your
SMTP
host.
This doesn't work. Right?
I can pop mail off the server using the [EMAIL PROTECTED] account just
fine with Eudora. Mail sent to any valid address in domain.org is
delivered properly. The problem comes in sending mail to any domain not
listed in control/rcpthosts from any @domain.org account, when the mail
originates from the Windows box. mail.domain.org refuses to accept the
message for delivery with the mentioned error.
(
Here's a handy chart in case anyone is having a problem following that
mess:
The domain other.com is in control/rcpthosts. The domain other2.com is
not.
Originating Machine Sender Recipient Result
mail.domain.org [EMAIL PROTECTED] [EMAIL PROTECTED] success
mail.domain.org [EMAIL PROTECTED] [EMAIL PROTECTED] success
mail.domain.org [EMAIL PROTECTED] [EMAIL PROTECTED] success
crash.other.com [EMAIL PROTECTED] [EMAIL PROTECTED] success
crash.domain.org [EMAIL PROTECTED] [EMAIL PROTECTED] success
crash.domain.org [EMAIL PROTECTED] [EMAIL PROTECTED] success
crash.domain.org [EMAIL PROTECTED] [EMAIL PROTECTED] failure
)
Things to note:
1. qmail does not include a POP3 or IMAP daemon. Tell qmail to use
mailboxes instead of maildirs and use any daemon, or let qmail use maildirs
and get a POP3 or IMAP daemon that understands them.
I'm running the qmail-pop3d daemon, and it appears to be working fine.
2. qmail doesn't want to be insecure out of the box, so it doesn't allow
relaying. What you want is to set up relaying for the relevant external
boxes that you want to use mail.baldmonkey.org as their smarthost.
That's what I think I'm doing by adding that odd line to
/etc/hosts_allow. I'm referencing question 5.4 in the FAQ, which seems to
address my problem.
I think that the problem might be that I don't have hosts_options enabled
in my tcp-wrappers. I'm running a 7.6 RedHat RPM, and I don't know if
hosts_options is enabled or not. I'm assuming that it is not, based on the
docs in the source distribution. Unfortunately. I can't get version 7.5
to compile, and I can't find version 8.
This is the error that I get after running 'make linux' on the 7.6 dist:
-DBROKEN_SO_LINGER -Dvsyslog=myvsyslog -DALWAYS_HOSTNAME -c diag.c
cc -O -DFACILITY=LOG_MAIL -DHOSTS_ACCESS
-DPARANOID -DGETPEERNAME_BUG -DBROKEN_FGETS -DLIBC_
CALLS_STRTOK -DDAEMON_UMASK=022 -DREAL_DAEMON_DIR=\"/usr/sbin\"
-DPROCESS_OPTIONS -DSEVERITY=LOG_
INFO -DRFC931_TIMEOUT=10 -DHOSTS_DENY=\"/etc/hosts.deny\"
-DHOSTS_ALLOW=\"/etc/hosts.allow\"
-DBROKEN_SO_LINGER -Dvsyslog=myvsyslog -DALWAYS_HOSTNAME -c percent_m.c
percent_m.c:17: conflicting types for `sys_errlist'
/usr/include/stdio.h:553: previous declaration of `sys_errlist'
make[1]: *** [percent_m.o] Error 1
make[1]: Leaving directory `/usr/local/src/tcp_wrappers_7.6'
make: *** [linux] Error 2
That's everything. I again apologize for the length of the post, but I
wanted to include every snippet of information that I have so far. I've
just subscribed to the list, so if anyone who replies could be so kind as
to cc me so I don't miss any messages, I'd appreciate it.
Many thanks,
Todd Finney
