Hi again, No one seems to have an answer on this, which leads me to believe that my question is either (1) a dumb question well covered in a doc somewhere, or (2) an extremely difficult question that has everyone stumped. Could someone at least clue me in on which one it is? thanks, Todd I'm trying to set up a virtual pop server, and I've run into a problem that I can't solve. I've been talking with a knowledgeable friend and qmail advocate, and I have him stumped. He recommended that I forward my problem to this list, in the hope of finding a solution. Rather than restate everything and probably get something wrong, my discussion with him follows. qmail is running, I can inject mail into it and it will be delivered. I also have a few accounts set up on it, and mail is being properly delivered to them. I can also mail directly from the command line on the machine. The problem: domain.org is the domain that is set up on qmail. [EMAIL PROTECTED] is a valid account on the system. If I try to send mail to any host not listed in control/rcpthosts, it bounces with a 553, "sorry that domain isn't in my list of allowed rcpthosts". I thought, "That looks suspiciously like a FAQ". Sure enough. question 5.4 seemed relevant, reproduced here for reference: ------------------------------------------------------------------------------- 5.4. How do I allow selected clients to use this host as a relay? I see that qmail-smtpd rejects messages to any host not listed in control/rcpthosts. Answer: Three steps. First, install tcp-wrappers, available separately, including hosts_options. Second, change your qmail-smtpd line in inetd.conf to smtp stream tcp nowait qmaild /usr/local/bin/tcpd /var/qmail/bin/tcp-env /var/qmail/bin/qmail-smtpd (all on one line) and give inetd a HUP. Third, in tcpd's hosts.allow, make a line setting the environment variable RELAYCLIENT to the empty string for the selected clients: tcp-env: 1.2.3.4, 1.2.3.5: setenv = RELAYCLIENT Here 1.2.3.4 and 1.2.3.5 are the clients' IP addresses. qmail-smtpd ignores control/rcpthosts when RELAYCLIENT is set. (It also appends RELAYCLIENT to each envelope recipient address. See question 5.5 for an application.) -------------------------------------------------------------------------------- I found a message in the mail archives that says that removing rcpthosts will open up the machine, but this is of course not a solution. I moved rcpthosts as a test, and all messages are delivered properly. My /etc/inetd.conf line reads: smtp stream tcp nowait qmaild /usr/sbin/tcpd /var/qmail/bin/tcp-env /var/qmail/bin/qmail-smtpd and my /etc/hosts.allow line reads: tcp-env: 209.218.13.127: setenv = RELAYCLIENT 209.218.13.127 is the ip address of my linux box here at home, behind which my Windows box running Eudora (crash.domain.com) lives. Looking at tcpdmatch, I can't understand why this is being declined: [root@sonata tcp_wrappers_7.6]# /usr/sbin/tcpdmatch -d tcp-env 209.218.13.127 client: address 209.218.13.127 server: process tcp-env access: granted Let's see if I understand what you are doing. You have a machine which I will call mail.domain.org. You have setup qmail as the MTA. If you use a program on that machine to send mail from [EMAIL PROTECTED] to [EMAIL PROTECTED], it works. If you go over to otherDomain.com and send mail to [EMAIL PROTECTED], it gets delivered. Correct so far? This is correct. Now you take a windows box, crash.otherDomain.com, and you configure Eudora to get mail from mail.domain.org through POP3, and to use [EMAIL PROTECTED] as the sender, and that mail.domain.org will be your SMTP host. This doesn't work. Right? I can pop mail off the server using the [EMAIL PROTECTED] account just fine with Eudora. Mail sent to any valid address in domain.org is delivered properly. The problem comes in sending mail to any domain not listed in control/rcpthosts from any @domain.org account, when the mail originates from the Windows box. mail.domain.org refuses to accept the message for delivery with the mentioned error. ( Here's a handy chart in case anyone is having a problem following that mess: The domain other.com is in control/rcpthosts. The domain other2.com is not. Originating Machine Sender Recipient Result mail.domain.org [EMAIL PROTECTED] [EMAIL PROTECTED] success mail.domain.org [EMAIL PROTECTED] [EMAIL PROTECTED] success mail.domain.org [EMAIL PROTECTED] [EMAIL PROTECTED] success crash.other.com [EMAIL PROTECTED] [EMAIL PROTECTED] success crash.domain.org [EMAIL PROTECTED] [EMAIL PROTECTED] success crash.domain.org [EMAIL PROTECTED] [EMAIL PROTECTED] success crash.domain.org [EMAIL PROTECTED] [EMAIL PROTECTED] failure ) Things to note: 1. qmail does not include a POP3 or IMAP daemon. Tell qmail to use mailboxes instead of maildirs and use any daemon, or let qmail use maildirs and get a POP3 or IMAP daemon that understands them. I'm running the qmail-pop3d daemon, and it appears to be working fine. 2. qmail doesn't want to be insecure out of the box, so it doesn't allow relaying. What you want is to set up relaying for the relevant external boxes that you want to use mail.baldmonkey.org as their smarthost. That's what I think I'm doing by adding that odd line to /etc/hosts_allow. I'm referencing question 5.4 in the FAQ, which seems to address my problem. I think that the problem might be that I don't have hosts_options enabled in my tcp-wrappers. I'm running a 7.6 RedHat RPM, and I don't know if hosts_options is enabled or not. I'm assuming that it is not, based on the docs in the source distribution. Unfortunately. I can't get version 7.5 to compile, and I can't find version 8. This is the error that I get after running 'make linux' on the 7.6 dist: -DBROKEN_SO_LINGER -Dvsyslog=myvsyslog -DALWAYS_HOSTNAME -c diag.c cc -O -DFACILITY=LOG_MAIL -DHOSTS_ACCESS -DPARANOID -DGETPEERNAME_BUG -DBROKEN_FGETS -DLIBC_ CALLS_STRTOK -DDAEMON_UMASK=022 -DREAL_DAEMON_DIR=\"/usr/sbin\" -DPROCESS_OPTIONS -DSEVERITY=LOG_ INFO -DRFC931_TIMEOUT=10 -DHOSTS_DENY=\"/etc/hosts.deny\" -DHOSTS_ALLOW=\"/etc/hosts.allow\" -DBROKEN_SO_LINGER -Dvsyslog=myvsyslog -DALWAYS_HOSTNAME -c percent_m.c percent_m.c:17: conflicting types for `sys_errlist' /usr/include/stdio.h:553: previous declaration of `sys_errlist' make[1]: *** [percent_m.o] Error 1 make[1]: Leaving directory `/usr/local/src/tcp_wrappers_7.6' make: *** [linux] Error 2 That's everything. I again apologize for the length of the post, but I wanted to include every snippet of information that I have so far. I've just subscribed to the list, so if anyone who replies could be so kind as to cc me so I don't miss any messages, I'd appreciate it. Many thanks, Todd Finney