On Thu, Jul 12, 2001 at 06:01:10PM -0300, Renato Dobelin wrote:
> Olá for all,
> I looked for of some forms to prevent leaving the qmail with the opened Relay, used
>patch of the Mrs. Brisby's to legalize the together smtp with the RPM of the qmail of
>Bruce Guenter (obviously I created a new package RPM), but exactly thus the qmail
>still was disapproved in the test with the " telnet relay-test.mail-abuse.org ", the
>Wildmat I I did not obtain to make to function in my system, I decided to look at
>qmail-smtpd.c inside and to look a reply of as to prevent the not authorized Relay
>and found the function "smtp_rcpt(arg)" and includes the following strings:
>
> void smtp_rcpt(arg) char *arg; {
>
> int x=0; /* new code
> for(x=0; arg[x]!=0; x++) if ((arg[x]==37) || (arg[x]==34) || (arg[x]==91) ||
>(arg[x]==33)) { err_syntax(); return; } */new code
> if (!seenmail) { err_wantmail(); return; }
> if (!addrparse(arg)) { err_syntax(); return; }
> if (flagbarf) { err_bmf(); return; }
> if (relayclient) {
> --addr.len;
> if (!stralloc_cats(&addr,relayclient)) die_nomem();
> if (!stralloc_0(&addr)) die_nomem();
> }
> ...
>
> After to compile the qmail and to restart the job again, I run the " telnet again
>relay-test.mail-abuse.org " and now it passed in all the tests. The code looks for
>the characters ",[,!,% in rcpt.
> I am not programmer and therefore I was with the following one doubts: It will be
>that I will have problems with emails we legitimos with this alteration?
>
> Renato Dobelin
I cannot see that it would be a problem, unless legtimate mail actually
used some of these characters (which most does not, precisely because of
sendmail's dirty UUCP hacks ;) ). You may have a problem with refusing
mail to postmaster@[your.ip.add.ress], which IIRC is an RFC requirement.
You're also trying to solve a problem that doesn't exist -- qmail will
_never_ deliver mail differently because of a bangpath style address
'!', nor will it relay for '%', unless you specifically tell it to. Try
to actually relay mail using any of the methods that are reported to
'fail' -- you cannot, unless you've configured percenthack, or set
RELAYCLIENT for the connecting IP address. Period. Accepting these
characters in an SMTP conversation _does not_ allow relay.
--
Greg White
