Can't stop open relay
I've managed compile and setup Qmail along with courier thanks to the fabulous docs and howto's on it.. but I'm running into a fairly serious problem here.. some background I run a Debian box behind a DSL router on a NAT setup which works as a local mail server for my office.. some are allowed acsess to send outer office email and some are restricted to inner office only the problem it's seems no matter what I put in /etc/tcp.smtp anyone can relay mail off my server it will not deny anyone I've taken everything out besides the localhost address and recompiled with tcprules 127.0.0.1:allow,RELAYCLIENT="" :allow compile it.. restart qmail.. and it's still an open relay.. people from any network can bounce email off me.. the only way I can stop it is to add my domain to /var/qmail/rcpthosts which will then bounce any email not sent to my domain. I also start qmail with this line /usr/bin/tcpserver -- \ -u `id -u qmaild` -R -g `id -g nobody` -x /etc/tcp.smtp.cdb 0 smtp \ /usr/sbin/qmail-smtpd 2>&1 | $logger -t qmail -p mail.notice &" the only thing I added here was the -R to shut off ident service (thanks to the million people on this mailing list to answer that for me :) thanks to anyone with some insite on this.. John Kuhn
Re: Can't stop open relay
> How did you follow docs without having your domain in rcpthosts? > It -should- be there. I worded that incorrectly.. it was in there.. > The fact that it wasn't there caused your open relay behavior. > > AFTER you add your domain to rcpthosts, add your networks back > into /etc/tcp.smtp with the RELAYCLIENT envrionment variable set. can you explain this.. the docs state that by default qmail will not relay to anyone not in /etc/tcp.smtp but it does.. all I have is my localhost line in /etc/tcp.smtp.. now if I try to send from another network the mail server should respond with "this server does not allow relaying to this host" or something similar.. it doesn't, it just relays.. now that I do have my domain into rcpthosts it is the only way it will stop the open relay behavior because the server responds with "domain not in my rcpthosts" which is fine because I can bypass this with adding people to my tcp.smtp file this is how it's supposed to work? > This is -definitely- in the docs. sorry I did read the docs and just needed something cleared up thanks for the reply John Kuhn
Re: Can't stop open relay
I did have rcpthosts set.. but I was under the impression that I could secure my server with just tcp.smtp alone.. I was wrong.. I am sorry > Exception: If the environment variable RELAYCLIENT is set, > qmail-smtpd will ignore rcpthosts, and will append the value > of RELAYCLIENT to each incoming recipient address. Can you people please stop sending me "you didn't read the docs" email.. I DID.. if I didn't I probably would have never got qmail up and running in the first place.. I'm am whole heartly sorry for being confused about something and asking for a little help.. John Kuhn