Re: Can't stop open relay
"John Kuhn" <[EMAIL PROTECTED]> wrote: >Can you people please stop sending me "you didn't read the docs" email.. I >DID.. if I didn't I probably would have never got qmail up and running in >the first place.. Then either you didn't read the right docs or you didn't understand them. >I'm am whole heartly sorry for being confused about >something and asking for a little help.. There's no need to apologize for being confused. Just take a couple deep breaths, calm down, and study: http://www.lifewithqmail.org/lwq.html#relaying If it doesn't make sense, ask some specific questions about the bits you don't get. -Dave
Re: Can't stop open relay
I did have rcpthosts set.. but I was under the impression that I could secure my server with just tcp.smtp alone.. I was wrong.. I am sorry > Exception: If the environment variable RELAYCLIENT is set, > qmail-smtpd will ignore rcpthosts, and will append the value > of RELAYCLIENT to each incoming recipient address. Can you people please stop sending me "you didn't read the docs" email.. I DID.. if I didn't I probably would have never got qmail up and running in the first place.. I'm am whole heartly sorry for being confused about something and asking for a little help.. John Kuhn
Re: Can't stop open relay
John Kuhn <[EMAIL PROTECTED]> wrote: > > can you explain this.. the docs state that by default qmail will not relay > to anyone not in /etc/tcp.smtp No, the documentation states that qmail will not relay if you populate /var/qmail/control/rcpthosts properly. The possible setting of the RELAYCLIENT environment variable through tcpserver can then be used to override this mechanism for particular hosts if desired. > now that I do have my domain into rcpthosts it is the only way it will stop > the open relay behavior because the server responds with "domain not in my > rcpthosts" which is fine because I can bypass this with adding people to my > tcp.smtp file > > this is how it's supposed to work? Yes. rcpthosts specifies what domains you are responsible for mail for (local domains, virtual domains, plus any domains for which you are a secondary MX). RELAYCLIENT lets you specify particular hosts in your network for which you wish to act as a relay or smarthost. Charles -- --- Charles Cazabon<[EMAIL PROTECTED]> GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ Any opinions expressed are just that -- my opinions. ---
Re: Can't stop open relay
On Wed, May 16, 2001 at 10:44:04AM -0400, John Kuhn wrote: > can you explain this.. the docs state that by default qmail will not relay > to anyone not in /etc/tcp.smtp ...as long as a rcpthosts file is existant, yes. > now that I do have my domain into rcpthosts it is the only way it will stop > the open relay behavior because the server responds with "domain not in my > rcpthosts" which is fine because I can bypass this with adding people to my > tcp.smtp file > > this is how it's supposed to work? Absolutely. -- * Henning Brauer, [EMAIL PROTECTED], http://www.bsws.de * * Roedingsmarkt 14, 20459 Hamburg, Germany * Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie)
Re: Can't stop open relay
From: "John Kuhn" <[EMAIL PROTECTED]> > the problem > it's seems no matter what I put in /etc/tcp.smtp anyone can relay mail off > my server it will not deny anyone I've taken everything out besides the > localhost address and recompiled with tcprules Once I forgot to run ./config-fast FQDN in the qmail source dir after make; make setup check Did you? Hope that helped. Rick Up
Re: Can't stop open relay
On Wed, May 16, 2001 at 10:03:50AM -0400, John Kuhn wrote: > I've managed compile and setup Qmail along with courier thanks to the > fabulous docs and howto's on it.. but I'm running into a fairly serious > problem here.. I suspect that you haven't really read them too well... > > the problem > it's seems no matter what I put in /etc/tcp.smtp anyone can relay mail off > my server it will not deny anyone I've taken everything out besides the > localhost address and recompiled with tcprules > > 127.0.0.1:allow,RELAYCLIENT="" > :allow > > compile it.. restart qmail.. and it's still an open relay.. people from any > network can bounce email off me.. the only way I can stop it is to add my > domain to /var/qmail/rcpthosts which will then bounce any email not sent to > my domain. Can you tell us why, precisely, populating rcpthosts is a problem? That is the way it is supposed to be configured. From 'man qmail-smtpd': rcpthosts Allowed RCPT domains. If rcpthosts is supplied, qmail-smtpd will reject any envelope recipient address with a domain not listed in rcpthosts. Exception: If the environment variable RELAYCLIENT is set, qmail-smtpd will ignore rcpthosts, and will append the value of RELAYCLIENT to each incoming recipient address. You _must_ populate rcpthosts. P.S. If the documents you have read do not state that populating rcpthosts is a requirement, please point them out to me, or the list, so that I/we can tell the whole world to stay away from them. -- Greg White Those who make peaceful revolution impossible will make violent revolution inevitable. -- John F. Kennedy
Re: Can't stop open relay
> How did you follow docs without having your domain in rcpthosts? > It -should- be there. I worded that incorrectly.. it was in there.. > The fact that it wasn't there caused your open relay behavior. > > AFTER you add your domain to rcpthosts, add your networks back > into /etc/tcp.smtp with the RELAYCLIENT envrionment variable set. can you explain this.. the docs state that by default qmail will not relay to anyone not in /etc/tcp.smtp but it does.. all I have is my localhost line in /etc/tcp.smtp.. now if I try to send from another network the mail server should respond with "this server does not allow relaying to this host" or something similar.. it doesn't, it just relays.. now that I do have my domain into rcpthosts it is the only way it will stop the open relay behavior because the server responds with "domain not in my rcpthosts" which is fine because I can bypass this with adding people to my tcp.smtp file this is how it's supposed to work? > This is -definitely- in the docs. sorry I did read the docs and just needed something cleared up thanks for the reply John Kuhn
Re: Can't stop open relay
John Kuhn <[EMAIL PROTECTED]> wrote: > > the problem > it's seems no matter what I put in /etc/tcp.smtp anyone can relay mail off > my server it will not deny anyone I've taken everything out besides the > localhost address and recompiled with tcprules > > 127.0.0.1:allow,RELAYCLIENT="" > :allow Do you have a /var/qmail/control/rcpthosts file? What's in it? Post the complete, unedited output of `qmail-showctl`. Charles -- --- Charles Cazabon<[EMAIL PROTECTED]> GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ Any opinions expressed are just that -- my opinions. ---
Can't stop open relay
I've managed compile and setup Qmail along with courier thanks to the fabulous docs and howto's on it.. but I'm running into a fairly serious problem here.. some background I run a Debian box behind a DSL router on a NAT setup which works as a local mail server for my office.. some are allowed acsess to send outer office email and some are restricted to inner office only the problem it's seems no matter what I put in /etc/tcp.smtp anyone can relay mail off my server it will not deny anyone I've taken everything out besides the localhost address and recompiled with tcprules 127.0.0.1:allow,RELAYCLIENT="" :allow compile it.. restart qmail.. and it's still an open relay.. people from any network can bounce email off me.. the only way I can stop it is to add my domain to /var/qmail/rcpthosts which will then bounce any email not sent to my domain. I also start qmail with this line /usr/bin/tcpserver -- \ -u `id -u qmaild` -R -g `id -g nobody` -x /etc/tcp.smtp.cdb 0 smtp \ /usr/sbin/qmail-smtpd 2>&1 | $logger -t qmail -p mail.notice &" the only thing I added here was the -R to shut off ident service (thanks to the million people on this mailing list to answer that for me :) thanks to anyone with some insite on this.. John Kuhn
