Re: rcpthosts

[Jason Brooke]

In your qmail src tree there's a file called FAQ. It tells you how to
allow certain hosts to relay mail through your server.

jason


- Original Message -
From: "Stano Paška" <[EMAIL PROTECTED]>
To: "qmail konferencia" <[EMAIL PROTECTED]>
Sent: Wednesday, September 13, 2000 5:54 PM
Subject: rcpthosts


I receive this error message (from Outlook Express):

The message could not be sent because one of the recipients was rejected
by the server. The rejected e-mail address was '[EMAIL PROTECTED]'. Subject
'spoj-von', Account: 'paska@spoj', Server: 'linuxsps.spoj.army.sk',
Protocol: SMTP, Server Response: '553 sorry, that domain isn't in my
list of allowed rcpthosts (#5.7.1)', Port: 25, Secure(SSL): No, Server
Error: 553, Error Number: 0x800CCC79

I want send mail everywhere.
I have listed some domains in rcpthosts.
But it is stupid add in rcpthosts ALL domains in world... (.com, .edu,
.org, .net, .sk, )
What I must type in rcpthosts (some widcards)?


Stano.

Re: rcpthosts

[wolfgang zeikat]

rcpthosts only lists the domains that your server accepts mail for (to
deliver it to the user for example) ... to reach other domains, you use
relaying.

for more info see:
http://www.palomine.net/qmail/relaying.html
http://cr.yp.to/qmail/faq/servers.html#authorized-relay
http://Web.InfoAve.Net/~dsill/lwq.html#relaying

cheers
wolfgang

Also sprach Stano Pa9ka <[EMAIL PROTECTED]> on 13.09.2000:

I receive this error message (from Outlook Express):

The message could not be sent because one of the recipients was rejected
by the server. The rejected e-mail address was '[EMAIL PROTECTED]'. Subject
'spoj-von', Account: 'paska@spoj', Server: 'linuxsps.spoj.army.sk',
Protocol: SMTP, Server Response: '553 sorry, that domain isn't in my list
of allowed rcpthosts (#5.7.1)', Port: 25, Secure(SSL): No, Server Error:
553, Error Number: 0x800CCC79

I want send mail everywhere.
I have listed some domains in rcpthosts.
But it is stupid add in rcpthosts ALL domains in world... (.com, .edu,
.org, .net, .sk, )
What I must type in rcpthosts (some widcards)?


Stano.

Re: rcpthosts

[Frank Tegtmeyer]

> I have listed some domains in rcpthosts.
> But it is stupid add in rcpthosts ALL domains in world... (.com, .edu, .org, .net, 
>.sk, )
> What I must type in rcpthosts (some widcards)?

No.
You should use tcpserver and set the RELAYCLIENT environment variable. 
This is explained in the FAQ (see 
http://cr.yp.to/qmail/faq/servers.html#authorized-relay )

If your client adresses are dynamically assigned you may use Russell 
Nelsons open-smtp patch for that. You can find it at
http://www.qmail.org/open-smtp4.tar.gz


Eventually look also at 
http://www.palomine.net/qmail/relaying.html

Regards, Frank

Re: rcpthosts

[Justin Bell]

On Fri, Jun 04, 1999 at 05:07:08PM -0400, Robert Schader wrote:
# You would think that the rcpthosts file could serve a better purpose by
# allowing the machines listed in it to send anywhere, instead of any machine
# out on the internet to only send files to the machines in rcpthosts, which
# in the case of the same information being in locals, serves no purpose
# that I can see.
# 

the rcpthosts and locals files are not duplicate information.

If you want to run virtualhosts they must be in the rcpthosts, virtualdomains
files and NOT in locals.

# I do have the info from the FAQ on selectively allowing certain hosts
# to set RELAYHOST and am going to try implementing that, otherwise I am
# going to add the user/password auth patch for qmail-smtpd from nimh.org
# since I ultimately need that for offsite POP access.

the RELAYCLIENT client method is the best way to have local machines use your
host as the SMTP relay.


-- 
/- [EMAIL PROTECTED] --- [EMAIL PROTECTED] -\
|Justin Bell  NIC:JB3084| Time and rules are changing. |
|Pearson| Attention span is quickening.|
|Developer  | Welcome to the Information Age.  |
\ http://www.superlibrary.com/people/justin/ --/

Re: rcpthosts

[Scott Schwartz]

[EMAIL PROTECTED] (Robert Schader) writes:
| It seems to me that the rcpthosts functionality is reversed from what it
| should be. I thought that maybe the functionality I wanted was to be found
| in the locals file, but that seems to control what machines qmail will
| accept mail for and hold locally. Following what appears to be the noted
| practice of duplicating this in the rcpthosts file, I assumed this would
| allow any of the machines in rcpthosts to relay through qmail anywhere they
| wanted. But it seems the behavior of this file is to only allow me to
| send mail to ONLY the hosts in rcpthosts, so I am stuck in my own little
| domain.

Welcome to the FAQ.

The name "rcpthosts" only makes sense if you think of things in terms
of low level (RFC821) protocol traffic, instead of high level MTA
configuration.  It means, ``accept message only if these domain names
appear in the smtp "rcpt to" command, whatever that is.''

In other words, it's real function is to define what we mean by ``don't
let smtp input simultaneously be smtp output.''

| You would think that the rcpthosts file could serve a better purpose by
| allowing the machines listed in it to send anywhere,

Some other file has that job.

| instead of any machine
| out on the internet to only send files to the machines in rcpthosts, which
| in the case of the same information being in locals, serves no purpose
| that I can see.

The reason for the two files is that they will be different if you
decide to relay mail for some non-local third party, or if you have
some virtual domains.  Sometimes people want to do that.

But you have a point.  99% of the time rcpthosts is purely redundant,
and qmail should just use the contents of locals and virtualdomains
instead.  Unfortunately, a nonexistent rcpthosts file turns on
pro-spam-mode, instead of sensible-default-mode.

Re: rcpthosts

[Robert Schader]

apis wrote:
> 
> o Have you looked at Postfix?
> 
> http://www.postfix.org
> 
> o Very nifty and easy to install as it is more *sendmail*
> 
> replaceable without worrying much about changes in mail system as
> 
> Qmail requires.
> 
> Apis
> 

Well, yes, I did look at Postfix and opted for qmail based on
other user's opinions. Qmail's control files are pretty nice
once you get used to them. Also, I have already have qmail
completely ready to go except for this one issue, which I
have managed to find the following solution to:

I did find a patch that let's me easily do what I wanted to
accomplish. It was by Chris Johnson, and controls relaying based
on the envelope sender's address, found at:
http://www.palomine.net/qmail/relaymailfrom.html
Granted, it is not the most secure option, but I tried a few
of the other similar user contribs, and they either failed to
work for me, or they just seemed too complicated. They were:
1. Mrs. Brisby's user/passwd auth for qmail-smtpd. Could not get
this to work at all. Followed her pages directions perfectly, as
far as they went.
2. David Harris's "smtp-poplock". This one just seemed to complicated
for me at the moment. It expects qpopup entries to be logged
somehow but failed to mention in any way I could find how to turn
on this logging and I could find no mention in the qmail docs of
how to log POP authentications. A quick check also revealed that
no logging was occuring for POPd as a default. No mention is made
in his docs to either splogger and I am not running yet with
tcpwrappers (or tcpserver) or the daemontools package.

I did download some of the others, such as open-smtp, but have 
not had a chance yet to check them out.

Bob Schader

Re: rcpthosts

[Chris Johnson]

On Wed, Mar 10, 1999 at 03:25:18PM -0500, MountaiNet Tech Support wrote:
> I recently setup a new mail server using qmail but am having a few problems
> with my rcpthosts file.  The machine is named edwin.mounet.com.  It needs
> to receive mail for mounet.com so I added the MX record to point to
> edwin.mounet.com.  mounet.com is also a CNAME for edwin.mounet.com.  Does
> mounet.com need to be in rcpthosts also or just edwin.mounet.com?  Some of
> our users are having problems sending to a few domains, if this file was
> setup wrong could that coz the problem?  Also several people are asking why
> their e-mail appears as [EMAIL PROTECTED] when they send, what can I do
> to resolve this?  Thanks for your help

Remove the CNAME record for mounet.com that points to edwin.mounet.com. That
hides the MX record, and MTAs will (might?) rewrite [EMAIL PROTECTED] to
[EMAIL PROTECTED]

Make the CNAME record an A record.

Chris

Re: Rcpthosts

[Sam]

Michael Bryan writes:

> <[EMAIL PROTECTED]>:
> 208.15.106.2 does not like recipient.
> Remote host said: 553 sorry, that domain isn't in my list of allowed
> rcpthosts (#5.7.1)
> Giving up on 208.15.106.2.
> 
> All the tcp stuff is correct.  And, I can actually send mail to virtual
> addresses from that machine (via pine, or Web-Based Programs)
> 
> So where do I look?  rcpthosts,virtualdomains,locals all look good.

You look into the manual page for qmail-smtpd, which explains how
qmail-smtpd uses rcpthosts, and how it uses the RELAYCLIENT environment
variable.  Together with the knowledge of what your IP addresses are, this
information is sufficient to be able to set up controlled relaying in your
domain.

-- 
Sam

Re: Rcpthosts

[Michael Bryan]

Sam wrote:
> 
> Michael Bryan writes:
> 
> > <[EMAIL PROTECTED]>:
> > 208.15.106.2 does not like recipient.
> > Remote host said: 553 sorry, that domain isn't in my list of allowed
> > rcpthosts (#5.7.1)
> > Giving up on 208.15.106.2.
> >
> > All the tcp stuff is correct.  And, I can actually send mail to virtual
> > addresses from that machine (via pine, or Web-Based Programs)
> >
> > So where do I look?  rcpthosts,virtualdomains,locals all look good.
> 
> You look into the manual page for qmail-smtpd, which explains how
> qmail-smtpd uses rcpthosts, and how it uses the RELAYCLIENT environment
> variable.  Together with the knowledge of what your IP addresses are, this
> information is sufficient to be able to set up controlled relaying in your
> domain.
> 
> --
> Sam

What I'm saying is that I've looked and looked and looked and can't see
why it's not working.  I've got Qmail running fine on other machines on
different networks with virtual domains and correct relaying. 

What are things that I can check?  I'd be happy to paste the contents of
certain files.

MB
-- 
Michael Bryan
The Radio Cafe, LLC
http://www.radiocafe.com

Re: Rcpthosts

[Sam]

Michael Bryan writes:

> Sam wrote:
> > 
> > Michael Bryan writes:
> > 
> > > <[EMAIL PROTECTED]>:
> > > 208.15.106.2 does not like recipient.
> > > Remote host said: 553 sorry, that domain isn't in my list of allowed
> > > rcpthosts (#5.7.1)
> > > Giving up on 208.15.106.2.
> > >
> > > All the tcp stuff is correct.  And, I can actually send mail to virtual
> > > addresses from that machine (via pine, or Web-Based Programs)
> > >
> > > So where do I look?  rcpthosts,virtualdomains,locals all look good.
> > 
> > You look into the manual page for qmail-smtpd, which explains how
> > qmail-smtpd uses rcpthosts, and how it uses the RELAYCLIENT environment
> > variable.  Together with the knowledge of what your IP addresses are, this
> > information is sufficient to be able to set up controlled relaying in your
> > domain.
> > 
> > --
> > Sam
> 
> What I'm saying is that I've looked and looked and looked and can't see
> why it's not working.  I've got Qmail running fine on other machines on
> different networks with virtual domains and correct relaying. 
> 
> What are things that I can check?  I'd be happy to paste the contents of
> certain files.

You check:

A) The set of IP addresses that you're sending the mail from.
B) The contents of control/rcpthosts.
C) The mechanism by which you're setting the contents of the RELAYCLIENT
environment variable, whether it's accomplished via tcpserver, a shell
script, or by some other means.

Those are the only three factors which affect whether an arbitrary
recipient is accepted by qmail-smtpd.  In each case, you declare not only
what you THINK each item of information should be, but also provide some
kind of an independent confirmation -- that you're verifying the contents
of control/rcpthosts on the right machine; by running a trace to yourself
to verify your actual IP address; by temporarily implementing some
debugging code that accurately logs the contents of the environment just
prior to qmail-smtpd being invoked, etc...

-- 
Sam

Re: rcpthosts

[Dave Sill]

[EMAIL PROTECTED] wrote:
>
>Ok, I sort of asked this question before, but I'm going to try again, this
>time with a little more info.

Good idea. :-)

>I try to use fetchmail to download mail from another server. While running
>fetchmail, it dies saying "fetchmail: can't even send to user!" (user
>being whoever I'm logged in as. Later, I received an email to my localhost
>from the "fetchmail-daemon" saying "Some addresses were rejected by the
>MDA fetchmail sends to" with a Diagnostic-Code: user: 533 sorry, that
>domain isn't in my list of allowed rcpthosts (#5.7.1).
>
>What do I need to do to get around this?

You still haven't given enough information. What's in rcphosts,
locals, and your .fetchmailrc (less passwords, of course)? How about a 
sample of one of those fetchmail-daemon bounces, including the
complete header?

-Dave

Re: rcpthosts

[Chris Johnson]

On Wed, May 12, 1999 at 12:41:48PM -0500, [EMAIL PROTECTED] wrote:
> 
> Ok, I sort of asked this question before, but I'm going to try again, this
> time with a little more info.
> 
> I try to use fetchmail to download mail from another server. While running
> fetchmail, it dies saying "fetchmail: can't even send to user!" (user
> being whoever I'm logged in as. Later, I received an email to my localhost
> from the "fetchmail-daemon" saying "Some addresses were rejected by the
> MDA fetchmail sends to" with a Diagnostic-Code: user: 533 sorry, that
> domain isn't in my list of allowed rcpthosts (#5.7.1).
> 
> What do I need to do to get around this?

Put the domain in your list of allowed rcpthosts. By not including your own
domain name in rcpthosts, you're telling qmail-smtpd that you don't want to
receive mail addressed to addresses in your domain.

Chris

RE: rcpthosts

[Wilson Fletcher]

There is a Newbie's guide to relaying that answers questions relating to this problem. 
All people with the rcpthosts problem should read it.

http://www.palomine.net/qmail/relaying.html

Also FAQ point #5.4 is most important for using tcp-wrappers and inetd

On Wednesday, May 12, 1999 6:09 PM, Dave Sill [SMTP:[EMAIL PROTECTED]] wrote:
> [EMAIL PROTECTED] wrote:
> >
> >Ok, I sort of asked this question before, but I'm going to try again, this
> >time with a little more info.
> 
> Good idea. :-)
> 
> >I try to use fetchmail to download mail from another server. While running
> >fetchmail, it dies saying "fetchmail: can't even send to user!" (user
> >being whoever I'm logged in as. Later, I received an email to my localhost
> >from the "fetchmail-daemon" saying "Some addresses were rejected by the
> >MDA fetchmail sends to" with a Diagnostic-Code: user: 533 sorry, that
> >domain isn't in my list of allowed rcpthosts (#5.7.1).
> >
> >What do I need to do to get around this?
> 
> You still haven't given enough information. What's in rcphosts,
> locals, and your .fetchmailrc (less passwords, of course)? How about a 
> sample of one of those fetchmail-daemon bounces, including the
> complete header?
> 
> -Dave

Re: rcpthosts

[Kai MacTane]

At 10:24 PM 10/26/99 +0200, you wrote:
>
>blame me, flame me, but i don't understand it:
>i am running a qmail server and i have to relay for our customers.

You might want to look at Russ Nelson's open-SMTP or similar things on the
qmail.org page. These are add-ons to Qmail that allow it to relay for
selected IP addresses after they've authenticated themselves (generally via
POP3).

>a mail that i sent from a remote (relayed) site produced:
>Oct 26 21:42:58 mail qmail: 940966978.193101 delivery 2: failure:
>Sorry,_I_couldn't_find_any_host_named_vav.at?._(#5.1.2)/
>
>'dig vav.at mx' on my mailserver showed correct mx for vav.at, so it is not
>a nameserver related problem.

Yes, but the error says it was looking for a "host named vav.at?". The
question mark character "?" is not valid in DNS names.

I think the test mail was improperly addressed.

-
 Kai MacTane
 System Administrator
  Online Partners.com, Inc.
-
>From the Jargon File: (v4.0.0, 25 Jul 1996)

angry fruit salad /n./ 

A bad visual-interface design that uses too many colors. (This term
derives, of course, from the bizarre day-glo colors found in canned
fruit salad.)

RE: rcpthosts

[Vince Vielhaber]

On 26-Oct-99 Alexander Jernejcic wrote:
> hi there,
> blame me, flame me, but i don't understand it:
> i am running a qmail server and i have to relay for our customers.
> so i set up tcp.smtp (yes, i did the tcprules thing) and put the
> virtual domains in rcpthosts following LWQ.
> after that, no host other than in rcpthosts was reachable.
> a mail that i sent from a remote (relayed) site produced:
> Oct 26 21:42:58 mail qmail: 940966978.193101 delivery 2: failure:
> Sorry,_I_couldn't_find_any_host_named_vav.at?._(#5.1.2)/
> 
> 'dig vav.at mx' on my mailserver showed correct mx for vav.at, so it is not
> a nameserver related problem.
> 
> removing rcpthosts everything is running smoothly but now i am an open
> relay, what i don't really want to.
> 
> what am i doing wrong - and - excuse my english...

Before tcprules, what did the contents of tcp.smtp look like?  How are
you starting qmail-smtpd (what's the EXACT command line)?  Have you 
applied ANY patches to qmail?   Did you install from an RPM or from the
sources?

Vince.
-- 
==
Vince Vielhaber -- KA8CSH   email: [EMAIL PROTECTED]   flame-mail: /dev/null
  # includeHave you seen http://www.pop4.net?
Online Campground Directoryhttp://www.camping-usa.com
   Online Giftshop Superstorehttp://www.cloudninegifts.com
==

Re: rcpthosts

[martin]

Jim,

Is this machine accessible via The Net, or is it behind a firewall?

If it's behind the firewall, you are set.  Just open the darned thing
up, and be done with it.

If this is available from The [evil] Net, and you don't want to relay
for the world, you can do two things.

Option 1
==
Use a different port (port 444 instead of port 25), but have the
qmail-smtpd that runs on that port accept and relay any mail--this
falls into the security through obscurity ballgame, and will be frowned
upon by most qmail-list folks (and I wouldn't recommend, although you
could do this)

So, you create this line in inetd.conf:

444stream  tcp nowait  root/tmp/relay-kludge.sh

and create this file (/tmp/relay-kludge.sh) with 755 perms (or something
more restrictive):

#!/bin/sh
#
#
export RELAYCLIENT=""
 
/var/qmail/bin/qmail-smtpd   


And you tell your users to use that port (444) for all of their SMTP
sessions.

or

Option 2

You can run ucspi, which has built-in support for IP-based selective
relaying.


Perhaps you wish not to "complicate" things by running ucspi, but I
believe quite strongly that it is the best solution in this regard. 
This will also allow you to have finely grained control over what other
IPs are allowed to relay through your machine, not only your users, but
also.a friend who has a static IP, let's sayor maybe you are on
the road one day, and you need to allow yourself an "open relay"you
could shell in and make the change, and then you have a relay

It's really not a great deal more work to install the ucspi package,
and it works with qmail (and a dozen other programs) so very well, that
it's worth the effort to install and configure it.  (Frankly for me,
it's not about load/concurrency, but configurabilitythat's why I
prefer tcpserver--part of the ucspi package--so much.)

If you'd like some example lines, or an introduction to tcpserver,
respond to me off the list, and I'll give you a few pointers.

-Martin

---
On  2 Dec, Jim Hall wrote:
  : My clients are trying to mail outside the LAN, and receiving an 553 error
  : "im sorry that domain isnt in my list of rcpthosts".
  : 
  : is there any way to allow my clients to mail anyone outside my LAN without
  : running ucspi-tcp? I only have 6 clients, and do not have high loads, so im
  : sure inetd can handle the process.
  : 
  : Thanks in advance,
  : Jim
  : 

-- 
Martin A. Brown --- SecurePipe Communications --- [EMAIL PROTECTED]

Re: rcpthosts

[Shawn P. Stanley]

I have a similar question, but perhaps the answer is not so easy.

I use ucspi with great success, but I have a user whose ISP is a university,
and I'm not sure I want to open up access to the university's entire subnet.
However, the user gets a dynamic IP every time he connects.  How can I allow
him SMTP access without opening the door to the entire university?  Granted,
the chance that the university students are spammers looking for open relay
servers is small, but I'd like to avoid taking that chance if I can.

- Original Message -
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Thursday, December 02, 1999 9:52 PM
Subject: Re: rcpthosts


> Jim,
>
> Is this machine accessible via The Net, or is it behind a firewall?
>
> If it's behind the firewall, you are set.  Just open the darned thing
> up, and be done with it.
>
> If this is available from The [evil] Net, and you don't want to relay
> for the world, you can do two things.
>
> Option 1
> ==
> Use a different port (port 444 instead of port 25), but have the
> qmail-smtpd that runs on that port accept and relay any mail--this
> falls into the security through obscurity ballgame, and will be frowned
> upon by most qmail-list folks (and I wouldn't recommend, although you
> could do this)
>
> So, you create this line in inetd.conf:
>
> 444stream  tcp nowait  root/tmp/relay-kludge.sh
>
> and create this file (/tmp/relay-kludge.sh) with 755 perms (or something
> more restrictive):
>
> #!/bin/sh
> #
> #
> export RELAYCLIENT=""
>
> /var/qmail/bin/qmail-smtpd
>
>
> And you tell your users to use that port (444) for all of their SMTP
> sessions.
>
> or
>
> Option 2
> 
> You can run ucspi, which has built-in support for IP-based selective
> relaying.
>
>
> Perhaps you wish not to "complicate" things by running ucspi, but I
> believe quite strongly that it is the best solution in this regard.
> This will also allow you to have finely grained control over what other
> IPs are allowed to relay through your machine, not only your users, but
> also.a friend who has a static IP, let's sayor maybe you are on
> the road one day, and you need to allow yourself an "open relay"you
> could shell in and make the change, and then you have a relay
>
> It's really not a great deal more work to install the ucspi package,
> and it works with qmail (and a dozen other programs) so very well, that
> it's worth the effort to install and configure it.  (Frankly for me,
> it's not about load/concurrency, but configurabilitythat's why I
> prefer tcpserver--part of the ucspi package--so much.)
>
> If you'd like some example lines, or an introduction to tcpserver,
> respond to me off the list, and I'll give you a few pointers.
>
> -Martin
>
> ---
> On  2 Dec, Jim Hall wrote:
>   : My clients are trying to mail outside the LAN, and receiving an 553
error
>   : "im sorry that domain isnt in my list of rcpthosts".
>   :
>   : is there any way to allow my clients to mail anyone outside my LAN
without
>   : running ucspi-tcp? I only have 6 clients, and do not have high loads,
so im
>   : sure inetd can handle the process.
>   :
>   : Thanks in advance,
>   : Jim
>   :
>
> --
> Martin A. Brown --- SecurePipe Communications --- [EMAIL PROTECTED]
>

Re: rcpthosts

[martin]

Shawn,

Well, in that case, I'd recommend you try using relay-ctrl-allow (and
the companion package relay-ctrl-age).  Together, these two allow you
to authenticate a user (e.g., via POP3), and then include the
dynamically assigned IP address in the list of "OK to relay" hosts.

The relay-ctrl-allow package takes care of adding the
(just-authenticated) user to the appropriate CDB which tcpserver checks
before passing the SMTP connection to qmail-smtp.  This is where the
modular beauty of tcpserver +  + relay-ctrl-allow +
qmail-pop3d, really shines.

This is an excellent way to allow people to use your SMTP server as a
relay, but to retain control of the relaying.  In other words, you have
to authenticate via POP3 before you are allowed to relay.  (That send
and receive button just came in handy, eh?)

It may take some digging around to find some good examples of
relay-ctrl-allow and relay-ctrl-age scripts, but I'm sure there are
others on the list who would be glad to help with that...you should be
able to find exactly what you are looking for in Bruce Guenter's RPMS,
which you should be able to locate somewhere from http://www.qmail.org/.

Good luck,

-Martin

On  2 Dec, Shawn P. Stanley wrote:
  : I have a similar question, but perhaps the answer is not so easy.
  : 
  : I use ucspi with great success, but I have a user whose ISP is a university,
  : and I'm not sure I want to open up access to the university's entire subnet.
  : However, the user gets a dynamic IP every time he connects.  How can I allow
  : him SMTP access without opening the door to the entire university?  Granted,
  : the chance that the university students are spammers looking for open relay
  : servers is small, but I'd like to avoid taking that chance if I can.
  : 
  : - Original Message -
  : From: <[EMAIL PROTECTED]>
  : To: <[EMAIL PROTECTED]>
  : Cc: <[EMAIL PROTECTED]>
  : Sent: Thursday, December 02, 1999 9:52 PM
  : Subject: Re: rcpthosts
  : 
  : 



-- 
Martin A. Brown --- SecurePipe Communications --- [EMAIL PROTECTED]

Re: rcpthosts

[Vince Vielhaber]

On Thu, 2 Dec 1999, Shawn P. Stanley wrote:

> I have a similar question, but perhaps the answer is not so easy.
> 
> I use ucspi with great success, but I have a user whose ISP is a university,
> and I'm not sure I want to open up access to the university's entire subnet.
> However, the user gets a dynamic IP every time he connects.  How can I allow
> him SMTP access without opening the door to the entire university?  Granted,
> the chance that the university students are spammers looking for open relay
> servers is small, but I'd like to avoid taking that chance if I can.

Try David Harris' smtp-poplock.  The IP is allowed to relay for a select
period of time after a successful mailcheck via pop3.

Vince.
-- 
==
Vince Vielhaber -- KA8CSH   email: [EMAIL PROTECTED]   flame-mail: /dev/null
  # includeHave you seen http://www.pop4.net?
Online Campground Directoryhttp://www.camping-usa.com
   Online Giftshop Superstorehttp://www.cloudninegifts.com
==

Re: rcpthosts

[Shawn P. Stanley]

Awesome!  This is exactly the type of thing I'm looking for.  Thanks.

- Original Message -
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Thursday, December 02, 1999 10:51 PM
Subject: Re: rcpthosts


> Shawn,
>
> Well, in that case, I'd recommend you try using relay-ctrl-allow (and
> the companion package relay-ctrl-age).  Together, these two allow you
> to authenticate a user (e.g., via POP3), and then include the
> dynamically assigned IP address in the list of "OK to relay" hosts.
>
> The relay-ctrl-allow package takes care of adding the
> (just-authenticated) user to the appropriate CDB which tcpserver checks
> before passing the SMTP connection to qmail-smtp.  This is where the
> modular beauty of tcpserver +  + relay-ctrl-allow +
> qmail-pop3d, really shines.
>
> This is an excellent way to allow people to use your SMTP server as a
> relay, but to retain control of the relaying.  In other words, you have
> to authenticate via POP3 before you are allowed to relay.  (That send
> and receive button just came in handy, eh?)
>
> It may take some digging around to find some good examples of
> relay-ctrl-allow and relay-ctrl-age scripts, but I'm sure there are
> others on the list who would be glad to help with that...you should be
> able to find exactly what you are looking for in Bruce Guenter's RPMS,
> which you should be able to locate somewhere from http://www.qmail.org/.
>
> Good luck,
>
> -Martin
>
> On  2 Dec, Shawn P. Stanley wrote:
>   : I have a similar question, but perhaps the answer is not so easy.
>   :
>   : I use ucspi with great success, but I have a user whose ISP is a
university,
>   : and I'm not sure I want to open up access to the university's entire
subnet.
>   : However, the user gets a dynamic IP every time he connects.  How can I
allow
>   : him SMTP access without opening the door to the entire university?
Granted,
>   : the chance that the university students are spammers looking for open
relay
>   : servers is small, but I'd like to avoid taking that chance if I can.
>   :
>   : - Original Message -
>   : From: <[EMAIL PROTECTED]>
>   : To: <[EMAIL PROTECTED]>
>   : Cc: <[EMAIL PROTECTED]>
>   : Sent: Thursday, December 02, 1999 9:52 PM
>   : Subject: Re: rcpthosts
>   :
>   :
>
> 
>
> --
> Martin A. Brown --- SecurePipe Communications --- [EMAIL PROTECTED]
>

Re: rcpthosts

[Chris Johnson]

On Fri, Feb 04, 2000 at 01:03:00PM -0500, clifford thurber wrote:
> I am trying to configure qmail so that I may send mail from our domain to any
> other domain. Does this require an empty RCPTHOSTS file? I currently have
> .mydomain.com in out rcpthosts file as well as 127.0.0.1. When telnetting to
> port 25 and typing Rcpt To: [EMAIL PROTECTED] I am given the message: 553 sorry,
> that domain isn't in my list of allowed rcpthosts (#5.7.1) which of course
> makes sense. I need to configure qmail so that we may sendmail from our
> machine to any other domain yet make sure that is will not relay form
> spammers etc. Can someone elaborate on the proper entries in to control
> files? Thanks in advance. 

http://www.palomine.net/qmail/selectiverelay.html

Chris

Re: rcpthosts

[Dave Sill]

clifford thurber <[EMAIL PROTECTED]> wrote:

>I am trying to configure qmail so that I may send mail from our domain to
>any other domain. Does this require an empty RCPTHOSTS
>file?

No.

>Can someone elaborate on the
>proper entries in to control files? Thanks in advance. 

See:

  http://Web.InfoAve.Net/~dsill/lwq.html#relaying

-Dave

Re: rcpthosts

[Vince Vielhaber]

On Thu, 15 Jun 2000, Vince wrote:

> 
> why is that i cant send mail if the domain is not listed in the rcpthosts.
> how can i sendmail outside w/o specifying all the active domain. is it
> possible to remove the rcpthosts file?

Do NOT remove rcpthosts.  Bad things will happen.

Take a quick look at this:

ftp://koobera.math.uic.edu/www/qmail/faq/servers.html#authorized-relay

Vince.
-- 
==
Vince Vielhaber -- KA8CSHemail: [EMAIL PROTECTED]http://www.pop4.net
 128K ISDN from $22.00/mo - 56K Dialup from $16.00/mo at Pop4 Networking
Online Campground Directoryhttp://www.camping-usa.com
   Online Giftshop Superstorehttp://www.cloudninegifts.com
==

Re: rcpthosts

[Irwan Hadi]

At 07:07 PM 6/15/00 +0800, Vince wrote:

>why is that i cant send mail if the domain is not listed in the rcpthosts.
>how can i sendmail outside w/o specifying all the active domain. is it
>possible to remove the rcpthosts file?

then your smtp will be open relay ;)
see http://www.palomine.net/qmail/relaying.html

RE: rcpthosts

[Bolivar Diaz Galarza]

See http://www.palomine.net/qmail/relaying.html and
http://www.palomine.net/qmail/selectiverelay.html.

It worked for me

Bolivar,



- Original Message -
From: Irwan Hadi <[EMAIL PROTECTED]>
To: Vince <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Thursday, June 15, 2000 2:05 PM
Subject: Re: rcpthosts


> At 07:07 PM 6/15/00 +0800, Vince wrote:
>
> >why is that i cant send mail if the domain is not listed in the
rcpthosts.
> >how can i sendmail outside w/o specifying all the active domain. is it
> >possible to remove the rcpthosts file?
>
> then your smtp will be open relay ;)
> see http://www.palomine.net/qmail/relaying.html
>
>

Re: rcpthosts

[Irwan Hadi]

At 05:21 PM 6/22/00 -0500, Z wrote:
>does this work with qpopper?  i inplemented the select relay
>and still get the error that it's not in the rcpthosts file...

then you should go to http://www.qmail.org/top.html#addons

RE: rcpthosts

[Brian Sweeney]

Isn't qpopper for pop, not smtp?  Why would the rcpthosts file affect it
then?  In any case, an RCPTHOSTS file error can mean either what it says
(the site ISN'T in the file) or it could mean if your blocking based on IP
addresses that whatever your tcprules.cdb file is isn't setup right.   Make
sure you have your domain in there, and that RELAYCLIENT is set and :allow
is set.

-Original Message-
From: Z [mailto:[EMAIL PROTECTED]]
Sent: Thursday, June 22, 2000 6:21 PM
To: Chris Johnson
Cc: [EMAIL PROTECTED]
Subject: rcpthosts




On Fri, 16 Jun 2000, Chris Johnson wrote:

> On Fri, Jun 16, 2000 at 03:33:20PM -0500, Z wrote:
> > well, what i decided to do was switch to qpopper and use the
> > --enable-home-dir-mail=Mailbox and it worked fine.
> >
> > now one thing that i don't understand is the rcpthosts file.
> > it seems like it would be a file that would decide who gets to use
> > qmail as the SMTP server, but when i try to send a message to somewhere
> > like freak.net, it tells me that the address is not in the rcpthosts
> > file.  so is this to say where you can send to?  do they have something
> > for address that can use the SMTP server?  are they one in the same?
> > i put '.net' in the rcpthosts file and it sent fine.
>
> Don't do that. Read http://www.palomine.net/qmail/relaying.html and
> http://www.palomine.net/qmail/selectiverelay.html instead.
>
> Chris
>

does this work with qpopper?  i inplemented the select relay
and still get the error that it's not in the rcpthosts file...

Re: rcpthosts prob

[Ronny Haryanto]

On 01-Sep-2000, Z wrote:
> i have installed ucspi-tcp and daemontools and my /etc/tcp.smtp
> file looks like this:
> 
> 127.:allow,RELAYCLIENT=""  
> 63.78.138.:allow,RELAYCLIENT="" 
> 64.113.144.:allow,RELAYCLIENT="" 
> 10.1.1.:allow, RELAYCLIENT="" 
> 192.168.1.:allow, RELAYCLIENT=""  
> 
> and i still get the error message that the domain is not in the 
> rcpthosts file and i AM sending from one of the IPs above.  

Have you rebuild the cdb file with tcprules? How do you start your
smtpd? What does the smtpd log says when you connect?

Ronny

Re: rcpthosts prob

[Ben Beuchler]

On Fri, Sep 01, 2000 at 03:23:25PM -0500, Ronny Haryanto wrote:

> Have you rebuild the cdb file with tcprules? How do you start your
> smtpd? What does the smtpd log says when you connect?

And:  What does your tcpserver command line look like?  Have you tried
tcprulescheck?

Ben

-- 
Ben Beuchler [EMAIL PROTECTED]
MAILER-DAEMON (612) 321-9290 x101
Bitstream Underground   www.bitstream.net

Re: rcpthosts prob

[Z]

On Fri, 1 Sep 2000, Ben Beuchler wrote:

> On Fri, Sep 01, 2000 at 03:23:25PM -0500, Ronny Haryanto wrote:
> 
> > Have you rebuild the cdb file with tcprules? How do you start your
> > smtpd? What does the smtpd log says when you connect?
> 
> And:  What does your tcpserver command line look like?  Have you tried
> tcprulescheck?
> 
> Ben
> 
> -- 
> Ben Beuchler [EMAIL PROTECTED]
> MAILER-DAEMON (612) 321-9290 x101
> Bitstream Underground   www.bitstream.net
> 

i'm getting this


[root@proxy control]# tcprulescheck /etc/tcp.smtp.cdb 
default:  
allow connection
[root@proxy control]#

does this mean that it's not working correctly?

i reran:

 tcprules /etc/tcp.smtp.cdb /etc/tcp.smtp.tmp < /etc/tcp.smtp

and got:

[root@proxy control]# tcprulescheck /etc/tcp.smtp.cdb 
rule :  
allow connection
[root@proxy control]#

so what am i missing?

Re: rcpthosts prob

[Stephen Bosch]

> i'm getting this
> 
> [root@proxy control]# tcprulescheck /etc/tcp.smtp.cdb
> default:
> allow connection
> [root@proxy control]#
> 
> does this mean that it's not working correctly?
> 
> i reran:
> 
>  tcprules /etc/tcp.smtp.cdb /etc/tcp.smtp.tmp < /etc/tcp.smtp
> 
> and got:
> 
> [root@proxy control]# tcprulescheck /etc/tcp.smtp.cdb
> rule :
> allow connection
> [root@proxy control]#
> 
> so what am i missing?

Aren't you supposed to specify the IP address you are checking when you
use tcprulescheck?

-Stephen-

Re: rcpthosts prob

[Dave Sill]

Z <[EMAIL PROTECTED]> wrote:

>i have installed ucspi-tcp and daemontools and my /etc/tcp.smtp
>file looks like this:
>
>127.:allow,RELAYCLIENT=""  
>63.78.138.:allow,RELAYCLIENT="" 
>64.113.144.:allow,RELAYCLIENT="" 
>10.1.1.:allow, RELAYCLIENT="" 
>192.168.1.:allow, RELAYCLIENT=""  

Lose the spaces in the last two lines.

-Dave

RE: rcpthosts info

[Wilson Fletcher]

Read FAQ #5.4.

You have two choice inetd or tcpserver. A lot of people recommend tcpserver 
available from www.qmail.org. I use inetd without any problems (yet) 
though.

Also read : The newbie's guide to relaying by Chris Johnson : 
http://www.palomine.net/qmail/relaying.html and life with qmail by David 
Sill : http://web.infoave.net/~dsill/lwq.html

You should definitely browse through http://www.qmail.org

regards,

Wilson

On Friday, June 04, 1999 9:07 PM, Robert Schader 
[SMTP:[EMAIL PROTECTED]] wrote:
> Hello all,
> I am new to qmail and am working on migrating to it from a system
> called Post.Office from www.software.com. I have had a little experience
> with sendmail, but not much. Anyway, I have looked at the FAQ and tried
> searching the mailing list and have not found an answer to my question.
> Here it is:
>
> It seems to me that the rcpthosts functionality is reversed from what it
> should be. I thought that maybe the functionality I wanted was to be 
found
> in the locals file, but that seems to control what machines qmail will
> accept mail for and hold locally. Following what appears to be the noted
> practice of duplicating this in the rcpthosts file, I assumed this would
> allow any of the machines in rcpthosts to relay through qmail anywhere 
they
> wanted. But it seems the behavior of this file is to only allow me to
> send mail to ONLY the hosts in rcpthosts, so I am stuck in my own little
> domain.
>
> You would think that the rcpthosts file could serve a better purpose by
> allowing the machines listed in it to send anywhere, instead of any 
machine
> out on the internet to only send files to the machines in rcpthosts, 
which
> in the case of the same information being in locals, serves no purpose
> that I can see.
>
> I do have the info from the FAQ on selectively allowing certain hosts
> to set RELAYHOST and am going to try implementing that, otherwise I am
> going to add the user/password auth patch for qmail-smtpd from nimh.org
> since I ultimately need that for offsite POP access.
>
> Any thoughts or recommendations welcome,
>
> **__
> Bob Schader   _.-{__}-._
> CAD Systems Administrator   .:-'``'-:.
> Product Design International, Inc. /_.-"`_  _`"-._\
> 4880 36th St. S.E., Suite 100 /`   / .\/. \   `\
> Grand Rapids, MI 49512|\__/\__/|
> Phone: 616-667-2600 .-\/-.
> Fax: 616-667-2692  /   '._-.__--__.-_.'   \
> Email: [EMAIL PROTECTED]\'.``'`   __\
> **(__)|'\___)
>  `_' \
> ``

Re: rcpthosts logs

[Anand Buddhdev]

On Tue, Sep 14, 1999 at 11:13:14AM -0700, Jan Stanik wrote:

There's a patch on www.qmail.org that does this, and also adds checking
for validity of the sender's domain. If you don't want that, then you
could look at the patch, and only extract the part that logs the
relaying attempt. Or you could stick in recordio before your qmail-smtpd
invocation, and pass the result to an awk/sed/perl script to only log
the relaying attempt failure,something like:

...  recordio qmail-smtpd | filter.pl | splogger smtpd 3 &

I tried to do this myself, but I'm not very good with programming, and
didn't get very far, so I gave up.

> Hi,
> 
>   I need to log rcpthosts failures:
> 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
> Is there any patch to qmail-smtpd?

-- 
See complete headers for more info

Re: rcpthosts logs

[Scott Schwartz]

"Jan Stanik" <[EMAIL PROTECTED]> writes:
| I need to log rcpthosts failures:
| 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
| Is there any patch to qmail-smtpd?

--- qmail-smtpd.c   1998/06/25 03:48:14 1.1
+++ qmail-smtpd.c   1998/06/25 03:54:58
@@ -42,16 +42,28 @@
 void flush() { substdio_flush(&ssout); }
 void out(s) char *s; { substdio_puts(&ssout,s); }
 
+void eout(s) char *s; 
+{ 
+   char buf[FMT_ULONG];
+
+   write(2, "smtpd: pid ", 11);
+   buf[fmt_ulong(buf,(unsigned long) getpid())] = 0;
+   write(2, buf, str_len(buf));
+   write(2, " ", 1);
+   write(2, s, str_len(s)); 
+   out(s); 
+}
+
 void die_read() { _exit(1); }
-void die_alarm() { out("451 timeout (#4.4.2)\r\n"); flush(); _exit(1); }
-void die_nomem() { out("421 out of memory (#4.3.0)\r\n"); flush(); _exit(1); }
-void die_control() { out("421 unable to read controls (#4.3.0)\r\n"); flush(); 
_exit(1); }
-void die_ipme() { out("421 unable to figure out my IP addresses (#4.3.0)\r\n"); 
flush(); _exit(1); }
-void straynewline() { out("451 See http://pobox.com/~djb/docs/smtplf.html.\r\n"); 
flush(); _exit(1); }
-
-void err_bmf() { out("553 sorry, your envelope sender is in my badmailfrom list 
(#5.7.1)\r\n"); }
-void err_nogateway() { out("553 sorry, that domain isn't in my list of allowed 
rcpthosts (#5.7.1)\r\n"); }
-void err_unimpl() { out("502 unimplemented (#5.5.1)\r\n"); }
+void die_alarm() { eout("451 timeout (#4.4.2)\r\n"); flush(); _exit(1); }
+void die_nomem() { eout("421 out of memory (#4.3.0)\r\n"); flush(); _exit(1); }
+void die_control() { eout("421 unable to read controls (#4.3.0)\r\n"); flush(); 
+_exit(1); }
+void die_ipme() { eout("421 unable to figure out my IP addresses (#4.3.0)\r\n"); 
+flush(); _exit(1); }
+void straynewline() { eout("451 See http://pobox.com/~djb/docs/smtplf.html.\r\n"); 
+flush(); _exit(1); }
+
+void err_bmf() { eout("553 sorry, your envelope sender is in my badmailfrom list 
+(#5.7.1)\r\n"); }
+void err_nogateway() { eout("553 sorry, that domain isn't in my list of allowed 
+rcpthosts (#5.7.1)\r\n"); }
+void err_unimpl() { eout("502 unimplemented (#5.5.1)\r\n"); }
 void err_syntax() { out("555 syntax error (#5.5.4)\r\n"); }
 void err_wantmail() { out("503 MAIL first (#5.5.1)\r\n"); }
 void err_wantrcpt() { out("503 RCPT first (#5.5.1)\r\n"); }
@@ -387,8 +399,8 @@
  
   qqx = qmail_close(&qqt);
   if (!*qqx) { acceptmessage(qp); return; }
-  if (hops) { out("554 too many hops, this message is looping (#5.4.6)\r\n"); return; 
}
-  if (databytes) if (!bytestooverflow) { out("552 sorry, that message size exceeds my 
databytes limit (#5.3.4)\r\n"); return; }
+  if (hops) { eout("554 too many hops, this message is looping (#5.4.6)\r\n"); 
+return; }
+  if (databytes) if (!bytestooverflow) { eout("552 sorry, that message size exceeds 
+my databytes limit (#5.3.4)\r\n"); return; }
   if (*qqx == 'D') out("554 "); else out("451 ");
   out(qqx + 1);
   out("\r\n");

RE: RCPTHOSTS error

[Chris Nelson]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Check the FAQ

ftp://koobera.math.uic.edu/www/qmail/faq/servers.html#authorized-relay

- -Chris


> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Monday, October 04, 1999 8:07 PM
> To: [EMAIL PROTECTED]
> Subject: RCPTHOSTS error
> 
> 
> 
> 
> Hey all I just put a new Qmail server online at Z100 Radio in 
> New York city
> for all of ou listener e-mail (about 500,000 mails/day) and I have
> everything working except one little thing- when I try and 
> send mail to
> addresses outside my domain (eg aol.com, mindspring.com, etc. I get
> an error saying "sorry, that domain is not in my list of allowed 
> rcpt hosts #5.7.1" anyone have any ideas as to why this is
> happening???  
> 
> Thanks in advance,
> Bernie Courtney
> Z100 New Yok Engineering
> 
> PS: fist person to help me solve the problem gets a station 
> T-Shirt  :-)))
> 
> 
> 

-BEGIN PGP SIGNATURE-
Version: PGPfreeware 6.5.1 for non-commercial use 

iQA/AwUBN/lsyZudIvOxcSM4EQLpzgCdHtesMBNmgrEPVn7u9ayB8Lm2HJ0AoPn0
NUatGZg6fsMa1F79dye69BAi
=KGuN
-END PGP SIGNATURE-

Re: RCPTHOSTS error

[Bernard Karmilowicz]

Hi Bernie:

Read: http://www.palomine.net/qmail/selectiverelay.html

Please let me know if it is not clear.

- Bernie

> Hey all I just put a new Qmail server online at Z100 Radio in New York city
> for all of ou listener e-mail (about 500,000 mails/day) and I have
> everything working except one little thing- when I try and send mail to
> addresses outside my domain (eg aol.com, mindspring.com, etc. I get an error
> saying "sorry, that domain is not in my list of allowed rcpt hosts #5.7.1"
> anyone have any ideas as to why this is happening???
>
> Thanks in advance,
> Bernie Courtney
> Z100 New Yok Engineering
>
> PS: fist person to help me solve the problem gets a station T-Shirt  :-)))

Re: RCPTHOSTS error

[Russell Nelson]

[EMAIL PROTECTED] writes:
 > 
 > 
 > Hey all I just put a new Qmail server online at Z100 Radio in New York city
 > for all of ou listener e-mail (about 500,000 mails/day) and I have
 > everything working except one little thing- when I try and send mail to
 > addresses outside my domain (eg aol.com, mindspring.com, etc. I get an
 > error saying "sorry, that domain is not in my list of allowed rcpt hosts
 > #5.7.1" anyone have any ideas as to why this is happening???
 > 
 > Thanks in advance,
 > Bernie Courtney
 > Z100 New Yok Engineering
 > 
 > PS: fist person to help me solve the problem gets a station T-Shirt  :-)))

Not the fifth caller?  :)

You don't say, but very likely you're getting this problem when you
"try and send mail" from a client machine.  You have to tell the
server that the client machine is authorized to relay.  Most often
this is done by listing the IP address subnet (or range of addresses)
in /etc/smtp.txt, followed by ":allow,RELAYCLIENT=//", and then
compiled into /etc/smtp.cdb.

You know, just like it says in FAQ 5.4.

-- 
-russ nelson <[EMAIL PROTECTED]>  http://russnelson.com
Crynwr sells support for free software  | PGPok | Government schools are so
521 Pleasant Valley Rd. | +1 315 268 1925 voice | bad that any rank amateur
Potsdam, NY 13676-3213  | +1 315 268 9201 FAX   | can outdo them. Homeschool!

RE: RCPTHOSTS error

[courtney]

and if I am not using TCPSERVER?  I just need to get this runing ASAP so an
open relay would be fine for the time being, how do I do that?

RE: RCPTHOSTS error

[Chris Nelson]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

you really should be running tcpserver, it takes about 10 minutes (or
less) to setup and is much more reliable than inetd.

- -Chris


> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Monday, October 04, 1999 9:23 PM
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> Subject: RE: RCPTHOSTS error
> 
> 
> 
> 
> and if I am not using TCPSERVER?  I just need to get this 
> runing ASAP so an
> open relay would be fine for the time being, how do I do that?
> 
> 

-BEGIN PGP SIGNATURE-
Version: PGPfreeware 6.5.1 for non-commercial use <http://www.pgp.com>

iQA/AwUBN/l/DJudIvOxcSM4EQIbOQCfXiI61KVJ65QJpJWuAkcuyJQO7W4An3Ju
+CxaARusrROoWWj9kctskIZ6
=GezP
-END PGP SIGNATURE-

RE: RCPTHOSTS error

[Russell Nelson]

[EMAIL PROTECTED] writes:
 > and if I am not using TCPSERVER?  I just need to get this runing ASAP so an
 > open relay would be fine for the time being, how do I do that?

Install tcpserver.  It's faster than dealing with inetd.

-- 
-russ nelson <[EMAIL PROTECTED]>  http://russnelson.com
Crynwr sells support for free software  | PGPok | Government schools are so
521 Pleasant Valley Rd. | +1 315 268 1925 voice | bad that any rank amateur
Potsdam, NY 13676-3213  | +1 315 268 9201 FAX   | can outdo them. Homeschool!

Re: RCPTHOSTS error

[courtney]

let me also add that if I remove the RCPTHOSTS file, that I can no longer
recieve e-mails sent to my local domain.  The machine just refuses
everything.

any more ideas??

Re: RCPTHOSTS error

[Bernard Karmilowicz]

> and if I am not using TCPSERVER?  I just need to get this runing ASAP so an
> open relay would be fine for the time being, how do I do that?

Running an open relay is discouraged. You should install tcpserver ASAP (It is
not painful. Trust me. I have done it myself).

If your really, really, really, absolutely, must, without a doubt, run an open
relay (and _please_ only for a few minutes until you get tcpserver installed),
you may be able to by deleting the control/rcpthosts file.

Beware. Your station management and sponsors may not look favorably if a
spammer sees your open relay and uses it to distribute garbage throughout the
world.

- Bernie

Re: RCPTHOSTS error

[phil]

Russell Nelson wrote:

> [EMAIL PROTECTED] writes:
>  > and if I am not using TCPSERVER?  I just need to get this runing ASAP so an
>  > open relay would be fine for the time being, how do I do that?
> 
> Install tcpserver.  It's faster than dealing with inetd.

Can it be said that tcpserver can run concurrently with inetd?  I would
think so.  But maybe because it is said to be better than inetd, people
see it as a replacement for inetd (why not, right?), and then they
hesitate to make the move because they haven't blocked enough time to
be sure there is no impact on all the other inetd stuff (ya never know
when dealing with new stuff).  The simple scenario should be to just
put tcpserver on and fire it up configured to do qmail and nothing else
for now (to get going) and migrate things from inetd to tcpserver later
on.

I take it if you have any UDP stuff on inetd you have to leave it on there?
OTOH, some of my servers are so tight there's not even inetd running (ssh
runs standalone).  So my first though is most of the UDP isn't needed.

-- 
Phil Howard | [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
  phil  | [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
  at| [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
  ipal  | [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
 dot| [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
  net   | [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]

Re: RCPTHOSTS error

[phil]

Bernard Karmilowicz wrote:

> > and if I am not using TCPSERVER?  I just need to get this runing ASAP so an
> > open relay would be fine for the time being, how do I do that?
> 
> Running an open relay is discouraged. You should install tcpserver ASAP (It is
> not painful. Trust me. I have done it myself).
> 
> If your really, really, really, absolutely, must, without a doubt, run an open
> relay (and _please_ only for a few minutes until you get tcpserver installed),
> you may be able to by deleting the control/rcpthosts file.

Since I'm in the (slower) process of putting up qmail on a new server that
has nothing on it so far, I decided to go ahead and install tcpserver now
since I will be doing so anyway, and because of this thread, just to see
how long it would take.  It will take longer for me because instead of just
installing things like most people do, I follow a process if "documenting"
what I do by writing a script that does the whole thing.  I can thus use
the script in the future for a new version, or let it "document" what I did.

It was easy, actually.

Since I'm still going through all the qmail documentation I haven't yet come
across how to exactly set up qmail and tcpserver together.  No, don't tell
me; I'll figure it out.

But what I am curious about is why installing ucspi (the package tcpserver
comes in) put sgid bits in some of my directories:

before:

d  00755 0.0 usr/local
d  00775 0.0 usr/local/bin
d  00775 0.0 usr/local/man
d  00755 0.0 usr/local/man/man1
d  00755 0.0 usr/local/man/man5

after:

d  02755 0.0 usr/local
d  02755 0.0 usr/local/bin
d  02755 0.0 usr/local/man
d  02755 0.0 usr/local/man/cat1
d  02755 0.0 usr/local/man/cat5
d  02755 0.0 usr/local/man/man1
d  02755 0.0 usr/local/man/man5

-- 
Phil Howard | [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
  phil  | [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
  at| [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
  ipal  | [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
 dot| [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
  net   | [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]

Re: RCPTHOSTS error

[Chris Johnson]

On Tue, Oct 05, 1999 at 12:33:02AM -0400, [EMAIL PROTECTED] wrote:
> 
> let me also add that if I remove the RCPTHOSTS file, that I can no longer
> recieve e-mails sent to my local domain.  The machine just refuses
> everything.

This is just not true. If you remove the rcpthosts file, you become an open
relay. qmail-smtpd will accept mail for any domain.

Chris

Re: RCPTHOSTS error

[Russell Nelson]

[EMAIL PROTECTED] writes:
 > Can it be said that tcpserver can run concurrently with inetd?

Yup.  Tcpserver can run concurrently with inetd.  There, now it *has*
been said.

 > I take it if you have any UDP stuff on inetd you have to leave it on there?
 > OTOH, some of my servers are so tight there's not even inetd running (ssh
 > runs standalone).  So my first though is most of the UDP isn't needed.

Right.  By the time you remove unnecessary services, you may as well
not be running inetd.

-- 
-russ nelson <[EMAIL PROTECTED]>  http://russnelson.com
Crynwr sells support for free software  | PGPok | Government schools are so
521 Pleasant Valley Rd. | +1 315 268 1925 voice | bad that any rank amateur
Potsdam, NY 13676-3213  | +1 315 268 9201 FAX   | can outdo them. Homeschool!

Re: rcpthosts error.

[Scott Schwartz]

Bob Ross <[EMAIL PROTECTED]> writes:
| I have qmail setup on this server. I thought I copied all the files and
| changed everything for their service. All in-bound mail shows up fine.
| When they try to send any email they receive this error.
| 
| 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
| 
| What did I miss??.

It's fascinating how often this comes up.  

Bob, did you read *ALL* of the qmail documentation.

What does "when they try to send" mean?  Does it mean, "mail injected
locally, right into the queue", or does it mean "open a tcp connection
to port 25 on your server"?  In the latter case, how do you distinguish
one of "your" users from some random stranger out on the internet?
When you know that answer, and you've read the FAQ (and *ALL* the other
docs), you'll know what to do.

Re: rcpthosts questions

[Chris Johnson]

On Tue, Apr 06, 1999 at 10:25:59AM -0500, Sean Brown wrote:
> I apologize in advance for the newbie question.
> 
> I've got qmail up and running, and all's well so far.  However, I'm a
> bit confused about the rcpthosts file.  From the FAQ:
> 
> 
> How do I allow selected clients to send outgoing messages through my
> SMTP server? qmail-smtpd is giving the error ``sorry, that domain isn't
> in my list of allowed rcpthosts (#5.7.1)'' for messages to any domain
> not
> listed in /var/qmail/control/rcpthosts. 
> 
> Answer: This answer assumes that you are running qmail-smtpd under
> tcpserver. 
> 
> Create /etc/tcp.smtp containing 
> 
>  1.2.3.6:allow,RELAYCLIENT=""
>  127.:allow,RELAYCLIENT=""
> 
> to authorize relaying from clients with IP addresses 1.2.3.6 and 127.*. 
> 
> 
> The question and and error message seem to me to be two different
> problems.  The error message seems to say, "I can't send a message to
> that recipient."  The question seems to be , "How can I limit who uses
> my mailserver?"
> 
> Aren't these two separate issues?  And how do you resolve them?  If I
> want (ONLY) my users to be able to send mail wherever they want, how can
> I do that?  Do I have to list every possible domain suffix in my
> rcpthosts file, then limit which users can use my smtp server using the
> method from the FAQ above? That doesn't make much sense to me.  

I've written a couple of things about relaying with qmail that you may want to
read. They're http://www.palomine.net/qmail/relaying.html, which covers a bunch
of relaying issues, and http://www.palomine.net/qmail/selectiverelay.html,
which covers setting up selective relaying.

Chris

Re: rcpthosts questions

[Dave Sill]

[EMAIL PROTECTED] wrote:
>
>
>How do I allow selected clients to send outgoing messages through my
>SMTP server? qmail-smtpd is giving the error ``sorry, that domain isn't
>in my list of allowed rcpthosts (#5.7.1)'' for messages to any domain
>not
>listed in /var/qmail/control/rcpthosts. 
>
>The question and and error message seem to me to be two different
>problems.  The error message seems to say, "I can't send a message to
>that recipient."

The message actually means "I can't receive messages for that host
(from you)". In other words, that recipient host isn't local, and
qmail isn't configured to allow the client to relay messages to it.

There are three hosts involved here: the client (sender) host, your
qmail server (relay), and the receiving (recipient) host. Back in the
good ol' days, before rampant spam, open relays were common. They'd
accept anything submitted via SMTP and either deliver it locally or
forward it on to the recipient host. By default, qmail's SMTP daemon
only accepts messages it can deliver locally or to certain
preconfigured domains. The list of hosts it'll accept mail for is
"rcpthosts".

You want to allow a small set of local hosts to use your server as a
relay for arbitrary recipient hosts. This is accomplished by following 
the example in the FAQ.

>The question seems to be , "How can I limit who uses
>my mailserver?"

The question is "How can I limit who uses my mailserver to relay to
non-local domains?" The answer in the FAQ describes how to specify
which systems can connect to your server and use it to relay to
non-rcpthosts domains.

-Dave

Re: rcpthosts logging.

[Dave Sill]

Doug McClure <[EMAIL PROTECTED]> wrote:
>
>... Qmail's logs are much more
>difficult to track than sendmail's where before everything was two lines or
>three, it's five or six, and I'm not able to see things that could be
>potential configuration problems with Qmail (at least not clearly!).

Grab qmailanalog-0.70 and run "matchup" on your logs.

-Dave

Re: rcpthosts logging.

[Scott Schwartz]

Doug McClure <[EMAIL PROTECTED]> writes:
| Is there any way to log rcpthosts failures?

You need to patch qmail-smtpd.  Check the archives for my diffs.
There are lots of things that qmail-smtpd needs to log, but doesn't.

RE: rcpthosts, locals

[Vince Vielhaber]

On 27-Jan-99 Samuel Dries-Daffner wrote:
> 
> Ok simple question...too foggy to fix on my own :)
> 
> I have two machines: ella (IRIX) and kaos (Solaris), both have qmail.
> 
> I want to send mail to a user on kaos from a user on ella.
> 
> Mail seems to leave ella, and doesn't bounce...
> 
> ...but doesn't get delivered on kaos...
> 
> What should be in the respective rcpthosts and locals on each machine?
> And what other things should I be looking at? My machine kaos doesn't show
> anything about this in the logs...

You sure sendmail's not still running on kaos?  Is it still in ella's
queue?   Does ella's log say anything about the message being delivered?
Can you telnet to port 25 on kaos?

Vince.
-- 
==
Vince Vielhaber -- KA8CSH   email: [EMAIL PROTECTED]   flame-mail: /dev/null
   # includeTEAM-OS2
   Online Searchable Campground Listingshttp://www.camping-usa.com
   "There is no outfit less entitled to lecture me about bloat
   than the federal government"  -- Tony Snow
==

RE: rcpthosts, locals

[Samuel Dries-Daffner]

Well, don't see any sendmail processes

kaos-root  /var/adm$ ps -ef |grep sendmail
root  9571  6638  0 11:53:28 pts/62   0:00 grep sendmail

And telnet to port 25 seems ok (though i don't know what syntax to use)

ella 4% telnet kaos 25
Trying 144.91.3.21...
Connected to kaos.mills.edu.
Escape character is '^]'.
220 kaos.mills.edu ESMTP
helo
250-kaos.mills.edu
250-PIPELINING
250 8BITMIME

And not in queue...

ella 2# qstat
messages in queue: 129
messages in queue but not yet preprocessed: 1
ella 3# qread | grep kaos
ella 4#

And logs look good on ella...

Jan 27 20:03:52 6C:ella qmail: 917467432.923986 starting delivery 6117:
msg 4640
 to remote [EMAIL PROTECTED]
Jan 27 20:04:26 6C:ella qmail: 917467466.080066 starting delivery 6120:
msg 4315
 to remote [EMAIL PROTECTED]


Any other ideas?

Samuel

On Wed, 27 Jan 1999, Vince Vielhaber wrote:

> 
> On 27-Jan-99 Samuel Dries-Daffner wrote:
> > 
> > Ok simple question...too foggy to fix on my own :)
> > 
> > I have two machines: ella (IRIX) and kaos (Solaris), both have qmail.
> > 
> > I want to send mail to a user on kaos from a user on ella.
> > 
> > Mail seems to leave ella, and doesn't bounce...
> > 
> > ...but doesn't get delivered on kaos...
> > 
> > What should be in the respective rcpthosts and locals on each machine?
> > And what other things should I be looking at? My machine kaos doesn't show
> > anything about this in the logs...
> 
> You sure sendmail's not still running on kaos?  Is it still in ella's
> queue?   Does ella's log say anything about the message being delivered?
> Can you telnet to port 25 on kaos?
> 
> Vince.
> -- 
> ==
> Vince Vielhaber -- KA8CSH   email: [EMAIL PROTECTED]   flame-mail: /dev/null
># includeTEAM-OS2
>Online Searchable Campground Listingshttp://www.camping-usa.com
>"There is no outfit less entitled to lecture me about bloat
>than the federal government"  -- Tony Snow
> ==
> 
> 
> 

RE: rcpthosts, locals

[Vince Vielhaber]

On 27-Jan-99 Samuel Dries-Daffner wrote:
> 
> 
> And logs look good on ella...
> 
> Jan 27 20:03:52 6C:ella qmail: 917467432.923986 starting delivery 6117:
> msg 4640
>  to remote [EMAIL PROTECTED]
> Jan 27 20:04:26 6C:ella qmail: 917467466.080066 starting delivery 6120:
> msg 4315
>  to remote [EMAIL PROTECTED]
> 
> 
> Any other ideas?

Yeah, are all the deliveries like this?   This shows it's starting but
never finishing.  Try telnetting to kaos again and do something like
this:

220 mail.michvhf.com ESMTP
helo
250 mail.michvhf.com
mail from: <[EMAIL PROTECTED]>
250 ok
rcpt to: <[EMAIL PROTECTED]>
250 ok
data
354 go ahead

testing
testing
testing
testing

.
250 ok 917468441 qp 10291



Vince.
-- 
==
Vince Vielhaber -- KA8CSH   email: [EMAIL PROTECTED]   flame-mail: /dev/null
   # includeTEAM-OS2
   Online Searchable Campground Listingshttp://www.camping-usa.com
   "There is no outfit less entitled to lecture me about bloat
   than the federal government"  -- Tony Snow
==

RE: rcpthosts, locals

[Samuel Dries-Daffner]

Well now I am seeing something in my kaos queue...but they're not
delivering...

kaos-root  /usr/local/lib/lookup$ /var/qmail/bin/qmail-qread
27 Jan 1999 20:15:32 GMT  #84893  198455  <[EMAIL PROTECTED]>
local   [EMAIL PROTECTED]
27 Jan 1999 20:16:08 GMT  #84895  198455  <[EMAIL PROTECTED]>
local   [EMAIL PROTECTED]
27 Jan 1999 20:29:29 GMT  #84897  198455  <[EMAIL PROTECTED]>
local   [EMAIL PROTECTED]
27 Jan 1999 20:29:29 GMT  #84897  198455  <[EMAIL PROTECTED]>
local   [EMAIL PROTECTED]
27 Jan 1999 20:46:14 GMT  #84898  198455  <[EMAIL PROTECTED]>
local   [EMAIL PROTECTED]
27 Jan 1999 20:51:08 GMT  #84899  198455  <[EMAIL PROTECTED]>
local   [EMAIL PROTECTED]
 
local [EMAIL PROTECTED]

And I get this when I try locally:

kaos-root  /usr/acct/staff/daffners$ mail [EMAIL PROTECTED]
Subject: test
test
.
EOT
kaos-root  /usr/acct/staff/daffners$ ellapw... User unknown

But I have a .qmail alias file:

-rw-r--r--   1 root other 53 Jun 10  1997 .qmail-ellapw


And the qmail processes running are:

kaos-root  /var/qmail/bin$ ps -ef |grep qmail
  qmails   184 1  0   Jan 06 ?0:03 qmail-send
  qmaill   191   184  0   Jan 06 ?0:00 splogger qmail
root   192   184  0   Jan 06 ?0:00 qmail-lspawn ./Mailbox
  qmailr   193   184  0   Jan 06 ?0:00 qmail-rspawn
  qmailq   194   184  0   Jan 06 ?0:00 qmail-clean

Is qmail-local supposed to be runnning? Whats missing?

Samuel


On Wed, 27 Jan 1999, Vince Vielhaber wrote:

> 
> On 27-Jan-99 Samuel Dries-Daffner wrote:
> > 
> > 
> > And logs look good on ella...
> > 
> > Jan 27 20:03:52 6C:ella qmail: 917467432.923986 starting delivery 6117:
> > msg 4640
> >  to remote [EMAIL PROTECTED]
> > Jan 27 20:04:26 6C:ella qmail: 917467466.080066 starting delivery 6120:
> > msg 4315
> >  to remote [EMAIL PROTECTED]
> > 
> > 
> > Any other ideas?
> 
> Yeah, are all the deliveries like this?   This shows it's starting but
> never finishing.  Try telnetting to kaos again and do something like
> this:
> 
> 220 mail.michvhf.com ESMTP
> helo
> 250 mail.michvhf.com
> mail from: <[EMAIL PROTECTED]>
> 250 ok
> rcpt to: <[EMAIL PROTECTED]>
> 250 ok
> data
> 354 go ahead
> 
> testing
> testing
> testing
> testing
> 
> .
> 250 ok 917468441 qp 10291
> 
> 
> 
> Vince.
> -- 
> ==
> Vince Vielhaber -- KA8CSH   email: [EMAIL PROTECTED]   flame-mail: /dev/null
># includeTEAM-OS2
>Online Searchable Campground Listingshttp://www.camping-usa.com
>"There is no outfit less entitled to lecture me about bloat
>than the federal government"  -- Tony Snow
> ==
> 
> 
> 

RE: rcpthosts, locals

[Vince Vielhaber]

On 27-Jan-99 Samuel Dries-Daffner wrote:
> 
> Well now I am seeing something in my kaos queue...but they're not
> delivering...
> 
> kaos-root  /usr/local/lib/lookup$ /var/qmail/bin/qmail-qread
> 27 Jan 1999 20:15:32 GMT  #84893  198455  <[EMAIL PROTECTED]>
> local   [EMAIL PROTECTED]
> 27 Jan 1999 20:16:08 GMT  #84895  198455  <[EMAIL PROTECTED]>
> local   [EMAIL PROTECTED]
> 27 Jan 1999 20:29:29 GMT  #84897  198455  <[EMAIL PROTECTED]>
>   local   [EMAIL PROTECTED]
> 27 Jan 1999 20:29:29 GMT  #84897  198455  <[EMAIL PROTECTED]>
> local   [EMAIL PROTECTED]
> 27 Jan 1999 20:46:14 GMT  #84898  198455  <[EMAIL PROTECTED]>
> local   [EMAIL PROTECTED]
> 27 Jan 1999 20:51:08 GMT  #84899  198455  <[EMAIL PROTECTED]>
> local   [EMAIL PROTECTED]
>  
> local [EMAIL PROTECTED]
>

What do the logs on kaos show now?  If they're queued there should be
log entries.  Also what is the contents of  ~alias/.qmail-ellapw?  Is
there perhaps a bad delivery instruction in it?

Vince.
-- 
==
Vince Vielhaber -- KA8CSH   email: [EMAIL PROTECTED]   flame-mail: /dev/null
   # includeTEAM-OS2
   Online Searchable Campground Listingshttp://www.camping-usa.com
   "There is no outfit less entitled to lecture me about bloat
   than the federal government"  -- Tony Snow
==

RE: rcpthosts, locals

[Samuel Dries-Daffner]

chown alias to the output file made a big difference after a few edits to
the script in the .qmail-alias file. All is well (on this one!)

Thanks for all your help :)

Samuel

On Wed, 27 Jan 1999, Vince Vielhaber wrote:

> 
> On 27-Jan-99 Samuel Dries-Daffner wrote:
> > 
> > Well now I am seeing something in my kaos queue...but they're not
> > delivering...
> > 
> > kaos-root  /usr/local/lib/lookup$ /var/qmail/bin/qmail-qread
> > 27 Jan 1999 20:15:32 GMT  #84893  198455  <[EMAIL PROTECTED]>
> > local   [EMAIL PROTECTED]
> > 27 Jan 1999 20:16:08 GMT  #84895  198455  <[EMAIL PROTECTED]>
> > local   [EMAIL PROTECTED]
> > 27 Jan 1999 20:29:29 GMT  #84897  198455  <[EMAIL PROTECTED]>
> >   local   [EMAIL PROTECTED]
> > 27 Jan 1999 20:29:29 GMT  #84897  198455  <[EMAIL PROTECTED]>
> > local   [EMAIL PROTECTED]
> > 27 Jan 1999 20:46:14 GMT  #84898  198455  <[EMAIL PROTECTED]>
> > local   [EMAIL PROTECTED]
> > 27 Jan 1999 20:51:08 GMT  #84899  198455  <[EMAIL PROTECTED]>
> > local   [EMAIL PROTECTED]
> >  
> > local [EMAIL PROTECTED]
> >
> 
> What do the logs on kaos show now?  If they're queued there should be
> log entries.  Also what is the contents of  ~alias/.qmail-ellapw?  Is
> there perhaps a bad delivery instruction in it?
> 
> Vince.
> -- 
> ==
> Vince Vielhaber -- KA8CSH   email: [EMAIL PROTECTED]   flame-mail: /dev/null
># includeTEAM-OS2
>Online Searchable Campground Listingshttp://www.camping-usa.com
>"There is no outfit less entitled to lecture me about bloat
>than the federal government"  -- Tony Snow
> ==
> 
> 
> 
> 

Re: rcpthosts failure

[Anand Buddhdev]

On Sat, Dec 04, 1999 at 01:53:02AM -0800, James wrote:

> I am using Linux version 2.2.9-27mdk of Mandrake, and I am getting an
> error when trying to use my server as a relay.  Here is my current setup:
> 
> In tcp.smtp I have:
> 209.333.55.:allow, RELAYCLIENT=""
   ^^^
> 127.0.0.:allow, RELAYCLIENT=""
  ^
> 209.333.222.111:allow, RELAYCLIENT=""
   ^^^

Try removing those spaces. They are being interpreted as part of the
variable name.

> :allow
> 
> And I have run:
> /usr/local/bin/tcprules tcp.smtp.cdb tcp.smtp.temp < tcp.smtp
> 
> And that seemed to have worked.  In my rcpthosts I have the domain name of
> my domain.  When I try to send a message FROM 209.333.222.111 TO any
> other email address than my domain name using netscape 4.7, I get this
> error:
> 
> An error occurred while sending mail.  The mail server responded: sorry,
> that domain isn't in my list of allowed rcpthosts (#5.7.1)  Please check
> the message recipients and try again.

-- 
See complete headers for more info

Re: rcpthosts question

[Adam Michaud]

After being pointed in the right direction by a kind soul, it was almost
embarrassingly easy...the problem is solved.

Nothing more to see here...move along...

-Adam



On Mon, 24 Jan 2000, Adam Michaud wrote:

> 
> We had previously not been using rcpthosts, but decided to after falling
> victim to a spammer.  I've put everything in locals and virtualdomains in
> rcpthosts, but now it won't let my local users send to remote domains.
> 
> I've also added a wildcard for our domain (e.g., .domain.com), but that
> didn't help.
> 
> Any suggestions?
> 
> Adam
> 

Re: rcpthosts ignored

[Paul Culmsee]

Hi again

I modified the source to qmail-smtpd.c and commented out all of the parts that
check for the relayclient environment variable. My problem of rcpthosts file
being skipped still occurs. The server is happily accepting rcpt to for any
domain.

I then hardcoded a return value into the addrallowed() function (r = 0) and sure
enough, I get the "553 sorry, not in my list of allowed rpcthosts" message.

So do I have a permission problem? do I have a problem with the format of this
file? I reran ./config to regenerate it..

Any suggestions?

ta

Paul


> Hi
> 
> I am testing qmail and have a problem in that the rcpthosts file is being
> ignored.
> 


-
This message was sent using Vianet's Web Based Emailer.
http://www.vianet.net.au

Re: rcpthosts ignored

[Erwin Hoffmann]

Hi,

we need some more configuration details. Pipe /var/qmail/bin/qmail-showctl
to a file and post it in this list.

cheers.
eh.

At 06:32 30.3.2000 GMT, you wrote:
>Hi again
>
>I modified the source to qmail-smtpd.c and commented out all of the parts
that
>check for the relayclient environment variable. My problem of rcpthosts file
>being skipped still occurs. The server is happily accepting rcpt to for any
>domain.
>
>I then hardcoded a return value into the addrallowed() function (r = 0)
and sure
>enough, I get the "553 sorry, not in my list of allowed rpcthosts" message.
>
>So do I have a permission problem? do I have a problem with the format of
this
>file? I reran ./config to regenerate it..
>
>Any suggestions?
>
>ta
>
>Paul
>
>
>> Hi
>> 
>> I am testing qmail and have a problem in that the rcpthosts file is being
>> ignored.
>> 
>
>
>-
>This message was sent using Vianet's Web Based Emailer.
>http://www.vianet.net.au
>
>
>
+---+
|  fffhh Dr. Erwin Hoffmann |
| ff  hh|
| ffeee     ccc   ooomm mm  mm   Wiener Weg 8   |
| fff  ee ee  hh  hh   cc   oo   oo  mmm  mm  mm 50858 Koeln|
| ff  ee eee  hh  hh  cc   oo oo mm   mm  mm|
| ff  eee hh  hh   cc   oo   oo  mm   mm  mm Tel 0221 484 4923  |
| ff      hh  hhccc   ooomm   mm  mm Fax 0221 484 4924  |
+---+

Re: rcpthosts ignored

[Paul Culmsee]

As requested

qmail home directory: /var/qmail.
user-ext delimiter: -.
paternalism (in decimal): 2.
silent concurrency limit: 120.
subdirectory split: 23.
user ids: 889, 890, 891, 0, 892, 893, 894, 895.
group ids: 505, 504.

badmailfrom: (Default.) Any MAIL FROM is allowed.

bouncefrom: (Default.) Bounce user name is MAILER-DAEMON.

bouncehost: (Default.) Bounce host name is mailman.windowlogic.com.au.

concurrencylocal: (Default.) Local concurrency is 10.
 
concurrencyremote: (Default.) Remote concurrency is 20.

databytes: (Default.) SMTP DATA limit is 0 bytes.

defaultdomain: Default domain name is windowlogic.com.au.

defaulthost: (Default.) Default host name is mailman.windowlogic.com.au.

doublebouncehost: (Default.) 2B recipient host: mailman.windowlogic.com.au.

doublebounceto: (Default.) 2B recipient user: postmaster.

envnoathost: (Default.) Presumed domain name is mailman.windowlogic.com.au.

helohost: (Default.) SMTP client HELO host name is mailman.windowlogic.com.au.

idhost: (Default.) Message-ID host name is mailman.windowlogic.com.au.

localiphost: (Default.) Local IP address becomes mailman.windowlogic.com.au.

locals:
Messages for localhost are delivered locally.
Messages for mailman.windowlogic.com.au are delivered locally.
Messages for www.tuckerbox.com.au are delivered locally.

me: My name is mailman.windowlogic.com.au.

percenthack: (Default.) The percent hack is not allowed.
 
plusdomain: Plus domain name is com.au.

qmqpservers: (Default.) No QMQP servers.

queuelifetime: (Default.) Message lifetime in the queue is 604800 seconds.

rcpthosts:
SMTP clients may send messages to recipients at localhost.
SMTP clients may send messages to recipients at mailman.windowlogic.com.au.
SMTP clients may send messages to recipients at www.tuckerbox.com.au.
 
morercpthosts: (Default.) No effect.

morercpthosts.cdb: (Default.) No effect.

smtpgreeting: (Default.) SMTP greeting: 220 mailman.windowlogic.com.au.

smtproutes: (Default.) No artificial SMTP routes.

timeoutconnect: (Default.) SMTP client connection timeout is 60 seconds.

timeoutremote: (Default.) SMTP client data timeout is 1200 seconds.

timeoutsmtpd: (Default.) SMTP server data timeout is 1200 seconds.

virtualdomains: (Default.) No virtual domains.   
 .  


> Hi,
> 
> we need some more configuration details. Pipe /var/qmail/bin/qmail-showctl
> to a file and post it in this list.
> 
> cheers.
> eh.
> 
> 


-
This message was sent using Vianet's Web Based Emailer.
http://www.vianet.net.au

Re: rcpthosts ignored

[Paul Culmsee]

I have found my problem. I have been talking to port 25 manually and haven't
used the proper notation, ie

rcpt to:<[EMAIL PROTECTED]>

instead i was doing rcpt to [EMAIL PROTECTED]

putting in the brackets fixes it.

Is this expected behaviour? 

Paul

-
This message was sent using Vianet's Web Based Emailer.
http://www.vianet.net.au

Re: RCPTHOSTS Dilemma

[David Dyer-Bennet]

Anthony Abby <[EMAIL PROTECTED]> writes on 2 November 2000 at 16:37:43 -0500
 > I'm having a problem with RCPTHOSTS and relaying.  Without RCPTHOSTS (or
 > MORERCPTHOSTS) my mail server is an open relay, and yet I'm having
 > difficulty setting it up so that my Listserv (Listar), which runs on the
 > same box as QMail, can send out email to list subscribers?
 > 
 > I have the following in rcpthosts:
 > 
 > listserv.genexchange.com
 > listserv.genexchange.org
 > listserv.genexchange.net
 > 
 > and I have the following in defaulthost
 > 
 > listserv.genexchange.com
 > 
 > I've read through the relaying tutorials linked to from the QMail website,
 > but didn't find anything addresses this point.  I need to relay selectively
 > for mailing lists traffic, for not for anyone else...
 > 
 > Any ideas?

How does the mailing list submit messages to qmail?  Since you say
this doesn't work, what symptom or error message do you see?  And
finally, What Do The Logs Say (TM)?
-- 
David Dyer-Bennet  /  Welcome to the future!  /  [EMAIL PROTECTED]
SF: http://www.dd-b.net/dd-b/  Minicon: http://www.mnstf.org/minicon/
Photos: http://dd-b.lighthunters.net/

RE: RCPTHOSTS Dilemma

[Anthony Abby]

> How does the mailing list submit messages to qmail?  Since you say
> this doesn't work, what symptom or error message do you see?  And
> finally, What Do The Logs Say (TM)?


David:

Listar hands off list traffic directly back to Qmail via SMTP.  The logs
indicate QMail won't "relay" the mail because the addresses the mail is
bound for are not local.  Someone else wrote me and suggested I read
http://www.palomine.net/qmail/selectiverelay.html, which I did not read
before but which appears to answer my question.  This is something else that
the Richard Blum "Running Qmail" doesn't cover.  A couple people suggested I
return the book after I bought it, but I didn't.  Should have listened to
them when they offered the advice!!!  So when does the O'Reilly book get
published already??

Sorry for bothering everyone!
Anthony

Re: RCPTHOSTS Dilemma

[Justin Bell]

On Thu, Nov 02, 2000 at 04:37:43PM -0500, Anthony Abby wrote:
# I'm having a problem with RCPTHOSTS and relaying.  Without RCPTHOSTS (or
# MORERCPTHOSTS) my mail server is an open relay, and yet I'm having
# difficulty setting it up so that my Listserv (Listar), which runs on the
# same box as QMail, can send out email to list subscribers?
# 
# I have the following in rcpthosts:
# 
# listserv.genexchange.com
# listserv.genexchange.org
# listserv.genexchange.net
# 
# and I have the following in defaulthost
# 
# listserv.genexchange.com
# 
# I've read through the relaying tutorials linked to from the QMail website,
# but didn't find anything addresses this point.  I need to relay selectively
# for mailing lists traffic, for not for anyone else...
# 
# Any ideas?

it sounds like you need to add localhost (127.0.0.1) to your relay hosts
settings

-- 
Justin Bell

Re: rcpthosts or tcpserver

[Vince Vielhaber]

On Fri, 12 Feb 1999, Aria Prima Novianto wrote:

> 
> As I understand it, there are 2 ways to a do selective relaying.
> put the host names in rcpthosts, or using tcpserver by putting them in
> /etc/smtp.cdb and running tcprules.
> 
> Is my understanding correct? If it is which method is preferred?
> Thank you,
> 

You need to do both.  rcpthosts is a list of who you receive mail FOR
and tcpserver with RELAYCLIENT is for who you will allow to send mail
through you.

Vince.
-- 
==
Vince Vielhaber -- KA8CSH   email: [EMAIL PROTECTED]   flame-mail: /dev/null
   # includeTEAM-OS2
Online Campground Directoryhttp://www.camping-usa.com
   Online Giftshop Superstorehttp://www.cloudninegifts.com
==

Re: rcpthosts or tcpserver

[ddb]

Aria Prima Novianto <[EMAIL PROTECTED]> writes on 12 February 1999 at 11:02:25 -0600
 > 
 > As I understand it, there are 2 ways to a do selective relaying.
 > put the host names in rcpthosts, or using tcpserver by putting them in
 > /etc/smtp.cdb and running tcprules.
 > 
 > Is my understanding correct? If it is which method is preferred?

To do relaying selective as to *source* of connection, the only method
is to use FAQ 5.4 (tcpserver, as you outline).

rcpthosts controls addresses for which you will *RECEIVE* mail.  The
"rcpt" in the name comes from "recipient".
-- 
David Dyer-Bennet  [EMAIL PROTECTED]
http://www.ddb.com/~ddb (photos, sf) Minicon: http://www.mnstf.org/minicon
http://ouroboros.demesne.com/ The Ouroboros Bookworms
Join the 20th century before it's too late!

Re: rcpthosts or tcpserver

[Scott Schwartz]

Aria Prima Novianto <[EMAIL PROTECTED]> writes:
| As I understand it, there are 2 ways to a do selective relaying.
| put the host names in rcpthosts, or using tcpserver by putting them in
| /etc/smtp.cdb and running tcprules.
| 
| Is my understanding correct? If it is which method is preferred?
| Thank you,

No.  rcpthosts is just a funny way to spell "these hosts are really
me".  It's the logical concatenation of /var/qmail/locals and
/var/qmail/virtualdomains, unless you do something uncommon with MX
records.

Tcpserver says "you are a client that I trust and so will allow you to
send mail through me (in one end and out the other) to the internet at
large."

You need to use tcpserver to allow relaying.

Re: rcpthosts and morercpthosts

[Petr Novotny]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 21 Apr 00, at 8:22, Greg Kopp wrote:

> 1. What is morerecpthosts and morercpthosts.cdb? Is there a limit to
> the number of hosts that can be in the rcpthosts file?

No real limit; it's just that both files are parsed each time
qmail-smtpd is run (ie. connection arrives). I've heard that 50 lines 
in rcpthosts makes a good rule-of-thumb.

> 2. Do you think it would be safe to use NFS to mount my
> /var/qmail/control directory on our backup MX and then use symlinks of
> the nfs mounted rcpthosts file to the local file? For the number of
> domains I have, I want to avoid having to edit multiple files
> everytime we add one or delete one. Should I also link morercpthosts
> and morercpthosts.cdb?

Don't do either. Use rsync, and keep local copies.

-BEGIN PGP SIGNATURE-
Version: PGP 6.0.2 -- QDPGP 2.60 
Comment: http://community.wow.net/grt/qdpgp.html

iQA/AwUBOQA9d1MwP8g7qbw/EQKiUwCfZoaE8f3/AUrT/WZ28qUNPIsYB5MAn3Rn
rV79MzLDINfZHto1oXm7Fv2a
=8GYO
-END PGP SIGNATURE-
--
Petr Novotny, ANTEK CS
[EMAIL PROTECTED]
http://www.antek.cz
PGP key ID: 0x3BA9BC3F
-- Don't you know there ain't no devil there's just God when he's drunk.
 [Tom Waits]

Re: rcpthosts and morercpthosts

[Russell Nelson]

Greg Kopp writes:
 > 1. What is morerecpthosts and morercpthosts.cdb? Is there a limit to the
 > number of hosts that can be in the rcpthosts file?

You're limited only by memory ... however, qmail-smtpd reads the whole
file every time it starts up.  So you're better advised to put the
first fifteen busiest hosts in rcpthosts, and the rest in
morercpthosts.cdb.

 > 2. Do you think it would be safe to use NFS to mount my /var/qmail/control
 > directory on our backup MX and then use symlinks of the nfs mounted
 > rcpthosts file to the local file? For the number of domains I have, I want
 > to avoid having to edit multiple files everytime we add one or delete one.

Sure, if you don't mind making all of your email hosts rely on NFS.  A
better solution might be to rdist or rsync the files from a master
machine.

 > Should I also link morercpthosts and morercpthosts.cdb?

Yes.

-- 
-russ nelson <[EMAIL PROTECTED]>  http://russnelson.com
Crynwr sells support for free software  | PGPok | "Ask not what your country
521 Pleasant Valley Rd. | +1 315 268 1925 voice | can force other people to
Potsdam, NY 13676-3213  | +1 315 268 9201 FAX   | do for you..."  -Perry M.

Re: rcpthosts and morercpthosts

[Len Budney]

"Greg Kopp" <[EMAIL PROTECTED]> wrote:
> 
> 1. What is morerecpthosts and morercpthosts.cdb? Is there a limit to the
> number of hosts that can be in the rcpthosts file?

morercpthosts is (as the name implies) a supplement to rcpthosts, which is
used by qmail-smtpd to decide whether to accept mail. rcpthosts lists hosts
for which qmail-smtpd is allowed to accept email. morercpthosts, if it
exists, ``is effectively appended to rcpthosts'' [see qmail-smtpd(8)].
morercpthosts.cdb is created by running qmail-newmrh with morercpthosts
as input. You must do this, because morercpthosts.cdb is what qmail-smtpd
actually uses.

The idea here is to make qmail-smtpd faster IF you handle mail for a
very large number of domains. As a rule of thumb, ``large'' means more
than fifty. Putting your most commonly used sites in rcpthosts means
that qmail-smtpd will usually ignore morercpthosts.cdb. When the client
specifies an envelope recipient whose domain is not in rcpthosts, then
qmail-smtpd will check for the domain in morercpthosts.cdb as a fallback.

> 2. Do you think it would be safe to use NFS to mount my /var/qmail/control
> directory on our backup MX and then use symlinks of the nfs mounted
> rcpthosts file to the local file? For the number of domains I have, I want
> to avoid having to edit multiple files everytime we add one or delete one.
> Should I also link morercpthosts and morercpthosts.cdb?

If you do this, then the two MX hosts will behave _identically_. In
particular, qmail on the backup MX will try to do local deliveries because
of the shared copy of control/locals. If that's what you want, then you
_can_ do this; just be very sure its what you want.

To my little brain, though, it doesn't make a lot of sense to share
everything in /var/qmail/control. It would make more sense if you put
both hosts IP addresses under the same name, and set your DNS server
to hand out both addresses randomly for load-balancing purposes. You
will also have to NFS-mount the delivery destinations (/var/spool or
users' home directories) so that either host can do local deliveries.

If by ``backup MX'' you really mean ``secondary MX'', then I wouldn't
use this scheme. Instead, I would use ssh and rsync to share carefully
selected files (such as rcpthosts and morercpthosts). Put the right
commands in /var/qmail/control/Makefile on your authoritative host, and
run ``make'' after updating any control files.

Len.

--
Frugal Tip #30:
Let a large corporation pay you big bucks to tattoo their company logo
on your bald spot.

Re: rcpthosts and morercpthosts

[Len Budney]

"Petr Novotny" <[EMAIL PROTECTED]> wrote:
> On 21 Apr 00, at 8:22, Greg Kopp wrote:
> > 1. What is morerecpthosts and morercpthosts.cdb? Is there a limit to
> > the number of hosts that can be in the rcpthosts file?
> 
> No real limit; it's just that both files are parsed each time
> qmail-smtpd is run (ie. connection arrives).

morercpthosts is not parsed at all, of course. qmail-smtpd opens the
morercpthosts.cdb file, and uses it, if necessary, directly from the
disk. I'm guessing that's the point: to keep large rcpthosts lists
from turning qmail-smtpd into a memory hog.

> I've heard that 50 lines in rcpthosts makes a good rule-of-thumb.

That's what the manpage says.

Len.

--
Frugal Tip #37:
Check your old financial records and see if you might have accidentally
bought some Berkshire Hathaway stock 30 years ago.

Re: rcpthosts and morercpthosts

[Claus Färber]

Greg Kopp <[EMAIL PROTECTED]> schrieb/wrote:
> 1. What is morerecpthosts and morercpthosts.cdb? Is there a limit to the
> number of hosts that can be in the rcpthosts file?

morerecpthosts[.cdb] is a binary format that is more efficient than a  
single text file. You should use it for performance reason if you have  
more than a couple of domains.

> 2. Do you think it would be safe to use NFS to mount my /var/qmail/control
> directory on our backup MX and then use symlinks of the nfs mounted
> rcpthosts file to the local file?

Absolutly not. If your primary MX goes down for any reason that also  
affects the NFS service, the backup won't work either. Better replicate  
the files regularily.

Claus

-- 
http://www.faerber.muc.de

Re: rcpthosts default allow all ?

[David Talkington]

-BEGIN PGP SIGNED MESSAGE-


D. Cook wrote:

>I can't find the syntax for /var/qmail/control in the manual.  Please
>bear with me.

'man qmail-control' will point you in the right direction.

>What's the syntax for allowing all by default in rcpthosts and only
>selected hosts are banned?  Something like allow all reject
>*.online-sex.com

I personally find Hoffmann's spamcontrol patch to be much more
flexible in this regard: http://www.fehcom.de/qmail/qmail_en.html.
It adds a wealth of options, including new /control files, and even
updated man pages.

G'luck.  -d

- -- 
David Talkington
http://www.spotnet.org

PGP key: http://www.prairienet.org/~dtalk/dt000823.asc

-BEGIN PGP SIGNATURE-
Version: PGP 6.5.8
Comment: Made with pgp4pine 1.75-6

iQEVAwUBOvV1lr1ZYOtSwT+tAQHfzQf8DEg6Dipw9vnuVGHgtVd/h/hFLoft294f
WcDOMMciZQSdgtxscA6+h4MeiGihy56T8MmAWVrLsM3Z4uFDE0w4jUcc9Yd5GUys
v+FiXk/VHTIyxMwqIjesMKmJlrtb0hkqcJbZOBm1rBgmyQnAZaEKvFMo45NJfP+n
7CfTy/SLScjL6BzbFSTJAp+atJ0ARuDM26efkClCNkn4Qh6bCwrLfb80L5oEnz6A
4rjO5Pz3yXiYKzmf/Rq7PeFK1VVUxCvCJKJBUmiq+n58mOjuANUWks6Ajmy75Zsw
z3MzWNPFalYI/VCTGuChwsO2PQcx6kyEvHuGkyhUWydIoHgRUM4IHQ==
=MD2o
-END PGP SIGNATURE-

Re: rcpthosts default allow all ?

[Greg White]

On Sun, May 06, 2001 at 08:42:10AM -0700, D . Cook wrote:
> Hi all,
> 
> I can't find the syntax for /var/qmail/control in the manual.  Please
> bear with me.

As said, try 'man qmail-control'.
> 
> What's the syntax for allowing all by default in rcpthosts and only
> selected hosts are banned?  Something like
> allow all
> reject *.online-sex.com

Are you really sure this is what you want to do? Setting up a domain in
rcpthosts means 'I want to recieve mail _for_ this domain', not 'I want
to recieve mail _from_ this domain'. If one could actually set up
rcpthosts the way you are asking, you would be placed in ORBS and RSS
faster than you could say 'open relay'. This is a Very Bad Idea(tm).

If you need assistance with selective relay, start here:

http://cr.yp.to/qmail/faq/servers.html#authorized-relay

You can 'ban' the sites you want by IP address using ':deny' in place of
':allow' in tcprules. You can ban specific envelope senders with
/var/qmail/control/badmailfrom. There are also some spamcontrol patches,
see:

http://www.qmail.org/qmail/top.html#spam

> 
> Thanks.
> 
NP. I noticed the first reply to your message mentioned the spamcontrol
patches, but did not point out the implied error in your thinking.
Please feel free to flame away if I misunderstood your question, but it
does imply a misunderstanding of the nature of 'rcpthosts' and selective
relay. HTH,


-- 
Greg White
Those who make peaceful revolution impossible will make violent
revolution inevitable.
-- John F. Kennedy

Re: rcpthosts default allow all ?

[D . Cook]

Oops. I actually wanted only to be able to send mails OUT to every host
except what is banned.  I failed to grep control man page to understand
what is required to accomplish above.  I only found out by specifying
the domain in rcpthosts I could send mails to that domain.  Could you
please point out the exact what-to-do in man page?  Thank you.

qmail-control(5)   Headers, Tables, and Macros   qmail-control(5)

NAME
 qmail-control - qmail configuration files

INTRODUCTION
 You can change the behavior of the qmail system by modifying
 qmail's control files in /var/qmail/control.

 qmail can survive with just one control file, me, containing
 the  fully-qualified name of the current host.  This file is
 used as  the  default  for  other  hostname-related  control
 files.

 Comments are allowed in  badmailfrom,  locals,  percenthack,
 rcpthosts,  smtproutes, and virtualdomains.  Trailing spaces
 and tabs are allowed in any control file.

 The following table lists all control files other  than  me.
 See the corresponding man pages for further details.

  control defaultused by

  badmailfrom (none) qmail-smtpd
  bouncefrom  MAILER-DAEMON  qmail-send
  bouncehost  me qmail-send
  concurrencylocal10 qmail-send
  concurrencyremote   20 qmail-send
  defaultdomain   me qmail-inject
  defaulthost me qmail-inject
  doublebouncehostme qmail-send
  doublebounceto  postmaster qmail-send
  envnoathost me qmail-send
  helohostme qmail-remote
  idhost  me qmail-inject
  localiphost me qmail-smtpd
  locals  me qmail-send
  percenthack (none) qmail-send
  plusdomain  me qmail-inject
  queuelifetime   604800 qmail-send
  rcpthosts   (none) qmail-smtpd
  recipientmap(none) qmail-send
  smtpgreetingme qmail-smtpd
  smtproutes  (none) qmail-remote
  timeoutconnect  60 qmail-remote
  timeoutremote   1200   qmail-remote
  timeoutsmtpd1200   qmail-smtpd
  virtualdomains  (none) qmail-send

SEE ALSO
 qmail-inject(8),  qmail-remote(8),   qmail-send(8),   qmail-
 showctl(8), qmail-smtpd(8)




On Sun, 6 May 2001 09:54:11 -0700
Greg White <[EMAIL PROTECTED]> wrote:

> On Sun, May 06, 2001 at 08:42:10AM -0700, D . Cook wrote:
> > Hi all,
> > 
> > I can't find the syntax for /var/qmail/control in the manual.  Please
> > bear with me.
> 
> As said, try 'man qmail-control'.
> > 
> > What's the syntax for allowing all by default in rcpthosts and only
> > selected hosts are banned?  Something like
> > allow all
> > reject *.online-sex.com
> 
> Are you really sure this is what you want to do? Setting up a domain in
> rcpthosts means 'I want to recieve mail _for_ this domain', not 'I want
> to recieve mail _from_ this domain'. If one could actually set up
> rcpthosts the way you are asking, you would be placed in ORBS and RSS
> faster than you could say 'open relay'. This is a Very Bad Idea(tm).
> 
> If you need assistance with selective relay, start here:
> 
> http://cr.yp.to/qmail/faq/servers.html#authorized-relay
> 
> You can 'ban' the sites you want by IP address using ':deny' in place of
> ':allow' in tcprules. You can ban specific envelope senders with
> /var/qmail/control/badmailfrom. There are also some spamcontrol patches,
> see:
> 
> http://www.qmail.org/qmail/top.html#spam
> 
> > 
> > Thanks.
> > 
> NP. I noticed the first reply to your message mentioned the spamcontrol
> patches, but did not point out the implied error in your thinking.
> Please feel free to flame away if I misunderstood your question, but it
> does imply a misunderstanding of the nature of 'rcpthosts' and selective
> relay. HTH,
> 
> 
> -- 
> Greg White
> Those who make peaceful revolution impossible will make violent
> revolution inevitable.
> -- John F. Kennedy

Re: rcpthosts default allow all ?

[Adam McKenna]

On Sun, May 06, 2001 at 11:40:16AM -0700, D. Cook wrote:
> Oops. I actually wanted only to be able to send mails OUT to every host
> except what is banned.  I failed to grep control man page to understand
> what is required to accomplish above.  I only found out by specifying
> the domain in rcpthosts I could send mails to that domain.  Could you
> please point out the exact what-to-do in man page?  Thank you.
> 
> qmail-control(5)   Headers, Tables, and Macros   qmail-control(5)

Qmail doesn't do what you want to do.  If you do what you say you intend to
do, you will effectively make your host an open relay.  This is NOT the way
to control spam with qmail.  Various ways of controlling spam with qmail are
already very well documented, so stop spamming the list with stupid
questions and copies of the man pages.

--Adam

-- 
Adam McKenna <[EMAIL PROTECTED]> | "No matter how much it changes, 
http://flounder.net/publickey.html   |  technology's just a bunch of wires 
GPG: 17A4 11F7 5E7E C2E7 08AA|  connected to a bunch of other wires."
 38B0 05D0 8BF7 2C6D 110A|  Joe Rogan, _NewsRadio_
 12:19pm  up 4 day(s), 11:12,  6 users,  load average: 0.02, 0.02, 0.02

Re: rcpthosts default allow all ?

[Charles Cazabon]

D . Cook <[EMAIL PROTECTED]> wrote:
> Oops. I actually wanted only to be able to send mails OUT to every host
> except what is banned.

You can "ban" your users from sending mail to certain domains by making them
virtualdomains on your own server, and blackholing the mail.  You set up a
virtualdomain like domain.org:alias-domain.org, and then have a file
~alias/.qmail-domain:org-default which contains only '#'.  Then either fiddle
with your DNS, or use an smtproutes entry to ensure mail for that domain goes
to your mailserver.

> I only found out by specifying the domain in rcpthosts I could send mails to
> that domain.  Could you please point out the exact what-to-do in man page?

Go to cr.yp.to and read everything you can find about "selective relaying" or
tcpserver.  Then read the same topics at www.qmail.org and
www.lifewithqmail.org.

Charles
-- 
---
Charles Cazabon<[EMAIL PROTECTED]>
GPL'ed software available at:  http://www.qcc.sk.ca/~charlesc/software/
Any opinions expressed are just that -- my opinions.
---

Re: "rcpthosts may include wildcards"

[Adam D. McKenna]

On Fri, Jul 02, 1999 at 10:55:33AM -0400, Dave Kitabjian wrote:
> 
> This is probably very simple, but indulge me.
> 
> man for qmail-smtpd says:
> 
>   rcpthosts may include wildcards:
> 
>   heaven.af.mil
>   .heaven.af.mil
> 
> So is the "." the wildcard?  My current understanding is:
> 
>   heaven.af.mil - will allow all email to @heaven.af.mil
>   .heaven.af.mil - will allow all email to @.heaven.af.mil
> 
> So you need both entries to block *heaven.af.mil. Is this correct?

As far as I have been able to tell, yes.

> 
> Also, does the same explanation apply to "virtualdomains" and "smtproutes"?

I'm relatively sure it does.  If you man qmail-send, it tells you the exact 
syntax of all of the control files.

--Adam

More Info (was Re: rcpthosts)

[jasonf]

> You still haven't given enough information. What's in rcphosts,
> locals, and your .fetchmailrc (less passwords, of course)? How about a 
> sample of one of those fetchmail-daemon bounces, including the
> complete header?
> 
> -Dave
>

For the time being, my system only has a dialup connection, so all that's
in my rcpthosts and locals is localhost.localdomain. As far as the
.fetchmailrc, I'm actually just typing in it at the command line
"fetchmail -p POP3 -a -u user host.net".

As for the fetchmail bounce, I've attatched the complete message.

Thanks for being so patient,
Jason 



-- Forwarded message --
From: FETCHMAIL-DAEMON@localhost
To: [EMAIL PROTECTED]

Some addresses were rejected by the MDA fetchmail forwards to.


--om-mani-padme-hum-2139-2123-926460989
Content-Type: MESSAGE/DELIVERY-STATUS; CHARSET=US-ASCII
Content-ID: <[EMAIL PROTECTED]>
Content-Description: 

Reporting-MTA: dns; localhost

Final-Recipient: rfc822; jason
Last-Attempt-Date: Tue, 11 May 1999 16:16:29 -0600 (MDT)
Action: failed
Status: j.0.0
Diagnostic-Code: jason: 553 sorry, that domain isn't in my list of allowed rcpthosts 
(#5.7.1)

--om-mani-padme-hum-2139-2123-926460989
Content-Type: TEXT/RFC822-HEADERS; CHARSET=US-ASCII
Content-ID: <[EMAIL PROTECTED]>
Content-Description: 

To: [EMAIL PROTECTED]
From: [EMAIL PROTECTED]
Date: 11 May 99 17:15:00 -0500
Subject: co
Message-ID: <[EMAIL PROTECTED]>

--om-mani-padme-hum-2139-2123-926460989--

Re: rcpthosts and sender address

[alexander . jernejcic]

tpserver (part of daemontools) does exactly what you want. its a matter
of setting RELAYCLIENT. there are also solutions for dynamic relay,
where the client first authenticates through pop3.

take a look at life with qmail: http://Web.InfoAve.Net/~dsill/lwq.html
espacially chapter 3.2.3. its described in detail there

hope that helps
alexander

=
widerst@nd

On 25 Feb, Oliver Frommel wrote:
> Hi,
> 
> after reading through the mailing list archives my understanding concerning
> qmail relaying is that: rcpthosts is used only for checking the recipients
> domain. What about the sender address then? Coming from a sendmail background
> I would like the following behaviour:
> 
> 1. allow sending from everywhere to the local domain (that works through
> rcpthosts)
> 
> 2. allow sending from somewhere else (MUA) via the qmail-smtpd to somewhere else
> (the difference to 3. is that the sender address is a local address)
> 
> 3. prohibit sending from somewhere else to somewhere else with no local
> address (relaying in my understanding)
> 
> 
> Is there a way to make 2. work without using one of the "first pop then smtp"
> packages? I guess 2. still allows spammers to use the server as a relay to
> some extent, but only by forging a local address (in which case it might be
> of only limited use to them ..)
> 
> thanks for your help
> --Oliver
> 

Re: rcpthosts and sender address

[Chris Johnson]

On Fri, Feb 25, 2000 at 01:12:38PM +0100, Oliver Frommel wrote:
> After reading through the mailing list archives my understanding concerning
> qmail relaying is that: rcpthosts is used only for checking the recipients
> domain. What about the sender address then? Coming from a sendmail background
> I would like the following behaviour:
> 
> 1. allow sending from everywhere to the local domain (that works through
> rcpthosts)
> 
> 2. allow sending from somewhere else (MUA) via the qmail-smtpd to somewhere else
> (the difference to 3. is that the sender address is a local address)
> 
> 3. prohibit sending from somewhere else to somewhere else with no local
> address (relaying in my understanding)
> 
> 
> Is there a way to make 2. work without using one of the "first pop then smtp"
> packages? I guess 2. still allows spammers to use the server as a relay to
> some extent, but only by forging a local address (in which case it might be
> of only limited use to them ..)

If you want to control relaying based on the envelope sender address, you'll
need to patch qmail-smtpd. See http://www.palomine.net/qmail/relaymailfrom.html.

Chris

Re: rcpthosts problem (and solution?)

[Dave Sill]

Glenn Crownover <[EMAIL PROTECTED]> wrote:

>My rcpthosts file was:
>
>bluejava.com
>investnetcafe.com
>
>
>...
>
>Examining the dialog, I noticed that the RCPT TO: line was "RCPT TO:
>[EMAIL PROTECTED]" followed by the error message.  Then I
>remembered I had made a change to my zone file for DNS.  My MX info
>record was probably effected.  Testing this I found indeed mail with
>"RCPT TO: [EMAIL PROTECTED]" worked while "RCPT TO:
>[EMAIL PROTECTED]" was rejected as a non-recognized host.
>
>The Fix
>=
>So, I changed my 'rcpthosts' file to this:
>
>bluejava.com
>.bluejava.com
>investnetcafe.com
>.investnetcafe.com
>-
>
>and now things are working fine.  I can receive mail with a rcpt to of
>"RCPT TO: [EMAIL PROTECTED]" OR "RCPT TO: [EMAIL PROTECTED]"
>
>Have others needed to do this?

Yes.

>Is there a "Gotcha" here somewhere?

It already got you, didn't it? :-)

-Dave

Re: rcpthosts file - newbe question

[Peter Cavender]

> This has to be something simple but I've been banging my
> head against it for a couple of hours and can't get
> anywhere.  If this is covered in the FAQ, INSTALL or man
> files, I either can't find it or am misunderstanding it.
> The situation:
> 
> I have a small home network.  I have a designated server,
> corwin.mydomain.org, running qmail on debian 2.2 with kernel
> 2.4.1.  I can locally log into corwin, open pine, and send
> and recieve email.  
> 
> My normal box, merlin.mydomain.org, uses kmail.  I have it
> configured to receive email via pop3 from corwin.  This
> works fine.  I can send mail to [EMAIL PROTECTED] and
> receive it on merlin via corwin.  I also have kmail on
> merlin configured to send email via SMTP on corwin.
> However, everything I send gets bounced - relaying denied
> because "that domain isn't in my rcpthosts file."  I have
> tried all of the following in my rcpthosts file on corwin:
> 
> mydomain.org
> .mydomain.org
> merlin
> merlin.mydomain.org
> 
> I'm not sure if it matters but merlin is listed in my hosts
> file on corwin.  I can ping either merlin or
> merlin.riddlemaster.org from corwin.
> 
> What do I need to do to convince corwin to relay mail from
> merlin?  Thanks in advance for any assistance.

If you want corwin to _relay_ mail from merlin, that is not something that
goes in the rcpthosts file - that file should only contain domains that
you want merlin to _accept_ mail for, not relay.

You need to modify your /etc/tcp.smtp file, which controlls
relaying.  Don't forget to run tcprules after you change it, to
"compile" it.  if you are using the LWQ qmail start file, just do:
/etc.rc.d/init.d/qmail cdb
Actual path may vary with disro/OS.

HTH

--Pete

Re: rcpthosts - did i miss something?!

[Dimitri SZAJMAN]

rcpthosts accepts all FROM messages but not all TO messages :

I.e. if rcpthosts contains "foo.com", it will only accept messages adressed
TO: [EMAIL PROTECTED] but any SENDER (FROM) will be accepted.

--
Xon-Xoff - http://www.Xon-Xoff.fr
Publication et Commerce electronique sur le Web
Messagerie d'entreprise, Interconnexion et Securite des reseaux
- Message d'origine -
De : Thomas Foerster <[EMAIL PROTECTED]>
À : qmail <[EMAIL PROTECTED]>
Envoyé : mardi 21 septembre 1999 13:50
Objet : rcpthosts - did i miss something?!


| Hi there ..
|
| i want qmail to only accept mail form an email-adress/domain that is
| listet in /var/qmail/control/rcpthosts, but it accepts very mail ,
| even from foo@bar.
|
|
| What's wrong?!
|
| Thomas
|

Re: rcpthosts - did i miss something?!

[David Dyer-Bennet]

Thomas Foerster <[EMAIL PROTECTED]> writes on 21 September 1999 at 13:50:30 +0200

 > i want qmail to only accept mail form an email-adress/domain that is
 > listet in /var/qmail/control/rcpthosts, but it accepts very mail ,
 > even from foo@bar.

rcpthosts controls addresses for which mail will be *received* (hence
the name).  It has nothing to do with sender addresses.
-- 
David Dyer-Bennet ***NOTE ADDRESS CHANGES***  [EMAIL PROTECTED]
http://dd-b.lighthunters.net/ (photos) Minicon: http://www.mnstf.org/minicon
http://www.dd-b.net/dd-b (sf) http://ouroboros.demesne.com/ Ouroboros Bookworms
Join the 20th century before it's too late!

Re: More Info (was Re: rcpthosts)

[Dave Sill]

[EMAIL PROTECTED] wrote:
>
>For the time being, my system only has a dialup connection, so all that's
>in my rcpthosts and locals is localhost.localdomain.

You should add "the-i.net" to rcphosts and put
"[EMAIL PROTECTED]:jason" in virtualdomains. Also, create a
~jason/.qmail-jasonf or ~jason/.qmail-default to catch messages routed
through the virtualdomain to jason-jasonf@localhost.

Fetchmail takes the messages out of your POP mailbox addressed to
[EMAIL PROTECTED] and re-injects them locally, so you need to tell
qmail to deliver them locally. Or perhaps you can tell fetchmail who
to deliver them to locally.

-Dave

Re: More Info (was Re: rcpthosts)

[Sam]

[EMAIL PROTECTED] writes:

> As for the fetchmail bounce, I've attatched the complete message.

[ snip ]

>--om-mani-padme-hum-2139-2123-926460989
>Content-Type: MESSAGE/DELIVERY-STATUS; CHARSET=US-ASCII
>Content-ID: <[EMAIL PROTECTED]>
>Content-Description: 
>
>Reporting-MTA: dns; localhost
>
>Final-Recipient: rfc822; jason
>Last-Attempt-Date: Tue, 11 May 1999 16:16:29 -0600 (MDT)
>Action: failed
>Status: j.0.0
>Diagnostic-Code: jason: 553 sorry, that domain isn't in my list of allowed
> rcpthosts (#5.7.1)

Unless RFC1894 has been updated, recently, fetchmail's DSNs are horribly
broken.  Write ESR and tell him to fix his buggy code.

-- 
Sam

Re: More Info (was Re: rcpthosts)

[jasonf]

> [ snip ]
> 
> >--om-mani-padme-hum-2139-2123-926460989
> >Content-Type: MESSAGE/DELIVERY-STATUS; CHARSET=US-ASCII
> >Content-ID: <[EMAIL PROTECTED]>
> >Content-Description: 
> >
> >Reporting-MTA: dns; localhost
> >
> >Final-Recipient: rfc822; jason
> >Last-Attempt-Date: Tue, 11 May 1999 16:16:29 -0600 (MDT)
> >Action: failed
> >Status: j.0.0
> >Diagnostic-Code: jason: 553 sorry, that domain isn't in my list of allowed
> > rcpthosts (#5.7.1)
> 
> Unless RFC1894 has been updated, recently, fetchmail's DSNs are horribly
> broken.  Write ESR and tell him to fix his buggy code.
> 
> -- 
> Sam
> 

Is that to say that there's not particularly wrong with my qmail
configuration? Is there some other way to recieve POP3 mail that will work
fine w/ qmail?
Jason

RE: rcpthosts and morercpthosts - OT tangent

[Greg Kopp]

I appreciated all of the responses to my message and it woudl appear that
rsync and rdist is a much better way to do this.

However, I am at a loss in just how to use rsync or rdist.

Can someone point me to a good reference on how to do what I want? The man
pages didn't seem to help me much.

Thanks,

Greg


 > 2. Do you think it would be safe to use NFS to mount my
/var/qmail/control
 > directory on our backup MX and then use symlinks of the nfs mounted
 > rcpthosts file to the local file? For the number of domains I have, I
want
 > to avoid having to edit multiple files everytime we add one or delete
one.

Sure, if you don't mind making all of your email hosts rely on NFS.  A
better solution might be to rdist or rsync the files from a master
machine.

Re: rcpthosts - IP addresses not allowed?

[Andy Bradford]

On Thu, 04 Jan 2001 13:38:56 EST, Bernard Karmilowicz wrote:

> I am trying to send mail from host FROM_HOST (1.2.3.4) to host TO_HOST
> (1.2.3.5). The mail is addressed to "[EMAIL PROTECTED]". qmail is running on
> both hosts. Unfortunately, TO_HOST refuses the mail. However, TO_HOST
> will accept the mail if it is addressed to "user@domain".

Try sending to user@[1.2.3.5] instead...

Andy

Re: rcpthosts - IP addresses not allowed?

[Bernard Karmilowicz]

Thanks much, Andy. Your suggestion worked!

- Bernie


> > I am trying to send mail from host FROM_HOST (1.2.3.4) to host TO_HOST
> > (1.2.3.5). The mail is addressed to "[EMAIL PROTECTED]". qmail is running on
> > both hosts. Unfortunately, TO_HOST refuses the mail. However, TO_HOST
> > will accept the mail if it is addressed to "user@domain".
>
> Try sending to user@[1.2.3.5] instead...
>
> Andy

Re: RCPTHOSTS and 533 "Not in rcpthosts"

[Robbie Walker]

What's the address the message was sent to? Send another message to the
list showing the logs of the failed message.

At 05:12 PM 9/8/99 , you wrote:
>Hello all
>
>Got a really goofy problem with qmail-1.02/RH 5.1.  I added a customer and
>his /24 to my service.  Set up vmailmgr for virtual POP mail and added the
>domain haven.k12.pa.us to the rcpthost file, restarted qmail-smtpd.
>
>All the MUA's were set up to use mail.f-tech.net (not haven.f-tech.net as
>the MX record says).. but if I add haven.k12.pa.us to rcpthosts it should
>not have mattered?
>
> 9367  ?  S0:00 tcpserver -v -H -R -c100 -u81 -g80 0 smtp qmail-smtpd
>10980  ?  S0:00 qmail-smtpd
>
>The error was not e-mailed back, but displayed in a message box in both
>Eudora Pro, Netscape 4.5 and Kmail.
>
>I am now running without a rcpthosts file because that's the only way I
>could get it to send mail.
>
>Any suggestions?
>
>
>Paul D. Farber II
>Farber Technology
>Ph. 570-628-5303
>Fax 570-628-5545
>[EMAIL PROTECTED]
>


__
NovaMetrix Development 
Robbie Walker, AMWL

P.O. Box 635 or910-653-4006
106-B S. Main St   800-773-5647
Tabor City, NC 28463   910-653-2052 FAX

Re: RCPTHOSTS and 533 "Not in rcpthosts"

[Paul Farber]

I could not send any messages OUT, not even to the sam domain. 

Paul D. Farber II
Farber Technology
Ph. 570-628-5303
Fax 570-628-5545
[EMAIL PROTECTED]

On Wed, 8 Sep 1999, Robbie Walker wrote:

> What's the address the message was sent to? Send another message to the
> list showing the logs of the failed message.
> 
> At 05:12 PM 9/8/99 , you wrote:
> >Hello all
> >
> >Got a really goofy problem with qmail-1.02/RH 5.1.  I added a customer and
> >his /24 to my service.  Set up vmailmgr for virtual POP mail and added the
> >domain haven.k12.pa.us to the rcpthost file, restarted qmail-smtpd.
> >
> >All the MUA's were set up to use mail.f-tech.net (not haven.f-tech.net as
> >the MX record says).. but if I add haven.k12.pa.us to rcpthosts it should
> >not have mattered?
> >
> > 9367  ?  S0:00 tcpserver -v -H -R -c100 -u81 -g80 0 smtp qmail-smtpd
> >10980  ?  S0:00 qmail-smtpd
> >
> >The error was not e-mailed back, but displayed in a message box in both
> >Eudora Pro, Netscape 4.5 and Kmail.
> >
> >I am now running without a rcpthosts file because that's the only way I
> >could get it to send mail.
> >
> >Any suggestions?
> >
> >
> >Paul D. Farber II
> >Farber Technology
> >Ph. 570-628-5303
> >Fax 570-628-5545
> >[EMAIL PROTECTED]
> >
> 
> 
> __
> NovaMetrix Development 
> Robbie Walker, AMWL
> 
> P.O. Box 635 or910-653-4006
> 106-B S. Main St   800-773-5647
> Tabor City, NC 28463   910-653-2052 FAX
> 
> 
> 

Re: RCPTHOSTS and 533 "Not in rcpthosts"

[Paul Farber]

There were no log entries.  ALl messages were displayed on the screen
(netscape, eudora) and not e-mailed from the mailer daemon.

Paul D. Farber II
Farber Technology
Ph. 570-628-5303
Fax 570-628-5545
[EMAIL PROTECTED]

On Wed, 8 Sep 1999, Robbie Walker wrote:

> What's the address the message was sent to? Send another message to the
> list showing the logs of the failed message.
> 
> At 05:12 PM 9/8/99 , you wrote:
> >Hello all
> >
> >Got a really goofy problem with qmail-1.02/RH 5.1.  I added a customer and
> >his /24 to my service.  Set up vmailmgr for virtual POP mail and added the
> >domain haven.k12.pa.us to the rcpthost file, restarted qmail-smtpd.
> >
> >All the MUA's were set up to use mail.f-tech.net (not haven.f-tech.net as
> >the MX record says).. but if I add haven.k12.pa.us to rcpthosts it should
> >not have mattered?
> >
> > 9367  ?  S0:00 tcpserver -v -H -R -c100 -u81 -g80 0 smtp qmail-smtpd
> >10980  ?  S0:00 qmail-smtpd
> >
> >The error was not e-mailed back, but displayed in a message box in both
> >Eudora Pro, Netscape 4.5 and Kmail.
> >
> >I am now running without a rcpthosts file because that's the only way I
> >could get it to send mail.
> >
> >Any suggestions?
> >
> >
> >Paul D. Farber II
> >Farber Technology
> >Ph. 570-628-5303
> >Fax 570-628-5545
> >[EMAIL PROTECTED]
> >
> 
> 
> __
> NovaMetrix Development 
> Robbie Walker, AMWL
> 
> P.O. Box 635 or910-653-4006
> 106-B S. Main St   800-773-5647
> Tabor City, NC 28463   910-653-2052 FAX
> 
> 
> 

Re: RCPTHOSTS and 533 "Not in rcpthosts"

[Chris Johnson]

On Wed, Sep 08, 1999 at 05:12:40PM -0400, Paul Farber wrote:
> Got a really goofy problem with qmail-1.02/RH 5.1.  I added a customer and
> his /24 to my service.  Set up vmailmgr for virtual POP mail and added the
> domain haven.k12.pa.us to the rcpthost file, restarted qmail-smtpd.

There's no need to restart qmail-smtpd (and I assume you mean you restarted
tcpserver).

> All the MUA's were set up to use mail.f-tech.net (not haven.f-tech.net as the
> MX record says).. but if I add haven.k12.pa.us to rcpthosts it should not
> have mattered?

What?

>  9367  ?  S0:00 tcpserver -v -H -R -c100 -u81 -g80 0 smtp qmail-smtpd
> 10980  ?  S0:00 qmail-smtpd

You're not using the -x option in your tcpserver invocation, so you haven't
implemented selective relaying. If you want your customer to be able to use you
as a relay, you'll need to do this.

> The error was not e-mailed back, but displayed in a message box in both
> Eudora Pro, Netscape 4.5 and Kmail.
> 
> I am now running without a rcpthosts file because that's the only way I could
> get it to send mail.
> 
> Any suggestions?

Implement selective relaying, as outlined in
http://www.palomine.net/qmail/selectiverelay.html

Chris

Re: RCPTHOSTS and 533 "Not in rcpthosts"

[Paul Farber]

I had a qmail-smtp file with the class 

209.173.3:allow,RELAYCLIENT=""

And then made the cdb file.  Still no go.

Paul D. Farber II
Farber Technology
Ph. 570-628-5303
Fax 570-628-5545
[EMAIL PROTECTED]

On Wed, 8 Sep 1999, Chris Johnson wrote:

> On Wed, Sep 08, 1999 at 05:12:40PM -0400, Paul Farber wrote:
> > Got a really goofy problem with qmail-1.02/RH 5.1.  I added a customer and
> > his /24 to my service.  Set up vmailmgr for virtual POP mail and added the
> > domain haven.k12.pa.us to the rcpthost file, restarted qmail-smtpd.
> 
> There's no need to restart qmail-smtpd (and I assume you mean you restarted
> tcpserver).
> 
> > All the MUA's iwere set up to use mail.f-tech.net (not
haven.f-tech.net as the
> > MX record says).. but if I add haven.k12.pa.us to rcpthosts it should not
> > have mattered?
> 
> What?
> 
> >  9367  ?  S0:00 tcpserver -v -H -R -c100 -u81 -g80 0 smtp qmail-smtpd
> > 10980  ?  S0:00 qmail-smtpd
> 
> You're not using the -x option in your tcpserver invocation, so you haven't
> implemented selective relaying. If you want your customer to be able to use you
> as a relay, you'll need to do this.
> 
> > The error was not e-mailed back, but displayed in a message box in both
> > Eudora Pro, Netscape 4.5 and Kmail.
> > 
> > I am now running without a rcpthosts file because that's the only way I could
> > get it to send mail.
> > 
> > Any suggestions?
> 
> Implement selective relaying, as outlined in
> http://www.palomine.net/qmail/selectiverelay.html
> 
> Chris
> 

Re: RCPTHOSTS and 533 "Not in rcpthosts"

[Chris Johnson]

On Wed, Sep 08, 1999 at 05:33:53PM -0400, Paul Farber wrote:
> I had a qmail-smtp file with the class 
> 
> 209.173.3:allow,RELAYCLIENT=""
> 
> And then made the cdb file.  Still no go.

It should be:

209.173.3.:allow,RELAYCLIENT=""

(Note the trailing ".")

But here's how you're starting tcpserver:

tcpserver -v -H -R -c100 -u81 -g80 0 smtp qmail-smtpd

So you can put anything you like in your rules file, and it won't have any
effect whatsoever. You need to supply the rules file to tcpserver with the -x
option.

Chris