RELAYCLIENT
Who i can set up qmail to accept e-mail from a secific client? I have RedHat 7.0 and qmail. I try to use the file /etc/hosts.allow for insert the list of my client who can send e-mail but it don't work. I try to change the /etc/xinet.d/smtp in line server and server argument to change tcp-env in tcpd and meke the file /etc/tcp.xxx. Have you any solution? michele Schiavo
Re: RELAYCLIENT
Am 27.07.2001 um 14:35:17 schrieb Michele Schiavo: Hi Michele, Who i can set up qmail to accept e-mail from a secific client? depends on how you have setup qmail. I have RedHat 7.0 and qmail. I try to use the file /etc/hosts.allow for insert the list of my client you can specify a group of hosts in /etc/hosts.allow and do not have to list each single machine. can send e-mail but it don't work. /etc/hosts.allow has nothing to do with qmail relaying. It's probably a good idea not to list any host without knowing why. I try to change the /etc/xinet.d/smtp it is not recommended to use inet.d with qmail. You should use tcpserver instead. in line server and server argument to change tcp-env in tcpd and meke the file /etc/tcp.xxx. this is not for inet.d but for tcpserver. If you switch to tcpserver you should: a) create an /etc/tcp.smtp (or similar) and b) build the /etc/tcp.smtp.cdb from this file detailled information can be found on www.palomine.net/qmail/selectiverelay.html Good luck /ch -- Contrary to popular belief, Unix is user friendly. It just happens to be selective about who it makes friends with.
Re: RELAYCLIENT
On Fri, Jul 27, 2001 at 02:35:17PM +, Michele Schiavo wrote: Who i can set up qmail to accept e-mail from a secific client? I have RedHat 7.0 and qmail. I try to use the file /etc/hosts.allow for insert the list of my client who can send e-mail but it don't work. I try to change the /etc/xinet.d/smtp in line server and server argument to change tcp-env in tcpd and meke the file /etc/tcp.xxx. Have you any solution? Yes. Don't use the hosts.allow/xinet-stuff for that. Read http://www.lifewithqmail.org/ and use daemontools like everybody else. /magnus ps. have a nice weekend. Let's hope we get a little fewer virus-alerts next weeks. It's even more annoying than the seasonly vacation-mailer-bounces to From: instead of Return-path:.
Re: RELAYCLIENT
http://www.lifewithqmail.org/ http://www.qmail.org/ http://cr.yp.to/qmail.html take off the bib. On Fri, 27 Jul 2001, Michele Schiavo wrote: Who i can set up qmail to accept e-mail from a secific client? /* Regards, Jason Kawaja, UF-ECE Sys Admin */
RELAYCLIENT
I have qmail up and running. Sending and recieving works fine as an open relay (briefly). So I tried to use tcp.smtp to add a relay client. Here's what I did. /etc/tcp.smtp: MY_IP:allow,RELAYCLIENT= :allow then ran: tcprules /etc/tcp.smtp.cbd /etc/tcp.smtp.tmp /etc/tcp.smtp then : svc -h /service/qmail ps -aux | grep tcpserver looks like: tcpserver -H -R -v -p -x /etc/tcp.smtp.cdb -u 503 -g 502 0 smtp recordio /var/qmail/bin/qmail-smtpd tcpserver 01 110 But I am still getting the 553 error. Any suggetions on something I missed in the FAQ? Thanks in advance, Erik
Re: RELAYCLIENT
Erik Logan [EMAIL PROTECTED] wrote: /etc/tcp.smtp: MY_IP:allow,RELAYCLIENT= :allow [...] But I am still getting the 553 error. Any suggetions on something I missed in the FAQ? Yes. Don't obscure your IP address, hostname, etc., when you ask for help. I've got a good idea what your problem is, but I can't be sure unless you tell us what the _real_ contents of your rules file are. Charles -- --- Charles Cazabon[EMAIL PROTECTED] GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ ---
Re: RELAYCLIENT
Erik Logan [EMAIL PROTECTED] wrote: /etc/tcp.smtp: MY_IP:allow,RELAYCLIENT= :allow [...] But I am still getting the 553 error. Any suggetions on something I missed in the FAQ? I did the same procedure earlier today and it worked fine for me. The only thing I can think of is that you entered your IP address incorrectly somehow. Are you trying to use it from localhost? If so, add these lines to your /etc/tcp.smtp file: 192.168.10.:allow,RELAYCLIENT= 127.0.0.1:allow,RELAYCLIENT= then rerun tcprules /etc/tcp.smtp.cbd /etc/tcp.smtp.tmp /etc/tcp.smtp and it should work (putting the IP address of localhost doesn't seem to necessarily work). -Philip Mak ([EMAIL PROTECTED])
Re: RELAYCLIENT
The real tcp.smtp file says: 66.12.153.158:allow,RELAYCLIENT= dsl.gtei.net:allow,RELAYCLIENT= :allow this is what I am trying right now with no success -Erik - Original Message - From: Charles Cazabon [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, June 22, 2001 1:05 PM Subject: Re: RELAYCLIENT Erik Logan [EMAIL PROTECTED] wrote: /etc/tcp.smtp: MY_IP:allow,RELAYCLIENT= :allow [...] But I am still getting the 553 error. Any suggetions on something I missed in the FAQ? Yes. Don't obscure your IP address, hostname, etc., when you ask for help. I've got a good idea what your problem is, but I can't be sure unless you tell us what the _real_ contents of your rules file are. Charles -- --- Charles Cazabon[EMAIL PROTECTED] GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ --- I have qmail up and running. Sending and recieving works fine as an open relay (briefly). So I tried to use tcp.smtp to add a relay client. Here's what I did. /etc/tcp.smtp: MY_IP:allow,RELAYCLIENT= :allow then ran: tcprules /etc/tcp.smtp.cbd /etc/tcp.smtp.tmp /etc/tcp.smtp then : svc -h /service/qmail ps -aux | grep tcpserver looks like: tcpserver -H -R -v -p -x /etc/tcp.smtp.cdb -u 503 -g 502 0 smtp recordio /var/qmail/bin/qmail-smtpd tcpserver 01 110 But I am still getting the 553 error. Any suggetions on something I missed in the FAQ? Thanks in advance, Erik
Re: RELAYCLIENT
On Fri, 22 Jun 2001, Erik Logan wrote: The real tcp.smtp file says: 66.12.153.158:allow,RELAYCLIENT= dsl.gtei.net:allow,RELAYCLIENT= :allow this is what I am trying right now with no success dsl.gtei.net is an invalid host. Did you mean dsl.gte.net perhaps? Take a look at your mail log file (on my system it's /var/log/maillog) and see what IP address qmail is recognizing the remote host as (just look for any IP addresses in the log). See if that matches with what you put in /etc/tcp.smtp. -Philip Mak ([EMAIL PROTECTED])
Re: RELAYCLIENT
Erik Logan [EMAIL PROTECTED] wrote: The real tcp.smtp file says: 66.12.153.158:allow,RELAYCLIENT= dsl.gtei.net:allow,RELAYCLIENT= :allow this is what I am trying right now with no success Are you connecting from localhost? If so, you'll need to add 127. to that file above. Charles -- --- Charles Cazabon[EMAIL PROTECTED] GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ ---
Re: RELAYCLIENT
Hello 66.12.153.158:allow,RELAYCLIENT= dsl.gtei.net:allow,RELAYCLIENT= :allow the secondary MX should be enabled as RELAYCLIENT tcpserver -H -R -v -p -x /etc/tcp.smtp.cdb -u 503 -g 502 0 smtp recordio ^^ /var/qmail/bin/qmail-smtpd For Solaris should be without 0 (zero) Piotr --- Piotr Kasztelowicz [EMAIL PROTECTED] [http://www.am.torun.pl/~pekasz]
Re: Can RELAYCLIENT override rblsmtpd?
On Tue, Apr 03, 2001 at 11:43:19PM -0400, Hubbard, David wrote: Hi all, I allow a user of mine to smtp relay after authenticating via pop3 with vpopmail. Well, his ADSL network block has just been added to the MAPS DUL and now it seems that although his IP with RELAYCLIENT gets added successfully to my ~vpopmail/etc/tcp.smtp.cdb file which tcpserver checks with -x, because the rblsmtpd program comes after tcpserver in my qmail-smtpd script, it's query of the DUL blocks his email anyway. Any ideas? I'd rather not have to turn off the DUL support, it blocks a lot of spam from my server. Not being intimately familiar with the source, but being familiar with the environment variables involved, you might try: :allow,RELAYCLIENT="",RBLSMTPD="" in the relayclient config file. (Not sure if rblsmtpd will stomp on that variable after smtp-after-pop sets it, or not, but worth a try, no?) Let me know if it works... -- Greg White Those who make peaceful revolution impossible will make violent revolution inevitable. -- John F. Kennedy
tcpserver not setting environment variable RELAYCLIENT
I am trying to setup qmail to relay mail from my local domain to the rest of the internet using tcpserver's rules database. Here are the contents of the files I think are being used: /etc/tcp.smtp2 : 127.:allow,RELAYCLIENT="" 192.168.111.:allow,RELAYCLIENT="" 216.254.26.187:allow,RELAYCLIENT="" 216.254.26.188:allow,RELAYCLIENT="" 216.254.26.189:allow,RELAYCLIENT="" 216.254.26.186:allow,RELAYCLIENT="" 24.5.77.214:allow,RELAYCLIENT="" :allow /service/qmail-smtpd/run : #!/bin/sh QMAILDUID=`id -u qmaild` NOFILESGID=`id -g qmaild` exec /usr/local/bin/softlimit -m 200 \ /usr/local/bin/tcpserver -x/etc/tcp.smtp2.cdb -v -p \ -u $QMAILDUID -g $NOFILESGID 0 smtp /var/qmail/bin/qmail-smtpd 21 When I run: # strings /etc/tcp.smtp2.cdb I get: 127.+RELAYCLIENT= 192.168.111.+RELAYCLIENT= 216.254.26.187+RELAYCLIENT= 216.254.26.188+RELAYCLIENT= 216.254.26.189+RELAYCLIENT= 216.254.26.186+RELAYCLIENT= 24.5.77.214+RELAYCLIENT= When I run: # tcprulescheck /etc/tcp.smtp2.cdb 127.0.0.1 I get: rule : allow connection Same result for any of the specific IPs also. According to what I have read, tcprulescheck should have spit out something indicating the use of rule 127. and an indication it is setting an environment variable. What am I doing wrong? Sorry if this should go to another list. --Tom Jackson
Re: tcpserver not setting environment variable RELAYCLIENT
On 18 Oct 2000 [EMAIL PROTECTED] wrote: When I run: # tcprulescheck /etc/tcp.smtp2.cdb 127.0.0.1 I get: rule : allow connection Same result for any of the specific IPs also. According to what I have read, tcprulescheck should have spit out something indicating the use of rule 127. and an indication it is setting an environment variable. What am I doing wrong? Sorry if this should go to another list. You are not setting the IP address as an environment variable. Try this instead: TCPREMOTEIP=127.0.0.1 tcprulescheck /etc/tcp.smtp2.cdb rule 127.: set environment variable RELAYCLIENT= allow connection -- Regards Peter -- Peter Samuel[EMAIL PROTECTED] http://www.e-smith.org (development)http://www.e-smith.com (corporate) Phone: +1 613 368 4398 Fax: +1 613 564 7739 e-smith, inc. 1500-150 Metcalfe St, Ottawa, ON K2P 1P1 Canada "If you kill all your unhappy customers, you'll only have happy ones left"
RELAYCLIENT Problems - SOLVED
So here's my little story. I have to relay mail from our MS Exchange Server to the qmail-server (This server also beeing the firewall). I did setup everything with tcp-env according to point 5.4 in the FAQ But this doesn't work (at least not with my RedHat Linux) The RELAYCLIENT variable just doesn't get set. Martin Jespersen was a great help in finding the problem. My simple solution: Use tcpserver. This was actually a no-brainer. Now (nearly) everything works fine. So, why not update this in the FAQ? instead of using tcp-env I now have a /etc/tcp.smtp file in which I have the IP-adresses of the servers who are allowed to relay. I wrote a little startup-script for tcpserver and that was it. I already moved one other service from inetd to tcpserver. I'll probably shutdown my xinetd alltogether. Ciao Leo
relayclient
My goal is to block spamming through my host, allowing relay for my customers. Is there a way for doing that, without installing ucspi (and setting relayclients in tcp.smtp file)?
Re: relayclient
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12 Oct 2000, at 14:58, Mauro Tablo' wrote: My goal is to block spamming through my host, allowing relay for my customers. Is there a way for doing that, without installing ucspi (and setting relayclients in tcp.smtp file)? Yes. Hand your clients X.509 certificates and require the certificate to establish SMTP connection. Jokes aside: Your question sounds like you don't want to spend any effort. In that case, the reply is a sound NO - you don't get that for free. When you decide to invest some effort, please ask yourself a question: How do you tell your client from a spammer? Is it that: * your client has IP address of some form? * your client knows some username and password? (like for his POP account?) * your client knows some secret port number? * your client has a certain X.509 certificate? * your client has a certain PGP key? * your client has local account? After you answer these questions, we'll tell you which mechanism can be employed to allow only authorized relay. You might want to start from RFC2505 which explains quite a bit about (un)authorized relaying. -BEGIN PGP SIGNATURE- Version: PGP 6.5.2 -- QDPGP 2.61a Comment: http://community.wow.net/grt/qdpgp.html iQA/AwUBOeWpV1MwP8g7qbw/EQJ46wCfS9CJTTQ5nzv2szRirGgBdxz+tXQAoNZm 2mYNzT2JaqpoZloxJ3islUR0 =f25f -END PGP SIGNATURE- -- Petr Novotny, ANTEK CS [EMAIL PROTECTED] http://www.antek.cz PGP key ID: 0x3BA9BC3F -- Don't you know there ain't no devil there's just God when he's drunk. [Tom Waits]
Re: relayclient
On Thu, Oct 12, 2000 at 02:58:46PM +0200, Mauro Tablo' wrote: # My goal is to block spamming through my host, allowing relay for my # customers. # Is there a way for doing that, without installing ucspi (and setting # relayclients in tcp.smtp file)? that information is in the FAQ file included in the source code -- Justin Bell
Problems with RELAYCLIENT
Our setup: EXCHANGE SERVER = Firewall (qmail) = Internet we want the exchange server to relay mails to qmail, and the firewall to only accept mails for our domains, except for the exchange server. As is my understanding I need to set RELAYCLIENT with the help of tcp-env. /var/qmail/control then needs to be setup with all valid domains. Unfortunately I cannot seem to set RELAYCLIENT correctly. So here is my setup linux 2.2.16 qmail 1.03 + QMAILQUEUE patch (which also doesn't seem to work, but never mind now) Starting of qmail in /etc/rc.d/init.d with qmail-start '|preline procmail' splogger qmail my /etc/hosts.allow: tcp-env: 192.168.0.xxx,XXX.bsbanksysteme.com: RELAYCLIENT=""; export RELAYCLIENT I attached "; echo "`date`-$RELAYCLIENT-" /tmp/tcp.test" to test and as I see from that file it seems to work. When I now add a rcpthosts file I get EMail sent thru the exchange server returned: 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1) So it doesn't look as if the RELAYCLIENT realy does work. Any ideas how I can test this or verify if any of the variables does get set. a very desperate Leonard Tulipan
Problems with RELAYCLIENT
Did this reach the list? I am not so sure, so I am sending this again. Sorry if this is a duplicate, but the problem is rather urgent. -Original Message- From: Leonard Tulipan Sent: Wednesday, October 11, 2000 8:30 AM To: '[EMAIL PROTECTED]' Subject: Problems with RELAYCLIENT Our setup: EXCHANGE SERVER = Firewall (qmail) = Internet we want the exchange server to relay mails to qmail, and the firewall to only accept mails for our domains, except for the exchange server. As is my understanding I need to set RELAYCLIENT with the help of tcp-env. /var/qmail/control then needs to be setup with all valid domains. Unfortunately I cannot seem to set RELAYCLIENT correctly. So here is my setup linux 2.2.16 qmail 1.03 + QMAILQUEUE patch (which also doesn't seem to work, but never mind now) Starting of qmail in /etc/rc.d/init.d with qmail-start '|preline procmail' splogger qmail my /etc/hosts.allow: tcp-env: 192.168.0.xxx,XXX.bsbanksysteme.com: RELAYCLIENT=""; export RELAYCLIENT I attached "; echo "`date`-$RELAYCLIENT-" /tmp/tcp.test" to test and as I see from that file it seems to work. When I now add a rcpthosts file I get EMail sent thru the exchange server returned: 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1) So it doesn't look as if the RELAYCLIENT realy does work. Any ideas how I can test this or verify if any of the variables does get set. a very desperate Leonard Tulipan
Re: Problems with RELAYCLIENT
just put the exchange server in your /var/qmail/control/rcpthosts file and you should be fine :) /Martin Leonard Tulipan wrote: Did this reach the list? I am not so sure, so I am sending this again. Sorry if this is a duplicate, but the problem is rather urgent. -Original Message- From: Leonard Tulipan Sent: Wednesday, October 11, 2000 8:30 AM To: '[EMAIL PROTECTED]' Subject: Problems with RELAYCLIENT Our setup: EXCHANGE SERVER = Firewall (qmail) = Internet we want the exchange server to relay mails to qmail, and the firewall to only accept mails for our domains, except for the exchange server. As is my understanding I need to set RELAYCLIENT with the help of tcp-env. /var/qmail/control then needs to be setup with all valid domains. Unfortunately I cannot seem to set RELAYCLIENT correctly. So here is my setup linux 2.2.16 qmail 1.03 + QMAILQUEUE patch (which also doesn't seem to work, but never mind now) Starting of qmail in /etc/rc.d/init.d with qmail-start '|preline procmail' splogger qmail my /etc/hosts.allow: tcp-env: 192.168.0.xxx,XXX.bsbanksysteme.com: RELAYCLIENT=""; export RELAYCLIENT I attached "; echo "`date`-$RELAYCLIENT-" /tmp/tcp.test" to test and as I see from that file it seems to work. When I now add a rcpthosts file I get EMail sent thru the exchange server returned: 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1) So it doesn't look as if the RELAYCLIENT realy does work. Any ideas how I can test this or verify if any of the variables does get set. a very desperate Leonard Tulipan
RE: Problems with RELAYCLIENT
-Original Message- From: Martin Jespersen [SMTP:[EMAIL PROTECTED]] Sent: Wednesday, October 11, 2000 1:26 PM To: Leonard Tulipan Cc: '[EMAIL PROTECTED]' Subject: Re: Problems with RELAYCLIENT just put the exchange server in your /var/qmail/control/rcpthosts file and you should be fine :) /Martin Nice idea, but it doesn't work. I still get: 553 sorry, that domain isn't in my list of allowed rcpthosts I tried to send email from [EMAIL PROTECTED] to [EMAIL PROTECTED] So in theory the message is OK. But I WANT our exchange server to be able to RELAY. So the setting of the RELAYCLIENT variable doesn't seem to work. any ideas of how to debug this? Could this also be related to Peter Green [[EMAIL PROTECTED]] who says RedHat 6.2 is a bit weird (we upgraded the kernel to 2.2.17 though). Maybe the exporting of the enviroment variable or tcp-env don't behave right. Ciao Leo
Re: Problems with RELAYCLIENT
i'm not sure what the problem is, but i have a setup like this: my machine my.domain.com is allowed to relay to my friends machine friend.domain.com all i did to make this work was: 1: i added a mx record for my mahine under his host as priority 20 2: i added his hostname to my rcpthosts file. now if his server is down, i queue his mails and my server happily accepts mails for his box pretty straightforward, but i might not understand what it is you want... /Martin Leonard Tulipan wrote: -Original Message- From: Martin Jespersen [SMTP:[EMAIL PROTECTED]] Sent: Wednesday, October 11, 2000 1:26 PM To: Leonard Tulipan Cc: '[EMAIL PROTECTED]' Subject: Re: Problems with RELAYCLIENT just put the exchange server in your /var/qmail/control/rcpthosts file and you should be fine :) /Martin Nice idea, but it doesn't work. I still get: 553 sorry, that domain isn't in my list of allowed rcpthosts I tried to send email from [EMAIL PROTECTED] to [EMAIL PROTECTED] So in theory the message is OK. But I WANT our exchange server to be able to RELAY. So the setting of the RELAYCLIENT variable doesn't seem to work. any ideas of how to debug this? Could this also be related to Peter Green [[EMAIL PROTECTED]] who says RedHat 6.2 is a bit weird (we upgraded the kernel to 2.2.17 though). Maybe the exporting of the enviroment variable or tcp-env don't behave right. Ciao Leo
Re: Problems with RELAYCLIENT
if you are running qmail-smtpd from inetd.conf you need to read the FAQ that came with qmail on relaying. You need to modify the first inetd.conf entry shown in the install file. JB On Wed, Oct 11, 2000 at 03:23:48PM +0200, Leonard Tulipan wrote: # # # -Original Message- # From: Martin Jespersen [SMTP:[EMAIL PROTECTED]] # Sent: Wednesday, October 11, 2000 1:26 PM # To: Leonard Tulipan # Cc: '[EMAIL PROTECTED]' # Subject:Re: Problems with RELAYCLIENT # # just put the exchange server in your /var/qmail/control/rcpthosts file # and you should be fine :) # # /Martin # # # Nice idea, but it doesn't work. # I still get: 553 sorry, that domain isn't in my list of allowed rcpthosts # # I tried to send email from [EMAIL PROTECTED] to [EMAIL PROTECTED] # So in theory the message is OK. # But I WANT our exchange server to be able to RELAY. # So the setting of the RELAYCLIENT variable doesn't seem to work. # any ideas of how to debug this? # # Could this also be related to Peter Green [[EMAIL PROTECTED]] who says # RedHat 6.2 is a bit weird (we upgraded the kernel to 2.2.17 though). Maybe # the exporting of the enviroment variable or tcp-env don't behave right. # # # Ciao # Leo -- Justin Bell
RELAYCLIENT with ~control/relaymailfrom
hello firends is RELAYCONTROL environment variable overrides ~control/relaymailfromfile , i am allowing 192.168.1.0. to relay from my mail server , i want further restriction , such that their IP should be with in this range and their from address must be listed in ~control/relaymailfrom file , but i have observed that RELAYCLIENT env variable overrides ~control/relaymailfrom file thanks regards Prashant desai
Re: RELAYCLIENT with ~control/relaymailfrom
[EMAIL PROTECTED] [EMAIL PROTECTED] wrote: is RELAYCONTROL environment variable overrides ~control/relaymailfrom file , [...] but i have observed that RELAYCLIENTenv variable overrides ~control/relaymailfromfile You answered your own question. What do you want to hear from the list? Charles -- --- Charles Cazabon[EMAIL PROTECTED] GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ Any opinions expressed are just that -- my opinions. ---
using /control/relayclients and /control/relaydomains instead of setting RELAYCLIENT
i`d like to use the qmail control files relaydomains, relayclients and rcpthosts instead of setting RELAYCLIENT with tcpserver how do i set up these files, what syntax is used in them ??? i tried to insert one subnet 192.168.3. in both files and hosts in relayclients but id didn't work out as i hoped
Re: using /control/relayclients and /control/relaydomains instead of setting RELAYCLIENT
Thomas Ackermann [EMAIL PROTECTED] wrote: i`d like to use the qmail control files relaydomains, relayclients and rcpthosts instead of setting RELAYCLIENT with tcpserver qmail doesn't use relaydomains or relayclients control files. -Dave
Re: RELAYCLIENT
On Tue, Feb 08, 2000 at 10:46:47AM +0600, Md. Sifat Ullah Patwary wrote:
How can I know whether environment variable RELAYCLIENT is set and what its
value is?
Where?
It's major use is in combination with tcpserver.
Here's a little test daemon that could be used to show the concept:
--%--- cut here ---
#!/usr/bin/perl
# testd.pl; Magnus Bodin; [EMAIL PROTECTED]
use strict;
while ()
{
my $file = "$^T.$$";
open LOG, "$file" or die "couln't open $file: $!";
foreach (sort keys %ENV)
{
chomp;
print LOG "$_ = $ENV{$_}\n";
}
close LOG;
}
--%--- cut here ---
Here's the contents of tcp.test at a start:
127.0.0.1:allow,RELAYCLIENT=""
:allow
Rebuild tcp.test.cdb like this:
tcprules ./tcp.test.cdb ./tcp.test.tmp ./tcp.test
And start the daemon like this:
tcpserver -v -xtcp.test.cdb 0 4000 ./testd.pl
telnet to port 4000 from different machines and with different content in
tcp.test.cdb (see manual for tcpserver in ucspi-tcp-package.
Look in the logfiles for results.
/magnus
--
http://x42.com/
help pls! RELAYCLIENT won't bypass rcpthosts
I have configured selective relaying as described in Michael Samuel's step-by-step instructions to bypass rcpthosts by enabling RELAYCLIENT for select customers. The problem is that I am receiving a denial of service for anybody- even those hosts (IP addresses) listed in my tcp.smtp.cdb database. It seems to be ignoring these rules - only using the rcpthosts. Any help is appreciated! Thanks. For example, from my host 192.152.1.21 I try to telnet to the SMTP host and send a message to a host that is NOT defined in the rcpthosts file. My understanding is that because my host (192.152.1.*) is allowed to relay, RELAYCLIENT will be set and rcpthosts will by bypassed. It doesn't seem to work however. Here is some output: telnet mysmtphost.mydomain.com 25 Trying XXX.XX.XX.XX... Connected to mysmtphost.mydomain.com. Escape character is '^]'. 220 localhost.localdomain ESMTP mail from:[EMAIL PROTECTED] 250 ok rcpt to:[EMAIL PROTECTED] 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1) Note, somewhereelse.com is not listed in my rcpthosts. Ok, but this is a telnet session is from a machine who enables RELAYCLIENT in the tcp.smtp.cdb database. Here is my configuration (ip info has been changed for security reasons) tcp.smtp (I remembered to reload this): 192.152.1.:allow,RELAYCLIENT="" :allow You can see that I am running tcpserver correctly too: /usr/local/bin/tcpserver -v -p -x /etc/tcp.smtp.cdb -u 137 -g 223 0 smtp /var/qmail/bin/qmail-smtpd Any ideas?? Thanks! rjm
Re: help pls! RELAYCLIENT won't bypass rcpthosts
"Reece" == Reece Markowsky [EMAIL PROTECTED] writes: Reece You can see that I am running tcpserver correctly too: /usr/local/bin/tcpserver -v -p -x /etc/tcp.smtp.cdb -u 137 -g 223 0 smtp /var/qmail/bin/qmail-smtpd Try making sure that the path to the CDB file is part of the '-x' argument, not an additional argument (remove that extra space, that is '-xFOO', not '-x FOO'). Also, use cdbdump to make sure that the cdb file is up to date (or just rebuild it). Reece Any ideas?? If that doesn't work, instead of exec'ing qmail-smtpd, exec an sh script which dumps the env and them execs qmail-smtpd, as in: #!/bin/sh env /var/tmp/debug/qmail-smtpd.$$ exec /var/qmail/bin/smtpd Then, examine the environment and make sure RELAYCLIENT really is set. BTW, if might want to use ofmipd for "internal" hosts to give you rewriting flexibility in case you need it. I do so like this: /usr/local/bin/tcpserver -R -H -learthquake -x/var/qmail/etc/tcp.smtp.cdb -u61 -g60 -v 0 smtp /var/qmail/libexec/qmail-smtpd+ofmipd /var/qmail/etc/tcp.smtp: 192.168.249.:allow,OFMIPCLIENT="yes" 192.168.250.:allow,OFMIPCLIENT="yes" 206.251.18.:allow,OFMIPCLIENT="yes" 204.71.180.:allow,OFMIPCLIENT="yes" :allow,DATABYTES="1048576" /var/qmail/libexec/qmail-smtpd+ofmipd #!/bin/sh if [ -n "$OFMIPCLIENT" ] ; then exec /var/qmail/bin/ofmipd else exec /var/qmail/bin/qmail-smtpd fi Good luck. j. -- Jay Soffian [EMAIL PROTECTED]UNIX Systems Engineer 404.572.1941 Cox Interactive Media
RE: help pls! RELAYCLIENT won't bypass rcpthosts
are you actually compiling the cdb into /etc? I had this problem before where I _thought_ I was doing everything correctly but was putting the .cdb into a different location, after I changed my scripts to use deamontools6. I have to say it drove me insane. -Original Message- From: Reece Markowsky [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 04, 2000 12:24 PM To: [EMAIL PROTECTED] Subject: help pls! RELAYCLIENT won't bypass rcpthosts I have configured selective relaying as described in Michael Samuel's step-by-step instructions to bypass rcpthosts by enabling RELAYCLIENT for select customers. The problem is that I am receiving a denial of service for anybody- even those hosts (IP addresses) listed in my tcp.smtp.cdb database. It seems to be ignoring these rules - only using the rcpthosts. Any help is appreciated! Thanks. For example, from my host 192.152.1.21 I try to telnet to the SMTP host and send a message to a host that is NOT defined in the rcpthosts file. My understanding is that because my host (192.152.1.*) is allowed to relay, RELAYCLIENT will be set and rcpthosts will by bypassed. It doesn't seem to work however. Here is some output: telnet mysmtphost.mydomain.com 25 Trying XXX.XX.XX.XX... Connected to mysmtphost.mydomain.com. Escape character is '^]'. 220 localhost.localdomain ESMTP mail from:[EMAIL PROTECTED] 250 ok rcpt to:[EMAIL PROTECTED] 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1) Note, somewhereelse.com is not listed in my rcpthosts. Ok, but this is a telnet session is from a machine who enables RELAYCLIENT in the tcp.smtp.cdb database. Here is my configuration (ip info has been changed for security reasons) tcp.smtp (I remembered to reload this): 192.152.1.:allow,RELAYCLIENT="" :allow You can see that I am running tcpserver correctly too: /usr/local/bin/tcpserver -v -p -x /etc/tcp.smtp.cdb -u 137 -g 223 0 smtp /var/qmail/bin/qmail-smtpd Any ideas?? Thanks! rjm
Re: help pls! RELAYCLIENT won't bypass rcpthosts
Reece Markowsky [EMAIL PROTECTED] wrote: For example, from my host 192.152.1.21 I try to telnet to the SMTP host and send a message to a host that is NOT defined in the rcpthosts file. My understanding is that because my host (192.152.1.*) is allowed to relay, RELAYCLIENT will be set and rcpthosts will by bypassed. It doesn't seem to work however. Here is some output: telnet mysmtphost.mydomain.com 25 Trying XXX.XX.XX.XX... Connected to mysmtphost.mydomain.com. Escape character is '^]'. 220 localhost.localdomain ESMTP mail from:[EMAIL PROTECTED] 250 ok rcpt to:[EMAIL PROTECTED] 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1) Note, somewhereelse.com is not listed in my rcpthosts. Ok, but this is a telnet session is from a machine who enables RELAYCLIENT in the tcp.smtp.cdb database. Here is my configuration (ip info has been changed for security reasons) tcp.smtp (I remembered to reload this): 192.152.1.:allow,RELAYCLIENT="" :allow You can see that I am running tcpserver correctly too: /usr/local/bin/tcpserver -v -p -x /etc/tcp.smtp.cdb -u 137 -g 223 0 smtp /var/qmail/bin/qmail-smtpd Any ideas?? Yeah, you've got somemisconfiguration in the somefile config file in somedir on mysmtphost. Hope this helps. -Dave
RELAYCLIENT domains?
Is there any simple way to allow *pacbell.net to allow relay? thanks! - Elliott Freis Manager of Information Services 415.551.1510 ext. 303 OpenTable.com, Inc. The real-time restaurant reservation network http://www.opentable.com http://www.opentable.com/ Where would you like to make online reservations? Tell us at: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED]
Re: RELAYCLIENT and InetD - clarification
On Tue, Mar 23, 1999 at 04:32:57PM +, Peter Gradwell wrote: Hi, I want to use INETD and a RELAYCLIENT variable. I have been to the archives and done my homework, but I can't find a specific example. (I currently can't / don/t want to change to using tcpserver, as I'm keen to make as few changes to the server as possible.) You'd be doing yourself a big favor by using tcpserver. It'd take you ten minutes to set up. Could some one please confirm that I could put this in my qmail/rc file and have it work nicely. I want to allow relaying from 212.228.2.223 --- begins --- exec env - PATH="/var/qmail/bin:$PATH" \ exec env - RELAYCLIENT="212.228.2.223" \ /var/qmail/bin/qmail-start ./Mailbox /usr/local/bin/accustamp \ | /usr/local/bin/setuser qmaill /usr/local/bin/cyclog -s 500 -n 30 /var/log/qmail It's qmail-smtpd that cares about RELAYCLIENT. Setting it for qmail-start won't do anything. You need to set it via your inetd/tcpd invocation. (I don't know how, as I use tcpserver.) Read http://www.palomine.net/qmail/selectiverelay.html. It'll get you set up with selective relaying and tcpserver in no time flat. (This is very similar to Peter Samuel's document on the same subject, but I wrote it to go along with my "qmail newbie's guide to relaying.") Chris
Re: RELAYCLIENT and InetD - clarification
On Tue, Mar 23, 1999 at 11:57:55AM -0500, Chris Johnson wrote: [snip] Read http://www.palomine.net/qmail/selectiverelay.html. It'll get you set up with selective relaying and tcpserver in no time flat. (This is very similar to Peter Samuel's document on the same subject, but I wrote it to go along with my "qmail newbie's guide to relaying.") Michael Samuel, that is. I got my Samuels mixed up. Chris
Re: RELAYCLIENT and InetD - clarification
Peter Gradwell writes: Hi, I want to use INETD and a RELAYCLIENT variable. I have been to the archives and done my homework, but I can't find a specific example. (I currently can't / don/t want to change to using tcpserver, as I'm keen to make as few changes to the server as possible.) Could some one please confirm that I could put this in my qmail/rc file and have it work nicely. I want to allow relaying from 212.228.2.223 --- begins --- exec env - PATH="/var/qmail/bin:$PATH" \ exec env - RELAYCLIENT="212.228.2.223" \ /var/qmail/bin/qmail-start ./Mailbox /usr/local/bin/accustamp \ | /usr/local/bin/setuser qmaill /usr/local/bin/cyclog -s 500 -n 30 /var/log/qmail No. This does absolutely nothing meaningfull. Read the manual page for qmail-smtpd, which tells you that qmail-smtpd is the one that uses the environment variables. Then program inetd to invoke qmail-smtpd in the fashion outlined in the manual page. -- Sam
RELAYCLIENT and inetd
Hello list friends, First, there is no way set RELAYCLIENT (via inetd, tcpserver, or some patch) based on domain name rather than IP, correct? (I realize it would be weak) Second, with inetd it is not possible to set RELAYCLIENT with a wildcard * (24.232.12.*), but with tcpserver yes, correct? Regards - eric
Re: RELAYCLIENT and inetd
- Eric Dahnke [EMAIL PROTECTED]: | First, there is no way set RELAYCLIENT (via inetd, tcpserver, or | some patch) based on domain name rather than IP, correct? (I realize | it would be weak) tcpserver won't do it out of the box, but it's almost trivial to do with a little wrapper. Just have tcpserver run a program which looks up TCPREMOTEHOST in a database, and sets RELAYCLIENT accordingly before running the real qmail-smtpd. If you run tcpserver with the -p (paranoid) flag, it is perhaps not totally trivial to break either - but then, I am no expert on DNS security. Maybe someone will comment? (Sorry I can't answer inetd questions.) - Harald
