Re: RELAYCLIENT
Am 27.07.2001 um 14:35:17 schrieb Michele Schiavo: Hi Michele, Who i can set up qmail to accept e-mail from a secific client? depends on how you have setup qmail. I have RedHat 7.0 and qmail. I try to use the file /etc/hosts.allow for insert the list of my client you can specify a group of hosts in /etc/hosts.allow and do not have to list each single machine. can send e-mail but it don't work. /etc/hosts.allow has nothing to do with qmail relaying. It's probably a good idea not to list any host without knowing why. I try to change the /etc/xinet.d/smtp it is not recommended to use inet.d with qmail. You should use tcpserver instead. in line server and server argument to change tcp-env in tcpd and meke the file /etc/tcp.xxx. this is not for inet.d but for tcpserver. If you switch to tcpserver you should: a) create an /etc/tcp.smtp (or similar) and b) build the /etc/tcp.smtp.cdb from this file detailled information can be found on www.palomine.net/qmail/selectiverelay.html Good luck /ch -- Contrary to popular belief, Unix is user friendly. It just happens to be selective about who it makes friends with.
Re: RELAYCLIENT
On Fri, Jul 27, 2001 at 02:35:17PM +, Michele Schiavo wrote: Who i can set up qmail to accept e-mail from a secific client? I have RedHat 7.0 and qmail. I try to use the file /etc/hosts.allow for insert the list of my client who can send e-mail but it don't work. I try to change the /etc/xinet.d/smtp in line server and server argument to change tcp-env in tcpd and meke the file /etc/tcp.xxx. Have you any solution? Yes. Don't use the hosts.allow/xinet-stuff for that. Read http://www.lifewithqmail.org/ and use daemontools like everybody else. /magnus ps. have a nice weekend. Let's hope we get a little fewer virus-alerts next weeks. It's even more annoying than the seasonly vacation-mailer-bounces to From: instead of Return-path:.
Re: RELAYCLIENT
http://www.lifewithqmail.org/ http://www.qmail.org/ http://cr.yp.to/qmail.html take off the bib. On Fri, 27 Jul 2001, Michele Schiavo wrote: Who i can set up qmail to accept e-mail from a secific client? /* Regards, Jason Kawaja, UF-ECE Sys Admin */
Re: RELAYCLIENT
Erik Logan [EMAIL PROTECTED] wrote: /etc/tcp.smtp: MY_IP:allow,RELAYCLIENT= :allow [...] But I am still getting the 553 error. Any suggetions on something I missed in the FAQ? Yes. Don't obscure your IP address, hostname, etc., when you ask for help. I've got a good idea what your problem is, but I can't be sure unless you tell us what the _real_ contents of your rules file are. Charles -- --- Charles Cazabon[EMAIL PROTECTED] GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ ---
Re: RELAYCLIENT
Erik Logan [EMAIL PROTECTED] wrote: /etc/tcp.smtp: MY_IP:allow,RELAYCLIENT= :allow [...] But I am still getting the 553 error. Any suggetions on something I missed in the FAQ? I did the same procedure earlier today and it worked fine for me. The only thing I can think of is that you entered your IP address incorrectly somehow. Are you trying to use it from localhost? If so, add these lines to your /etc/tcp.smtp file: 192.168.10.:allow,RELAYCLIENT= 127.0.0.1:allow,RELAYCLIENT= then rerun tcprules /etc/tcp.smtp.cbd /etc/tcp.smtp.tmp /etc/tcp.smtp and it should work (putting the IP address of localhost doesn't seem to necessarily work). -Philip Mak ([EMAIL PROTECTED])
Re: RELAYCLIENT
The real tcp.smtp file says: 66.12.153.158:allow,RELAYCLIENT= dsl.gtei.net:allow,RELAYCLIENT= :allow this is what I am trying right now with no success -Erik - Original Message - From: Charles Cazabon [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, June 22, 2001 1:05 PM Subject: Re: RELAYCLIENT Erik Logan [EMAIL PROTECTED] wrote: /etc/tcp.smtp: MY_IP:allow,RELAYCLIENT= :allow [...] But I am still getting the 553 error. Any suggetions on something I missed in the FAQ? Yes. Don't obscure your IP address, hostname, etc., when you ask for help. I've got a good idea what your problem is, but I can't be sure unless you tell us what the _real_ contents of your rules file are. Charles -- --- Charles Cazabon[EMAIL PROTECTED] GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ --- I have qmail up and running. Sending and recieving works fine as an open relay (briefly). So I tried to use tcp.smtp to add a relay client. Here's what I did. /etc/tcp.smtp: MY_IP:allow,RELAYCLIENT= :allow then ran: tcprules /etc/tcp.smtp.cbd /etc/tcp.smtp.tmp /etc/tcp.smtp then : svc -h /service/qmail ps -aux | grep tcpserver looks like: tcpserver -H -R -v -p -x /etc/tcp.smtp.cdb -u 503 -g 502 0 smtp recordio /var/qmail/bin/qmail-smtpd tcpserver 01 110 But I am still getting the 553 error. Any suggetions on something I missed in the FAQ? Thanks in advance, Erik
Re: RELAYCLIENT
On Fri, 22 Jun 2001, Erik Logan wrote: The real tcp.smtp file says: 66.12.153.158:allow,RELAYCLIENT= dsl.gtei.net:allow,RELAYCLIENT= :allow this is what I am trying right now with no success dsl.gtei.net is an invalid host. Did you mean dsl.gte.net perhaps? Take a look at your mail log file (on my system it's /var/log/maillog) and see what IP address qmail is recognizing the remote host as (just look for any IP addresses in the log). See if that matches with what you put in /etc/tcp.smtp. -Philip Mak ([EMAIL PROTECTED])
Re: RELAYCLIENT
Erik Logan [EMAIL PROTECTED] wrote: The real tcp.smtp file says: 66.12.153.158:allow,RELAYCLIENT= dsl.gtei.net:allow,RELAYCLIENT= :allow this is what I am trying right now with no success Are you connecting from localhost? If so, you'll need to add 127. to that file above. Charles -- --- Charles Cazabon[EMAIL PROTECTED] GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ ---
Re: RELAYCLIENT
Hello 66.12.153.158:allow,RELAYCLIENT= dsl.gtei.net:allow,RELAYCLIENT= :allow the secondary MX should be enabled as RELAYCLIENT tcpserver -H -R -v -p -x /etc/tcp.smtp.cdb -u 503 -g 502 0 smtp recordio ^^ /var/qmail/bin/qmail-smtpd For Solaris should be without 0 (zero) Piotr --- Piotr Kasztelowicz [EMAIL PROTECTED] [http://www.am.torun.pl/~pekasz]
Re: relayclient
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12 Oct 2000, at 14:58, Mauro Tablo' wrote: My goal is to block spamming through my host, allowing relay for my customers. Is there a way for doing that, without installing ucspi (and setting relayclients in tcp.smtp file)? Yes. Hand your clients X.509 certificates and require the certificate to establish SMTP connection. Jokes aside: Your question sounds like you don't want to spend any effort. In that case, the reply is a sound NO - you don't get that for free. When you decide to invest some effort, please ask yourself a question: How do you tell your client from a spammer? Is it that: * your client has IP address of some form? * your client knows some username and password? (like for his POP account?) * your client knows some secret port number? * your client has a certain X.509 certificate? * your client has a certain PGP key? * your client has local account? After you answer these questions, we'll tell you which mechanism can be employed to allow only authorized relay. You might want to start from RFC2505 which explains quite a bit about (un)authorized relaying. -BEGIN PGP SIGNATURE- Version: PGP 6.5.2 -- QDPGP 2.61a Comment: http://community.wow.net/grt/qdpgp.html iQA/AwUBOeWpV1MwP8g7qbw/EQJ46wCfS9CJTTQ5nzv2szRirGgBdxz+tXQAoNZm 2mYNzT2JaqpoZloxJ3islUR0 =f25f -END PGP SIGNATURE- -- Petr Novotny, ANTEK CS [EMAIL PROTECTED] http://www.antek.cz PGP key ID: 0x3BA9BC3F -- Don't you know there ain't no devil there's just God when he's drunk. [Tom Waits]
Re: relayclient
On Thu, Oct 12, 2000 at 02:58:46PM +0200, Mauro Tablo' wrote: # My goal is to block spamming through my host, allowing relay for my # customers. # Is there a way for doing that, without installing ucspi (and setting # relayclients in tcp.smtp file)? that information is in the FAQ file included in the source code -- Justin Bell
Re: RELAYCLIENT with ~control/relaymailfrom
[EMAIL PROTECTED] [EMAIL PROTECTED] wrote: is RELAYCONTROL environment variable overrides ~control/relaymailfrom file , [...] but i have observed that RELAYCLIENTenv variable overrides ~control/relaymailfromfile You answered your own question. What do you want to hear from the list? Charles -- --- Charles Cazabon[EMAIL PROTECTED] GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ Any opinions expressed are just that -- my opinions. ---
Re: RELAYCLIENT
On Tue, Feb 08, 2000 at 10:46:47AM +0600, Md. Sifat Ullah Patwary wrote: How can I know whether environment variable RELAYCLIENT is set and what its value is? Where? It's major use is in combination with tcpserver. Here's a little test daemon that could be used to show the concept: --%--- cut here --- #!/usr/bin/perl # testd.pl; Magnus Bodin; [EMAIL PROTECTED] use strict; while () { my $file = "$^T.$$"; open LOG, "$file" or die "couln't open $file: $!"; foreach (sort keys %ENV) { chomp; print LOG "$_ = $ENV{$_}\n"; } close LOG; } --%--- cut here --- Here's the contents of tcp.test at a start: 127.0.0.1:allow,RELAYCLIENT="" :allow Rebuild tcp.test.cdb like this: tcprules ./tcp.test.cdb ./tcp.test.tmp ./tcp.test And start the daemon like this: tcpserver -v -xtcp.test.cdb 0 4000 ./testd.pl telnet to port 4000 from different machines and with different content in tcp.test.cdb (see manual for tcpserver in ucspi-tcp-package. Look in the logfiles for results. /magnus -- http://x42.com/
Re: RELAYCLIENT and InetD - clarification
On Tue, Mar 23, 1999 at 04:32:57PM +, Peter Gradwell wrote: Hi, I want to use INETD and a RELAYCLIENT variable. I have been to the archives and done my homework, but I can't find a specific example. (I currently can't / don/t want to change to using tcpserver, as I'm keen to make as few changes to the server as possible.) You'd be doing yourself a big favor by using tcpserver. It'd take you ten minutes to set up. Could some one please confirm that I could put this in my qmail/rc file and have it work nicely. I want to allow relaying from 212.228.2.223 --- begins --- exec env - PATH="/var/qmail/bin:$PATH" \ exec env - RELAYCLIENT="212.228.2.223" \ /var/qmail/bin/qmail-start ./Mailbox /usr/local/bin/accustamp \ | /usr/local/bin/setuser qmaill /usr/local/bin/cyclog -s 500 -n 30 /var/log/qmail It's qmail-smtpd that cares about RELAYCLIENT. Setting it for qmail-start won't do anything. You need to set it via your inetd/tcpd invocation. (I don't know how, as I use tcpserver.) Read http://www.palomine.net/qmail/selectiverelay.html. It'll get you set up with selective relaying and tcpserver in no time flat. (This is very similar to Peter Samuel's document on the same subject, but I wrote it to go along with my "qmail newbie's guide to relaying.") Chris
Re: RELAYCLIENT and InetD - clarification
On Tue, Mar 23, 1999 at 11:57:55AM -0500, Chris Johnson wrote: [snip] Read http://www.palomine.net/qmail/selectiverelay.html. It'll get you set up with selective relaying and tcpserver in no time flat. (This is very similar to Peter Samuel's document on the same subject, but I wrote it to go along with my "qmail newbie's guide to relaying.") Michael Samuel, that is. I got my Samuels mixed up. Chris
Re: RELAYCLIENT and InetD - clarification
Peter Gradwell writes: Hi, I want to use INETD and a RELAYCLIENT variable. I have been to the archives and done my homework, but I can't find a specific example. (I currently can't / don/t want to change to using tcpserver, as I'm keen to make as few changes to the server as possible.) Could some one please confirm that I could put this in my qmail/rc file and have it work nicely. I want to allow relaying from 212.228.2.223 --- begins --- exec env - PATH="/var/qmail/bin:$PATH" \ exec env - RELAYCLIENT="212.228.2.223" \ /var/qmail/bin/qmail-start ./Mailbox /usr/local/bin/accustamp \ | /usr/local/bin/setuser qmaill /usr/local/bin/cyclog -s 500 -n 30 /var/log/qmail No. This does absolutely nothing meaningfull. Read the manual page for qmail-smtpd, which tells you that qmail-smtpd is the one that uses the environment variables. Then program inetd to invoke qmail-smtpd in the fashion outlined in the manual page. -- Sam
Re: RELAYCLIENT and inetd
- Eric Dahnke [EMAIL PROTECTED]: | First, there is no way set RELAYCLIENT (via inetd, tcpserver, or | some patch) based on domain name rather than IP, correct? (I realize | it would be weak) tcpserver won't do it out of the box, but it's almost trivial to do with a little wrapper. Just have tcpserver run a program which looks up TCPREMOTEHOST in a database, and sets RELAYCLIENT accordingly before running the real qmail-smtpd. If you run tcpserver with the -p (paranoid) flag, it is perhaps not totally trivial to break either - but then, I am no expert on DNS security. Maybe someone will comment? (Sorry I can't answer inetd questions.) - Harald