Re: RELAYCLIENT

2001-07-27 Thread Clemens Hermann 

Am 27.07.2001 um 14:35:17 schrieb Michele Schiavo:

Hi Michele,

 Who i can set up qmail to accept e-mail from a secific client?

depends on how you have setup qmail.

 I have RedHat 7.0 and qmail.
 I try to use the file /etc/hosts.allow for insert the list of my client

you can specify a group of hosts in /etc/hosts.allow and do not have to
list each single machine.
 
 can send e-mail but it don't work.

/etc/hosts.allow has nothing to do with qmail relaying. It's probably a
good idea not to list any host without knowing why.

 I try to change the /etc/xinet.d/smtp 

it is not recommended to use inet.d with qmail. You should use tcpserver
instead.

 in line server and server argument to 
 change tcp-env in tcpd and meke the file /etc/tcp.xxx. 

this is not for inet.d but for tcpserver. If you switch to tcpserver you
should:

a) create an /etc/tcp.smtp (or similar) and
b) build the /etc/tcp.smtp.cdb from this file

detailled information can be found on
www.palomine.net/qmail/selectiverelay.html

Good luck

/ch

-- 
Contrary to popular belief, Unix is user friendly.
It just happens to be selective about who it makes friends with.

Re: RELAYCLIENT

2001-07-27 Thread Magnus Bodin 

On Fri, Jul 27, 2001 at 02:35:17PM +, Michele Schiavo wrote:

 Who i can set up qmail to accept e-mail from a secific client?
 I have RedHat 7.0 and qmail.
 I try to use the file /etc/hosts.allow for insert the list of my client who 
 can send e-mail but it don't work.
 I try to change the /etc/xinet.d/smtp in line server and server argument to 
 change tcp-env in tcpd and meke the file /etc/tcp.xxx. 
 
 Have you any solution? 

Yes. Don't use the hosts.allow/xinet-stuff for that. 

Read

http://www.lifewithqmail.org/

and use daemontools like everybody else.

/magnus

ps. have a nice weekend. Let's hope we get a little fewer virus-alerts next
weeks. It's even more annoying than the seasonly vacation-mailer-bounces to
From: instead of Return-path:.

Re: RELAYCLIENT

2001-07-27 Thread Jason Kawaja 

http://www.lifewithqmail.org/
http://www.qmail.org/
http://cr.yp.to/qmail.html

take off the bib.

On Fri, 27 Jul 2001, Michele Schiavo wrote:

 Who i can set up qmail to accept e-mail from a secific client?

/* Regards,
   Jason Kawaja, UF-ECE Sys Admin */

Re: RELAYCLIENT

2001-06-22 Thread Charles Cazabon 

Erik Logan [EMAIL PROTECTED] wrote:
 
 /etc/tcp.smtp:
 
 MY_IP:allow,RELAYCLIENT=
 :allow
[...] 
 But I am still getting the 553 error. Any suggetions on something I missed
 in the FAQ?

Yes.  Don't obscure your IP address, hostname, etc., when you ask for help.
I've got a good idea what your problem is, but I can't be sure unless you tell
us what the _real_ contents of your rules file are.

Charles
-- 
---
Charles Cazabon[EMAIL PROTECTED]
GPL'ed software available at:  http://www.qcc.sk.ca/~charlesc/software/
---

Re: RELAYCLIENT

2001-06-22 Thread Philip Mak 

Erik Logan [EMAIL PROTECTED] wrote:

 /etc/tcp.smtp:

 MY_IP:allow,RELAYCLIENT=
 :allow
[...]
 But I am still getting the 553 error. Any suggetions on something I missed
 in the FAQ?

I did the same procedure earlier today and it worked fine for me. The only
thing I can think of is that you entered your IP address incorrectly
somehow.

Are you trying to use it from localhost? If so, add these lines to your
/etc/tcp.smtp file:

192.168.10.:allow,RELAYCLIENT=
127.0.0.1:allow,RELAYCLIENT=

then rerun tcprules /etc/tcp.smtp.cbd /etc/tcp.smtp.tmp  /etc/tcp.smtp

and it should work (putting the IP address of localhost doesn't seem to
necessarily work).

-Philip Mak ([EMAIL PROTECTED])

Re: RELAYCLIENT

2001-06-22 Thread Erik Logan 

The real tcp.smtp file says:

66.12.153.158:allow,RELAYCLIENT=
dsl.gtei.net:allow,RELAYCLIENT=
:allow

this is what I am trying right now with no success

-Erik

- Original Message -
From: Charles Cazabon [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, June 22, 2001 1:05 PM
Subject: Re: RELAYCLIENT


 Erik Logan [EMAIL PROTECTED] wrote:
 
  /etc/tcp.smtp:
 
  MY_IP:allow,RELAYCLIENT=
  :allow
 [...]
  But I am still getting the 553 error. Any suggetions on something I
missed
  in the FAQ?

 Yes.  Don't obscure your IP address, hostname, etc., when you ask for
help.
 I've got a good idea what your problem is, but I can't be sure unless you
tell
 us what the _real_ contents of your rules file are.

 Charles
 --
 ---
 Charles Cazabon[EMAIL PROTECTED]
 GPL'ed software available at:  http://www.qcc.sk.ca/~charlesc/software/
 ---


I have qmail up and running. Sending and  recieving works fine as an open
relay (briefly). So I tried to use tcp.smtp to add a relay client. Here's
what I did.

/etc/tcp.smtp:

MY_IP:allow,RELAYCLIENT=
:allow

then ran:

tcprules /etc/tcp.smtp.cbd /etc/tcp.smtp.tmp  /etc/tcp.smtp

then :

svc -h  /service/qmail

ps -aux | grep tcpserver  looks like:

tcpserver -H -R -v -p -x /etc/tcp.smtp.cdb -u 503 -g 502 0 smtp recordio
/var/qmail/bin/qmail-smtpd
tcpserver 01 110


But I am still getting the 553 error. Any suggetions on something I missed
in the FAQ?

Thanks in advance,

Erik

Re: RELAYCLIENT

2001-06-22 Thread Philip Mak 

On Fri, 22 Jun 2001, Erik Logan wrote:

 The real tcp.smtp file says:

 66.12.153.158:allow,RELAYCLIENT=
 dsl.gtei.net:allow,RELAYCLIENT=
 :allow

 this is what I am trying right now with no success

dsl.gtei.net is an invalid host. Did you mean dsl.gte.net perhaps?

Take a look at your mail log file (on my system it's /var/log/maillog) and
see what IP address qmail is recognizing the remote host as (just look for
any IP addresses in the log). See if that matches with what you put in
/etc/tcp.smtp.

-Philip Mak ([EMAIL PROTECTED])

Re: RELAYCLIENT

2001-06-22 Thread Charles Cazabon 

Erik Logan [EMAIL PROTECTED] wrote:
 The real tcp.smtp file says:
 
 66.12.153.158:allow,RELAYCLIENT=
 dsl.gtei.net:allow,RELAYCLIENT=
 :allow
 
 this is what I am trying right now with no success

Are you connecting from localhost?  If so, you'll need to add 127. to that
file above.

Charles
-- 
---
Charles Cazabon[EMAIL PROTECTED]
GPL'ed software available at:  http://www.qcc.sk.ca/~charlesc/software/
---

Re: RELAYCLIENT

2001-06-22 Thread Piotr Kasztelowicz 

Hello

 66.12.153.158:allow,RELAYCLIENT=
 dsl.gtei.net:allow,RELAYCLIENT=
 :allow

the secondary MX should be enabled as RELAYCLIENT

 tcpserver -H -R -v -p -x /etc/tcp.smtp.cdb -u 503 -g 502 0 smtp recordio
   ^^
 /var/qmail/bin/qmail-smtpd

For Solaris should be without 0 (zero)

Piotr
---
Piotr Kasztelowicz [EMAIL PROTECTED]
[http://www.am.torun.pl/~pekasz]

Re: relayclient

2000-10-12 Thread Petr Novotny 

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 12 Oct 2000, at 14:58, Mauro Tablo' wrote:

 My goal is to block spamming through my host, allowing relay for my
 customers. Is there a way for doing that, without installing ucspi
 (and setting relayclients in tcp.smtp file)?

Yes. Hand your clients X.509 certificates and require the certificate 
to establish SMTP connection.

Jokes aside: Your question sounds like you don't want to spend 
any effort. In that case, the reply is a sound NO - you don't get that 
for free.

When you decide to invest some effort, please ask yourself a 
question: How do you tell your client from a spammer? Is it that:
* your client has IP address of some form?
* your client knows some username and password? (like for his 
POP account?)
* your client knows some secret port number?
* your client has a certain X.509 certificate?
* your client has a certain PGP key?
* your client has local account?

After you answer these questions, we'll tell you which mechanism 
can be employed to allow only authorized relay.


You might want to start from RFC2505 which explains quite a bit 
about (un)authorized relaying.

-BEGIN PGP SIGNATURE-
Version: PGP 6.5.2 -- QDPGP 2.61a
Comment: http://community.wow.net/grt/qdpgp.html

iQA/AwUBOeWpV1MwP8g7qbw/EQJ46wCfS9CJTTQ5nzv2szRirGgBdxz+tXQAoNZm
2mYNzT2JaqpoZloxJ3islUR0
=f25f
-END PGP SIGNATURE-
--
Petr Novotny, ANTEK CS
[EMAIL PROTECTED]
http://www.antek.cz
PGP key ID: 0x3BA9BC3F
-- Don't you know there ain't no devil there's just God when he's drunk.
 [Tom Waits]

Re: relayclient

2000-10-12 Thread Justin Bell 

On Thu, Oct 12, 2000 at 02:58:46PM +0200, Mauro Tablo' wrote:
# My goal is to block spamming through my host, allowing relay for my
# customers.
# Is there a way for doing that, without installing ucspi (and setting
# relayclients in tcp.smtp file)?

that information is in the FAQ file included in the source code
-- 
Justin Bell

Re: RELAYCLIENT with ~control/relaymailfrom

2000-10-01 Thread Charles Cazabon 

[EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
   
   is RELAYCONTROL  environment variable  overrides
 ~control/relaymailfrom  file , 
[...] 
   but i have observed that RELAYCLIENTenv variable overrides 
 ~control/relaymailfromfile 

You answered your own question.  What do you want to hear from the list?

Charles
-- 
---
Charles Cazabon[EMAIL PROTECTED]
GPL'ed software available at:  http://www.qcc.sk.ca/~charlesc/software/
Any opinions expressed are just that -- my opinions.
---

Re: RELAYCLIENT

2000-02-08 Thread Magnus Bodin 

On Tue, Feb 08, 2000 at 10:46:47AM +0600, Md. Sifat Ullah Patwary wrote:
 How can I know whether environment variable RELAYCLIENT is set and what its
 value is?

Where? 
It's major use is in combination with tcpserver. 
Here's a little test daemon that could be used to show the concept:


--%--- cut here ---
#!/usr/bin/perl
# testd.pl; Magnus Bodin; [EMAIL PROTECTED]

use strict;

while ()
{
my $file = "$^T.$$";
open LOG, "$file" or die "couln't open $file: $!"; 
foreach (sort keys %ENV)
{
chomp;
print LOG "$_ = $ENV{$_}\n";
}
close LOG;
}
--%--- cut here ---

Here's the contents of tcp.test at a start:

127.0.0.1:allow,RELAYCLIENT=""
:allow

Rebuild tcp.test.cdb like this: 

   tcprules ./tcp.test.cdb ./tcp.test.tmp  ./tcp.test

And start the daemon like this: 

   tcpserver -v -xtcp.test.cdb 0 4000 ./testd.pl  

telnet to port 4000 from different machines and with different content in
tcp.test.cdb (see manual for tcpserver in ucspi-tcp-package. 

Look in the logfiles for results. 

/magnus

-- 
http://x42.com/

Re: RELAYCLIENT and InetD - clarification

1999-03-23 Thread Chris Johnson 

On Tue, Mar 23, 1999 at 04:32:57PM +, Peter Gradwell wrote:
 Hi,
 
 I want to use INETD and a RELAYCLIENT variable. I have been to the 
 archives and done my homework, but I can't find a specific example.
 
 (I currently can't / don/t want to change to using tcpserver, as I'm 
 keen to make as few changes to the server as possible.)

You'd be doing yourself a big favor by using tcpserver. It'd take you ten
minutes to set up.

 Could some one please confirm that I could put this in my qmail/rc 
 file and have it work nicely. I want to allow relaying from 
 212.228.2.223
 
 --- begins ---
 
 exec env - PATH="/var/qmail/bin:$PATH" \
 exec env - RELAYCLIENT="212.228.2.223" \
 /var/qmail/bin/qmail-start ./Mailbox /usr/local/bin/accustamp \
 | /usr/local/bin/setuser qmaill /usr/local/bin/cyclog -s 500 -n 
 30 /var/log/qmail 

It's qmail-smtpd that cares about RELAYCLIENT. Setting it for qmail-start won't
do anything. You need to set it via your inetd/tcpd invocation. (I don't know
how, as I use tcpserver.)

Read http://www.palomine.net/qmail/selectiverelay.html. It'll get you set up
with selective relaying and tcpserver in no time flat. (This is very similar to
Peter Samuel's document on the same subject, but I wrote it to go along with my
"qmail newbie's guide to relaying.")

Chris

Re: RELAYCLIENT and InetD - clarification

1999-03-23 Thread Chris Johnson 

On Tue, Mar 23, 1999 at 11:57:55AM -0500, Chris Johnson wrote:

[snip]

 Read http://www.palomine.net/qmail/selectiverelay.html. It'll get you set up
 with selective relaying and tcpserver in no time flat. (This is very similar to
 Peter Samuel's document on the same subject, but I wrote it to go along with my
 "qmail newbie's guide to relaying.")

Michael Samuel, that is. I got my Samuels mixed up.

Chris

Re: RELAYCLIENT and InetD - clarification

1999-03-23 Thread Sam 

Peter Gradwell writes:

 Hi,
 
 I want to use INETD and a RELAYCLIENT variable. I have been to the 
 archives and done my homework, but I can't find a specific example.
 
 (I currently can't / don/t want to change to using tcpserver, as I'm 
 keen to make as few changes to the server as possible.)
 
 Could some one please confirm that I could put this in my qmail/rc 
 file and have it work nicely. I want to allow relaying from 
 212.228.2.223
 
 --- begins ---
 
 exec env - PATH="/var/qmail/bin:$PATH" \
 exec env - RELAYCLIENT="212.228.2.223" \
 /var/qmail/bin/qmail-start ./Mailbox /usr/local/bin/accustamp \
 | /usr/local/bin/setuser qmaill /usr/local/bin/cyclog -s 500 -n 
 30 /var/log/qmail 

No.  This does absolutely nothing meaningfull.

Read the manual page for qmail-smtpd, which tells you that qmail-smtpd is
the one that uses the environment variables.

Then program inetd to invoke qmail-smtpd in the fashion outlined in the
manual page.

-- 
Sam

Re: RELAYCLIENT and inetd

1999-02-15 Thread Harald Hanche-Olsen 

- Eric Dahnke [EMAIL PROTECTED]:

| First, there is no way set RELAYCLIENT (via inetd, tcpserver, or
| some patch) based on domain name rather than IP, correct? (I realize
| it would be weak)

tcpserver won't do it out of the box, but it's almost trivial to do
with a little wrapper.  Just have tcpserver run a program which looks
up TCPREMOTEHOST in a database, and sets RELAYCLIENT accordingly
before running the real qmail-smtpd.  If you run tcpserver with the -p
(paranoid) flag, it is perhaps not totally trivial to break either -
but then, I am no expert on DNS security.  Maybe someone will comment?

(Sorry I can't answer inetd questions.)

- Harald