Selective Relaying Question
Hi, I setup the tcp.smtp.cdb file and am calling it when I start tcpserver, but I am still getting errors when I try to relay mail from my internal network. Here is the call from my tcpserver startup script: (PATH=/usr/local/qmail/bin; /usr/local/bin/tcpserver -x/usr/local/etc/ip/tcp.smtp.cdb -v -c40 -u601 -g625 0 smtp qmail-smtpd 21 | splogger smtpd ) * It's all on one line in the script. Here is what I used to make the tcp.smtp.cdb file: 192.168.:allow 192.168.:allow,RELAYCLIENT="" :allow After changing the tcp.smtp.cdb file I restarted both tcpserver and qmail. I'm running Red Hat 7.0, qmail (without using system accounts), and tcpserver. Any help would be appreciated. Thanks. --John -- John Anderson [EMAIL PROTECTED] Ceeva, Inc.
Re: Selective Relaying Question
"John" == John Anderson [EMAIL PROTECTED] writes: Here is what I used to make the tcp.smtp.cdb file: 192.168.:allow 192.168.:allow,RELAYCLIENT="" :allow Um...OK!! MAYBE just try creating /etc/tcp.smtp with the above data in it, then either run '/etc/rc.d/init.d/qmail cdb' (if you installed as per LWQ), or type: tcprules /etc/tcp.smtp.cdb /etc/tcp.smtp.tmp /etc/tcp.smtp And make it world readable by: chmod 644 /etc/tcp.smtp.cdb This SHOULD help you out somewhat. Considering that .cdb indicated BINARY format, not text format. Brett. -- "Hey, I know this! This is Unix!" - Jurassic Park
Re: Selective Relaying Question
John Anderson [EMAIL PROTECTED] wrote: I setup the tcp.smtp.cdb file and am calling it when I start tcpserver, but I am still getting errors when I try to relay mail from my internal network. What errors are you getting? Please show us the exact text of all error messages you receive, errors shown in the qmail logs, etc. Preferably duplicate the error by telnetting to port 25 from one of your clients which should be allowed to relay, and show us a transcript of an SMTP session failing; some MUAs helpfully hide all useful error messages. Here is what I used to make the tcp.smtp.cdb file: 192.168.:allow 192.168.:allow,RELAYCLIENT="" :allow The first line is unnecessary; the second line covers it. Otherwise, it looks good. After changing the tcp.smtp.cdb file I restarted both tcpserver and qmail. How did you "change" the file? Did you change tcp.smtp, then run tcprules on it to create tcp.smtp.cdb? Please show us. Charles -- --- Charles Cazabon[EMAIL PROTECTED] GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ Any opinions expressed are just that -- my opinions. ---
RE: Selective Relaying Question
192.168.:allow 192.168.:allow,RELAYCLIENT="" :allow My understanding is that ":allow" (the last line) will allow anybody to send email. Is it correct? Kirti -Original Message- From: John Anderson [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 04, 2001 10:37 AM To: [EMAIL PROTECTED] Subject: Selective Relaying Question Hi, I setup the tcp.smtp.cdb file and am calling it when I start tcpserver, but I am still getting errors when I try to relay mail from my internal network. Here is the call from my tcpserver startup script: (PATH=/usr/local/qmail/bin; /usr/local/bin/tcpserver -x/usr/local/etc/ip/tcp.smtp.cdb -v -c40 -u601 -g625 0 smtp qmail-smtpd 21 | splogger smtpd ) * It's all on one line in the script. Here is what I used to make the tcp.smtp.cdb file: 192.168.:allow 192.168.:allow,RELAYCLIENT="" :allow After changing the tcp.smtp.cdb file I restarted both tcpserver and qmail. I'm running Red Hat 7.0, qmail (without using system accounts), and tcpserver. Any help would be appreciated. Thanks. --John -- John Anderson [EMAIL PROTECTED] Ceeva, Inc.
Re: Selective Relaying Question
Kirti S. Bajwa [EMAIL PROTECTED] wrote: :allow My understanding is that ":allow" (the last line) will allow anybody to send email. Is it correct? No. This will allow anyone to connect to your SMTP server. Whether they can send mail or not depends on the contents of rcpthosts, the envelope recipient of the message they try to send, and whether the RELAYCLIENT environment variable is set. A default rule of :deny almost _never_ makes sense for the .cdb file controlling access to your SMTP daemon. Charles -- --- Charles Cazabon[EMAIL PROTECTED] GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ Any opinions expressed are just that -- my opinions. ---
Re: Selective Relaying Question
John Anderson [EMAIL PROTECTED] wrote: Sorry, it seems that my first message was not as clear as I thought it was. Let me try again. Excellent, this is somewhat clearer. The above is the text format, I then ran this command: tcprules /etc/tcp.smtp.cdb /etc/tcp.smtp.tmp /etc/tcp.smtp To make the binary. Good. What output does the following command produce? TCPREMOTEIP=192.168.1.1 tcprulescheck /etc/tcp.smtp.cdb Charles -- --- Charles Cazabon[EMAIL PROTECTED] GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ Any opinions expressed are just that -- my opinions. ---
Re: Selective Relaying Question
Hi, The above is the text format, I then ran this command: tcprules /etc/tcp.smtp.cdb /etc/tcp.smtp.tmp /etc/tcp.smtp To make the binary. Good. What output does the following command produce? TCPREMOTEIP=192.168.1.1 tcprulescheck /etc/tcp.smtp.cdb I did this twice: # TCPREMOTEIP=192.168.1.1 ./tcprulescheck /etc/tcp.smtp.cdb rule 192.168.: set environment variable RELAYCLIENT= allow connection # TCPREMOTEIP=192.168.0.124 ./tcprulescheck /etc/tcp.smtp.cdb rule 192.168.: set environment variable RELAYCLIENT= allow connection It looks like I should be able to relay, but cannot. What should I try next? Thanks for the help so far. --John Charles -- --- Charles Cazabon[EMAIL PROTECTED] GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ Any opinions expressed are just that -- my opinions. --- -- John Anderson [EMAIL PROTECTED] Ceeva, Inc. 412.690.2300 x330
Re: Selective Relaying Question
John Anderson [EMAIL PROTECTED] wrote: The above is the text format, I then ran this command: tcprules /etc/tcp.smtp.cdb /etc/tcp.smtp.tmp /etc/tcp.smtp To make the binary. In an earlier message, John wrote: Here is the call from my tcpserver startup script: (PATH=/usr/local/qmail/bin; /usr/local/bin/tcpserver -x/usr/local/etc/ip/tcp.smtp.cdb -v -c40 -u601 -g625 0 smtp qmail-smtpd 21 | splogger smtpd ) * It's all on one line in the script. So, the question is: is it /etc/tcp.smtp.cdb or /usr/local/etc/ip/tcp.smtp.cdb? -Dave
Re: Selective Relaying Question
On Wed, Apr 04, 2001 at 11:17:25AM -0400, John Anderson wrote: Here is what I used to make the tcp.smtp.cdb file: 192.168.:allow 192.168.:allow,RELAYCLIENT="" :allow The above is the text format, I then ran this command: tcprules /etc/tcp.smtp.cdb /etc/tcp.smtp.tmp /etc/tcp.smtp It's interesting that you run this command on files in /etc but your startup script tells tcpserver that the .cdb file is in /usr/local/etc/ip .
Re: Selective Relaying Question
Hi, Charles Cazabon wrote: John Anderson [EMAIL PROTECTED] wrote: What output does the following command produce? TCPREMOTEIP=192.168.1.1 tcprulescheck /etc/tcp.smtp.cdb # TCPREMOTEIP=192.168.1.1 ./tcprulescheck /etc/tcp.smtp.cdb rule 192.168.: set environment variable RELAYCLIENT= allow connection Everything fine so far. It looks like I should be able to relay, but cannot. The .cdb file is correct; we've verified it. The problem is therefore one of the following: -you're not actually running qmail-smtpd from tcpserver (PATH=/usr/local/qmail/bin; /usr/local/bin/tcpserver -x/etc/tcp.smtp.cdb -v -c40 -u601 -g625 0 smtp qmail-smtpd 21 | splogger smtpd ) -your tcpserver invocation for qmail-smtpd is not referring to this .cdb I've got tcp.smtp.cdb in both /etc and /usr/local/etc/ip. I left a copy in /etc, changed the startup script, and restarted tcpserver. -tcpserver can't read this .cdb I chmoded the file to 777 -your connections are actually coming from IP address you haven't set the rules for In the last email I posted (with the results of tcprules), the second IP I tested is the IP of my box. Please post the script you're starting tcpserver/qmail-smtpd with. I think you did this early on, but I don't remember its contents. I posted the line for qmail-smtpd with, I can post the entire script if you'd like. Did you edit this script? If so, did you remember to stop and re-start tcpserver? Yes and Yes. Are there any log messages from tcpserver? This is it: Apr 4 12:51:48 localhost smtpd: 986403108.545991 tcpserver: status: 1/40 Apr 4 12:51:48 localhost smtpd: 986403108.546582 tcpserver: pid 18906 from 209.114.187.226 Apr 4 12:51:48 localhost smtpd: 986403108.563452 tcpserver: ok 18906 :209.114.187.227:25 :209.114.18 7.226::62174 Apr 4 12:51:48 localhost smtpd: 986403108.566188 tcpserver: end 18906 status 0 Apr 4 12:51:48 localhost smtpd: 986403108.566510 tcpserver: status: 0/40 Thanks. --John Charles -- --- Charles Cazabon[EMAIL PROTECTED] GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ Any opinions expressed are just that -- my opinions. --- -- John Anderson [EMAIL PROTECTED] Ceeva, Inc. 412.690.2300 x330
Re: Selective Relaying Question
* John Anderson [EMAIL PROTECTED] [010404 19:59]: TCPREMOTEIP=192.168.1.1 tcprulescheck /etc/tcp.smtp.cdb # TCPREMOTEIP=192.168.1.1 ./tcprulescheck /etc/tcp.smtp.cdb rule 192.168.: set environment variable RELAYCLIENT= allow connection Apr 4 12:51:48 localhost smtpd: 986403108.545991 tcpserver: status: 1/40 Apr 4 12:51:48 localhost smtpd: 986403108.546582 tcpserver: pid 18906 from 209.114.187.226 Apr 4 12:51:48 localhost smtpd: 986403108.563452 tcpserver: ok 18906 :209.114.187.227:25 :209.114.18 7.226::62174 Apr 4 12:51:48 localhost smtpd: 986403108.566188 tcpserver: end 18906 status 0 Apr 4 12:51:48 localhost smtpd: 986403108.566510 tcpserver: status: 0/40 I hope you weren't intentionally masking your IP addresses to the 192.168 stuff. If you did, the only one you fooled was yourself. The IP addresses in the logs are 209.114.187.226 (remote) amd 209.114.187.227 (local). 209.114 != 192.168. -Johan -- Johan Almqvist http://www.almqvist.net/johan/qmail/ PGP signature
Re: Selective Relaying Question
Ok, call me stupid. I forgot how our network was setup for a minute (Ok maybe longer). That fixed everything. Thanks everyone for all of the help! --John Johan Almqvist wrote: * John Anderson [EMAIL PROTECTED] [010404 19:59]: TCPREMOTEIP=192.168.1.1 tcprulescheck /etc/tcp.smtp.cdb # TCPREMOTEIP=192.168.1.1 ./tcprulescheck /etc/tcp.smtp.cdb rule 192.168.: set environment variable RELAYCLIENT= allow connection Apr 4 12:51:48 localhost smtpd: 986403108.545991 tcpserver: status: 1/40 Apr 4 12:51:48 localhost smtpd: 986403108.546582 tcpserver: pid 18906 from 209.114.187.226 Apr 4 12:51:48 localhost smtpd: 986403108.563452 tcpserver: ok 18906 :209.114.187.227:25 :209.114.18 7.226::62174 Apr 4 12:51:48 localhost smtpd: 986403108.566188 tcpserver: end 18906 status 0 Apr 4 12:51:48 localhost smtpd: 986403108.566510 tcpserver: status: 0/40 I hope you weren't intentionally masking your IP addresses to the 192.168 stuff. If you did, the only one you fooled was yourself. The IP addresses in the logs are 209.114.187.226 (remote) amd 209.114.187.227 (local). 209.114 != 192.168. -Johan -- Johan Almqvist http://www.almqvist.net/johan/qmail/ Part 1.2Type: application/pgp-signature -- John Anderson [EMAIL PROTECTED] Ceeva, Inc. 412.690.2300 x330
