Re: selective relaying: two smtpd´s?
On Fri, Jun 23, 2000 at 04:47:44PM +0200, Thilo Bangert wrote: i absolutely need to allow my pop3 users relaying, for which i want to use relay-ctrl (is there a better solution out there). but that would mean the You don't need TWO smtp daemons. Thats why it's called *relay* control. Just RFTM relay-control-age.8 and put the following line in (standard setup as referenced in relay-control manuals assumed) the file /etc/tcpcontrol/smtp.rules (starting at char postition 0) :allow \Maex -- SpaceNet GmbH | http://www.Space.Net/ | Stress is when you wake Research Development| mailto:[EMAIL PROTECTED] | up screaming and you Joseph-Dollinger-Bogen 14 | Tel: +49 (89) 32356-0| realize you haven't D-80807 Muenchen | Fax: +49 (89) 32356-299 | fallen asleep yet.
selective relaying: two smtpd´s?
Hi all, i am setting up a qmail server and am going to serve both smtp and pop3. this has probably been asked many times, but i could not find it in a faq. (please, give me guidance) i absolutely need to allow my pop3 users relaying, for which i want to use relay-ctrl (is there a better solution out there). but that would mean the smtp-port would be blocked for any connections, except those made available by relay-ctrl, so no mailserver could deliver email for my users. I figured, a way to get around this would be to have to qmail-smtpd´s running: one allowing selective relay by using rcpthosts (incoming smtp), and another being made available by relay-ctrl (outgoing smtp). Am i correct? If yes, is it possible practically. I only have one machine, but I do have several IP´s. If it is possible, how? thanks thilo
Re: selective relaying: two smtpd´s?
On Fri, Jun 23, 2000 at 04:47:44PM +0200, Thilo Bangert wrote:
Hi all,
i am setting up a qmail server and am going to serve both smtp and pop3.
this has probably been asked many times, but i could not find it in a faq.
(please, give me guidance)
i absolutely need to allow my pop3 users relaying, for which i want to use
relay-ctrl (is there a better solution out there). but that would mean the
smtp-port would be blocked for any connections, except those made available
by relay-ctrl, so no mailserver could deliver email for my users.
I figured, a way to get around this would be to have to qmail-smtpd´s
running: one allowing selective relay by using rcpthosts (incoming smtp),
and another being made available by relay-ctrl (outgoing smtp).
Am i correct?
If yes, is it possible practically. I only have one machine, but I do have
several IP´s. If it is possible, how?
thanks
thilo
How do you start qmail-smtpd? If you use inetd this is a little bit difficult.
One way to do that is: assign 2 ip-adresses to you mailserver. Use one
address to receive mail from outside with qmail, the other one for relaying.
You can even use qmail for both tasks.
We for example use xinetd to start qmail-smtp:
10.20.30.10 is for relaying your clients
10.20.31.11 is for receiving
Be 10.20.30.0/19 your network (where your clients are):
-
service smtp
{
id = mailout-smtpd
socket_type = stream
protocol= tcp
interface = 10.20.30.10
wait= no
user= qmaild
server = /var/qmail/bin/tcp-env
server_args = /var/qmail/bin/qmail-smtpd
only_from = 10.20.30.0/19
env = RELAYCLIENT=
}
service smtp
{
id = mailin-smtpd
socket_type = stream
protocol= tcp
interface = 10.20.30.11
wait= no
user= qmaild
server = /var/qmail/bin/tcp-env
server_args = /var/qmail/bin/qmail-smtpd
no_access = 10.20.30.0/19
}
--
Use rcpthosts to restrict qmail-smtpd to only receive for your domains
Setting the environment variable RELAYCLIENT when your clients access
qmail via 10.20.30.10 switch rcpthosts for them off. With only_from you
control that only hosts in your network can access qmail with RELAYCLIENT
set.
Of course, you can start relay-ctrl instead of qmail-send.
And xinetd is not the only superdaemon you could use (I think there is one
from Bernstein, too) but it is part of a lot of distributions.
Greetings
Wolfgang
Re: selective relaying: two smtpd´s?
- Original Message -
From: Wolfgang Walter [EMAIL PROTECTED]
To: Thilo Bangert [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Monday, June 26, 2000 4:42 PM
Subject: Re: selective relaying: two smtpd´s?
On Fri, Jun 23, 2000 at 04:47:44PM +0200, Thilo Bangert wrote:
Hi all,
snip
i absolutely need to allow my pop3 users relaying, for which i want to
use
relay-ctrl (is there a better solution out there). but that would mean
the
smtp-port would be blocked for any connections, except those made
available
by relay-ctrl, so no mailserver could deliver email for my users.
I figured, a way to get around this would be to have to qmail-smtpd´s
running: one allowing selective relay by using rcpthosts (incoming
smtp),
and another being made available by relay-ctrl (outgoing smtp).
snip
How do you start qmail-smtpd? If you use inetd this is a little bit
difficult.
One way to do that is: assign 2 ip-adresses to you mailserver. Use one
address to receive mail from outside with qmail, the other one for
relaying.
You can even use qmail for both tasks.
We for example use xinetd to start qmail-smtp:
10.20.30.10 is for relaying your clients
10.20.31.11 is for receiving
Be 10.20.30.0/19 your network (where your clients are):
-
service smtp
{
id = mailout-smtpd
socket_type = stream
protocol= tcp
interface = 10.20.30.10
wait= no
user= qmaild
server = /var/qmail/bin/tcp-env
server_args = /var/qmail/bin/qmail-smtpd
only_from = 10.20.30.0/19
env = RELAYCLIENT=
}
service smtp
{
id = mailin-smtpd
socket_type = stream
protocol= tcp
interface = 10.20.30.11
wait= no
user= qmaild
server = /var/qmail/bin/tcp-env
server_args = /var/qmail/bin/qmail-smtpd
no_access = 10.20.30.0/19
}
--
Use rcpthosts to restrict qmail-smtpd to only receive for your domains
Setting the environment variable RELAYCLIENT when your clients access
qmail via 10.20.30.10 switch rcpthosts for them off. With only_from you
control that only hosts in your network can access qmail with RELAYCLIENT
set.
Of course, you can start relay-ctrl instead of qmail-send.
And xinetd is not the only superdaemon you could use (I think there is one
from Bernstein, too) but it is part of a lot of distributions.
Greetings
Wolfgang
You are right - but in your case you need to know the ip´s from your
clients. My clients could come from all over the world and I have no other
way than checking their poppassword to know that they are legitimite.
the superdaemon you are referring to is tcpserver and is part of the
deamontools-0.53 and it can in fact do the same as you setting does -
unfortuneatly this is not what I want. Thank you anyways. I think you got me
on the right path - thanks
thilo
Re: selective relaying: two smtpd´s?
On Mon, Jun 26, 2000 at 05:18:05PM +0200, Thilo Bangert wrote:
- Original Message -
From: Wolfgang Walter [EMAIL PROTECTED]
To: Thilo Bangert [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Monday, June 26, 2000 4:42 PM
Subject: Re: selective relaying: two smtpd´s?
On Fri, Jun 23, 2000 at 04:47:44PM +0200, Thilo Bangert wrote:
Hi all,
snip
i absolutely need to allow my pop3 users relaying, for which i want to
use
relay-ctrl (is there a better solution out there). but that would mean
the
smtp-port would be blocked for any connections, except those made
available
by relay-ctrl, so no mailserver could deliver email for my users.
I figured, a way to get around this would be to have to qmail-smtpd´s
running: one allowing selective relay by using rcpthosts (incoming
smtp),
and another being made available by relay-ctrl (outgoing smtp).
snip
How do you start qmail-smtpd? If you use inetd this is a little bit
difficult.
One way to do that is: assign 2 ip-adresses to you mailserver. Use one
address to receive mail from outside with qmail, the other one for
relaying.
You can even use qmail for both tasks.
We for example use xinetd to start qmail-smtp:
10.20.30.10 is for relaying your clients
10.20.31.11 is for receiving
Be 10.20.30.0/19 your network (where your clients are):
-
service smtp
{
id = mailout-smtpd
socket_type = stream
protocol= tcp
interface = 10.20.30.10
wait= no
user= qmaild
server = /var/qmail/bin/tcp-env
server_args = /var/qmail/bin/qmail-smtpd
only_from = 10.20.30.0/19
env = RELAYCLIENT=
}
service smtp
{
id = mailin-smtpd
socket_type = stream
protocol= tcp
interface = 10.20.30.11
wait= no
user= qmaild
server = /var/qmail/bin/tcp-env
server_args = /var/qmail/bin/qmail-smtpd
no_access = 10.20.30.0/19
}
--
Use rcpthosts to restrict qmail-smtpd to only receive for your domains
Setting the environment variable RELAYCLIENT when your clients access
qmail via 10.20.30.10 switch rcpthosts for them off. With only_from you
control that only hosts in your network can access qmail with RELAYCLIENT
set.
Of course, you can start relay-ctrl instead of qmail-send.
And xinetd is not the only superdaemon you could use (I think there is one
from Bernstein, too) but it is part of a lot of distributions.
Greetings
Wolfgang
You are right - but in your case you need to know the ip´s from your
clients. My clients could come from all over the world and I have no other
way than checking their poppassword to know that they are legitimite.
In this case do not start qmail-smtpd directly. Instead call a programm which
checks if the relaying host could authenticate and then starts qmail-smtpd (or
does the work itself). Remove the access_only lines and the no_access lines.
the superdaemon you are referring to is tcpserver and is part of the
deamontools-0.53 and it can in fact do the same as you setting does -
unfortuneatly this is not what I want. Thank you anyways. I think you got me
on the right path - thanks
thilo
Wolfgang
Re: selective relaying: two smtpd´s?
On Mon, Jun 26, 2000 at 05:18:05PM +0200, Thilo Bangert wrote: And xinetd is not the only superdaemon you could use (I think there is one from Bernstein, too) but it is part of a lot of distributions. Greetings Wolfgang You are right - but in your case you need to know the ip´s from your clients. My clients could come from all over the world and I have no other way than checking their poppassword to know that they are legitimite. So what You are looking for is 'pop before smtp'? There is a solution from Russel Nelson on www.qmail.org : 'relaying to any host which authenticates itself through a POP3 connection'. Gerrit. -- [EMAIL PROTECTED] innominate AG networking people fon: +49.30.308806-0 fax: -77 web: http://innominate.de pgp: /pgp/gp
