Re: selective relaying: two smtpd´s?
On Fri, Jun 23, 2000 at 04:47:44PM +0200, Thilo Bangert wrote: i absolutely need to allow my pop3 users relaying, for which i want to use relay-ctrl (is there a better solution out there). but that would mean the You don't need TWO smtp daemons. Thats why it's called *relay* control. Just RFTM relay-control-age.8 and put the following line in (standard setup as referenced in relay-control manuals assumed) the file /etc/tcpcontrol/smtp.rules (starting at char postition 0) :allow \Maex -- SpaceNet GmbH | http://www.Space.Net/ | Stress is when you wake Research Development| mailto:[EMAIL PROTECTED] | up screaming and you Joseph-Dollinger-Bogen 14 | Tel: +49 (89) 32356-0| realize you haven't D-80807 Muenchen | Fax: +49 (89) 32356-299 | fallen asleep yet.
selective relaying: two smtpd´s?
Hi all, i am setting up a qmail server and am going to serve both smtp and pop3. this has probably been asked many times, but i could not find it in a faq. (please, give me guidance) i absolutely need to allow my pop3 users relaying, for which i want to use relay-ctrl (is there a better solution out there). but that would mean the smtp-port would be blocked for any connections, except those made available by relay-ctrl, so no mailserver could deliver email for my users. I figured, a way to get around this would be to have to qmail-smtpd´s running: one allowing selective relay by using rcpthosts (incoming smtp), and another being made available by relay-ctrl (outgoing smtp). Am i correct? If yes, is it possible practically. I only have one machine, but I do have several IP´s. If it is possible, how? thanks thilo
Re: selective relaying: two smtpd´s?
On Fri, Jun 23, 2000 at 04:47:44PM +0200, Thilo Bangert wrote: Hi all, i am setting up a qmail server and am going to serve both smtp and pop3. this has probably been asked many times, but i could not find it in a faq. (please, give me guidance) i absolutely need to allow my pop3 users relaying, for which i want to use relay-ctrl (is there a better solution out there). but that would mean the smtp-port would be blocked for any connections, except those made available by relay-ctrl, so no mailserver could deliver email for my users. I figured, a way to get around this would be to have to qmail-smtpd´s running: one allowing selective relay by using rcpthosts (incoming smtp), and another being made available by relay-ctrl (outgoing smtp). Am i correct? If yes, is it possible practically. I only have one machine, but I do have several IP´s. If it is possible, how? thanks thilo How do you start qmail-smtpd? If you use inetd this is a little bit difficult. One way to do that is: assign 2 ip-adresses to you mailserver. Use one address to receive mail from outside with qmail, the other one for relaying. You can even use qmail for both tasks. We for example use xinetd to start qmail-smtp: 10.20.30.10 is for relaying your clients 10.20.31.11 is for receiving Be 10.20.30.0/19 your network (where your clients are): - service smtp { id = mailout-smtpd socket_type = stream protocol= tcp interface = 10.20.30.10 wait= no user= qmaild server = /var/qmail/bin/tcp-env server_args = /var/qmail/bin/qmail-smtpd only_from = 10.20.30.0/19 env = RELAYCLIENT= } service smtp { id = mailin-smtpd socket_type = stream protocol= tcp interface = 10.20.30.11 wait= no user= qmaild server = /var/qmail/bin/tcp-env server_args = /var/qmail/bin/qmail-smtpd no_access = 10.20.30.0/19 } -- Use rcpthosts to restrict qmail-smtpd to only receive for your domains Setting the environment variable RELAYCLIENT when your clients access qmail via 10.20.30.10 switch rcpthosts for them off. With only_from you control that only hosts in your network can access qmail with RELAYCLIENT set. Of course, you can start relay-ctrl instead of qmail-send. And xinetd is not the only superdaemon you could use (I think there is one from Bernstein, too) but it is part of a lot of distributions. Greetings Wolfgang
Re: selective relaying: two smtpd´s?
- Original Message - From: Wolfgang Walter [EMAIL PROTECTED] To: Thilo Bangert [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Monday, June 26, 2000 4:42 PM Subject: Re: selective relaying: two smtpd´s? On Fri, Jun 23, 2000 at 04:47:44PM +0200, Thilo Bangert wrote: Hi all, snip i absolutely need to allow my pop3 users relaying, for which i want to use relay-ctrl (is there a better solution out there). but that would mean the smtp-port would be blocked for any connections, except those made available by relay-ctrl, so no mailserver could deliver email for my users. I figured, a way to get around this would be to have to qmail-smtpd´s running: one allowing selective relay by using rcpthosts (incoming smtp), and another being made available by relay-ctrl (outgoing smtp). snip How do you start qmail-smtpd? If you use inetd this is a little bit difficult. One way to do that is: assign 2 ip-adresses to you mailserver. Use one address to receive mail from outside with qmail, the other one for relaying. You can even use qmail for both tasks. We for example use xinetd to start qmail-smtp: 10.20.30.10 is for relaying your clients 10.20.31.11 is for receiving Be 10.20.30.0/19 your network (where your clients are): - service smtp { id = mailout-smtpd socket_type = stream protocol= tcp interface = 10.20.30.10 wait= no user= qmaild server = /var/qmail/bin/tcp-env server_args = /var/qmail/bin/qmail-smtpd only_from = 10.20.30.0/19 env = RELAYCLIENT= } service smtp { id = mailin-smtpd socket_type = stream protocol= tcp interface = 10.20.30.11 wait= no user= qmaild server = /var/qmail/bin/tcp-env server_args = /var/qmail/bin/qmail-smtpd no_access = 10.20.30.0/19 } -- Use rcpthosts to restrict qmail-smtpd to only receive for your domains Setting the environment variable RELAYCLIENT when your clients access qmail via 10.20.30.10 switch rcpthosts for them off. With only_from you control that only hosts in your network can access qmail with RELAYCLIENT set. Of course, you can start relay-ctrl instead of qmail-send. And xinetd is not the only superdaemon you could use (I think there is one from Bernstein, too) but it is part of a lot of distributions. Greetings Wolfgang You are right - but in your case you need to know the ip´s from your clients. My clients could come from all over the world and I have no other way than checking their poppassword to know that they are legitimite. the superdaemon you are referring to is tcpserver and is part of the deamontools-0.53 and it can in fact do the same as you setting does - unfortuneatly this is not what I want. Thank you anyways. I think you got me on the right path - thanks thilo
Re: selective relaying: two smtpd´s?
On Mon, Jun 26, 2000 at 05:18:05PM +0200, Thilo Bangert wrote: - Original Message - From: Wolfgang Walter [EMAIL PROTECTED] To: Thilo Bangert [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Monday, June 26, 2000 4:42 PM Subject: Re: selective relaying: two smtpd´s? On Fri, Jun 23, 2000 at 04:47:44PM +0200, Thilo Bangert wrote: Hi all, snip i absolutely need to allow my pop3 users relaying, for which i want to use relay-ctrl (is there a better solution out there). but that would mean the smtp-port would be blocked for any connections, except those made available by relay-ctrl, so no mailserver could deliver email for my users. I figured, a way to get around this would be to have to qmail-smtpd´s running: one allowing selective relay by using rcpthosts (incoming smtp), and another being made available by relay-ctrl (outgoing smtp). snip How do you start qmail-smtpd? If you use inetd this is a little bit difficult. One way to do that is: assign 2 ip-adresses to you mailserver. Use one address to receive mail from outside with qmail, the other one for relaying. You can even use qmail for both tasks. We for example use xinetd to start qmail-smtp: 10.20.30.10 is for relaying your clients 10.20.31.11 is for receiving Be 10.20.30.0/19 your network (where your clients are): - service smtp { id = mailout-smtpd socket_type = stream protocol= tcp interface = 10.20.30.10 wait= no user= qmaild server = /var/qmail/bin/tcp-env server_args = /var/qmail/bin/qmail-smtpd only_from = 10.20.30.0/19 env = RELAYCLIENT= } service smtp { id = mailin-smtpd socket_type = stream protocol= tcp interface = 10.20.30.11 wait= no user= qmaild server = /var/qmail/bin/tcp-env server_args = /var/qmail/bin/qmail-smtpd no_access = 10.20.30.0/19 } -- Use rcpthosts to restrict qmail-smtpd to only receive for your domains Setting the environment variable RELAYCLIENT when your clients access qmail via 10.20.30.10 switch rcpthosts for them off. With only_from you control that only hosts in your network can access qmail with RELAYCLIENT set. Of course, you can start relay-ctrl instead of qmail-send. And xinetd is not the only superdaemon you could use (I think there is one from Bernstein, too) but it is part of a lot of distributions. Greetings Wolfgang You are right - but in your case you need to know the ip´s from your clients. My clients could come from all over the world and I have no other way than checking their poppassword to know that they are legitimite. In this case do not start qmail-smtpd directly. Instead call a programm which checks if the relaying host could authenticate and then starts qmail-smtpd (or does the work itself). Remove the access_only lines and the no_access lines. the superdaemon you are referring to is tcpserver and is part of the deamontools-0.53 and it can in fact do the same as you setting does - unfortuneatly this is not what I want. Thank you anyways. I think you got me on the right path - thanks thilo Wolfgang
Re: selective relaying: two smtpd´s?
On Mon, Jun 26, 2000 at 05:18:05PM +0200, Thilo Bangert wrote: And xinetd is not the only superdaemon you could use (I think there is one from Bernstein, too) but it is part of a lot of distributions. Greetings Wolfgang You are right - but in your case you need to know the ip´s from your clients. My clients could come from all over the world and I have no other way than checking their poppassword to know that they are legitimite. So what You are looking for is 'pop before smtp'? There is a solution from Russel Nelson on www.qmail.org : 'relaying to any host which authenticates itself through a POP3 connection'. Gerrit. -- [EMAIL PROTECTED] innominate AG networking people fon: +49.30.308806-0 fax: -77 web: http://innominate.de pgp: /pgp/gp