Hi Peter,
At 17:24 31.03.04 +0200, you wrote:
>Hello Erwin,
>
>On Wednesday, March 31, 2004 at 10:09:29 AM you wrote (at least in
>part):
>
>> In case a client is accepted via pop-4-smtpd, the $RELAYCLIENT environment
>> variable is set. It might be useful to define this variable explicitely,
>> ie. RELAYCLIENT="PB4S".
>
>No. It will, for sure, not be useful.
I somehow disagree.
>,----- [ man qmail-smtpd ]
>| [...]
>| Exception: If the environment variable RELAYCLIENT is
>| set, qmail-smtpd will ignore rcpthosts, and will
>| append the value of RELAYCLIENT to each incoming
>| recipient address.
>| [...]
>`-----
>
>Setting RELAYCLIENT to something different than an empty string is
>only useful when one KNOWS what he/she does. The overwhelming majority
>only wants RELAYCLIENT unlocks relay restrictions and therefore has to
>set it empty.
Yes. But this is *EXACTLY* what we want.
The reason is twofold:
1. Relayclients which are identfied by - let's say - static IP addresses
(ie. NOT by POP-b4-SMTP) have RELAYCLIENT="".
2. Relayclients identfied by POP-b4-SMTP carrying RELAYCLIENT="P4S" (sample).
Ok. qmail-smtpd will append this string to the Recipient address ([EMAIL PROTECTED]
=> [EMAIL PROTECTED]). However, using ie. ksh capabilities you can do
${RECIPIENT%P4S} thus retaining the old RECIPIENT variable.
>> Check it and call qmail-smtpd without any arguments.
>>
>> In case the variable is not set or empty, call qmail-smtpd with the proper
>> SMTP Auth args.
>
>This whole wrapper-stuff should not be necessary. If tcpserver sets
>RELAYCLIENT due to .cdb or SQL-lookup it'll be passed to qmail-smtpd.
>qmail-smtpd than will allow relaying even w/o SMTP-Auth.
Correct.
>I'm running a SMTP which offers SMTP-Auth and POP3-b4-SMTP and it
>works w/o any wrappers at all. The SMTP-Auth patch simply sets
>RELAYCLIENT for qmail-smtpd /WHEN/ someone authenticated successful,
>if not the formerly set RELAYCLIENT (passed as ENV-var from tcpserver,
>when set) is not reset when authentication fails.
>
>@Joel:
>
>How about this: Copy your current qmail-smtpd invocation, remove all
>the 'qmail-smtpd foo bar bla' stuff and replace it with a simply
>'/usr/bin/env'. Make the tcpserver listen on port 26. Prepend an
>environment clearing 'env' call. Start the stuff on command line. It
>can be something similar to this:
>
>env -i PATH=/var/qmail/bin:/usr/local/bin tcpserver -vRX \
> 0 26 /usr/bin/env
>
>(plus adding the stuff necessary for tcpserver reading the database
>for potentially set environment vars like RELAYCLIENT)
>
>Than connect to this server from a client-IP that should be set to
>"relaying allowed" (e.g. by formerly executed POP3 authentication):
>
>telnet $SERVER 26
>
>You should see a line with PATH=... and some TCPREMOTExxx and
>TCPLOCALxxx lines. Additionally you should see a line 'RELAYCLIENT='.
>
>If this is there and your qmail-smtpd invocation looks up the same
>database for possible RELAYCLIENT settings try this:
>
>telnet $SERVER 35
>EHLO _
>MAIL FROM:<>
>RCPT TO:<[EMAIL PROTECTED]>
>QUIT
>
>If this fails: please post the error you get, your qmail-smtpd startup
>script and the result of above 'env'-test.
But thats not the question:
Even if RELAYCLIENT is set, (the Auth patched) qmail-smtpd *WILL* ask for
Authentication.
If I understood correctly, thats *EXACTLY* what should be avoided.
regards.
--eh.
Dr. Erwin Hoffmann | FEHCom | http://www.fehcom.de/
Wiener Weg 8, 50858 Cologne | T: +49 221 484 4923 | F: ...24
