Hi Peter, At 17:24 31.03.04 +0200, you wrote: >Hello Erwin, > >On Wednesday, March 31, 2004 at 10:09:29 AM you wrote (at least in >part): > >> In case a client is accepted via pop-4-smtpd, the $RELAYCLIENT environment >> variable is set. It might be useful to define this variable explicitely, >> ie. RELAYCLIENT="PB4S". > >No. It will, for sure, not be useful.
I somehow disagree. >,----- [ man qmail-smtpd ] >| [...] >| Exception: If the environment variable RELAYCLIENT is >| set, qmail-smtpd will ignore rcpthosts, and will >| append the value of RELAYCLIENT to each incoming >| recipient address. >| [...] >`----- > >Setting RELAYCLIENT to something different than an empty string is >only useful when one KNOWS what he/she does. The overwhelming majority >only wants RELAYCLIENT unlocks relay restrictions and therefore has to >set it empty. Yes. But this is *EXACTLY* what we want. The reason is twofold: 1. Relayclients which are identfied by - let's say - static IP addresses (ie. NOT by POP-b4-SMTP) have RELAYCLIENT="". 2. Relayclients identfied by POP-b4-SMTP carrying RELAYCLIENT="P4S" (sample). Ok. qmail-smtpd will append this string to the Recipient address ([EMAIL PROTECTED] => [EMAIL PROTECTED]). However, using ie. ksh capabilities you can do ${RECIPIENT%P4S} thus retaining the old RECIPIENT variable. >> Check it and call qmail-smtpd without any arguments. >> >> In case the variable is not set or empty, call qmail-smtpd with the proper >> SMTP Auth args. > >This whole wrapper-stuff should not be necessary. If tcpserver sets >RELAYCLIENT due to .cdb or SQL-lookup it'll be passed to qmail-smtpd. >qmail-smtpd than will allow relaying even w/o SMTP-Auth. Correct. >I'm running a SMTP which offers SMTP-Auth and POP3-b4-SMTP and it >works w/o any wrappers at all. The SMTP-Auth patch simply sets >RELAYCLIENT for qmail-smtpd /WHEN/ someone authenticated successful, >if not the formerly set RELAYCLIENT (passed as ENV-var from tcpserver, >when set) is not reset when authentication fails. > >@Joel: > >How about this: Copy your current qmail-smtpd invocation, remove all >the 'qmail-smtpd foo bar bla' stuff and replace it with a simply >'/usr/bin/env'. Make the tcpserver listen on port 26. Prepend an >environment clearing 'env' call. Start the stuff on command line. It >can be something similar to this: > >env -i PATH=/var/qmail/bin:/usr/local/bin tcpserver -vRX \ > 0 26 /usr/bin/env > >(plus adding the stuff necessary for tcpserver reading the database >for potentially set environment vars like RELAYCLIENT) > >Than connect to this server from a client-IP that should be set to >"relaying allowed" (e.g. by formerly executed POP3 authentication): > >telnet $SERVER 26 > >You should see a line with PATH=... and some TCPREMOTExxx and >TCPLOCALxxx lines. Additionally you should see a line 'RELAYCLIENT='. > >If this is there and your qmail-smtpd invocation looks up the same >database for possible RELAYCLIENT settings try this: > >telnet $SERVER 35 >EHLO _ >MAIL FROM:<> >RCPT TO:<[EMAIL PROTECTED]> >QUIT > >If this fails: please post the error you get, your qmail-smtpd startup >script and the result of above 'env'-test. But thats not the question: Even if RELAYCLIENT is set, (the Auth patched) qmail-smtpd *WILL* ask for Authentication. If I understood correctly, thats *EXACTLY* what should be avoided. regards. --eh. Dr. Erwin Hoffmann | FEHCom | http://www.fehcom.de/ Wiener Weg 8, 50858 Cologne | T: +49 221 484 4923 | F: ...24