Hello Bruno,
On Tuesday, June 14, 2005 at 2:29:58 PM Bruno wrote:
> Let me see if I understood your plan. You say that, in order to disable the
> RELAYCLIENT to just some accounts, and this way, setting them as
> partially** internal-only, I should:
> 1 - Disable the pop-before-smtp scheme by recompiling vpopmail.
> ( OR disable it just to a specific domain by
> running "vmoduser -r domainname". ),
> AND Remove the RELAYCLIENT variable for the whole network,
> AND Enable the SMTP-AUTH scheme on the qmail server,
> AND configure "full" accounts (not internal-only) to authenticate via
> SMTP-AUTH.
Correct.
> Is this what you planned?
Yes. As it was rather late yesterday when I wrote my mail I wasn't
100% concentrated. Sorry.
'vmoduser -r' will disable 'open_relay()'-calling when these users
authenticate via POP3 or IMAP. This way they wont end up in
'tcp.smtp.cdb' and RELAYCLIENT will not be set next time they
SMTP-connect.
'vmoduser -rs' will disable relay *AND* disable SMTP-AUTH ability for
given e-mail-address, so even if they set up their MUA to do SMTP-AUTH
they'll not be allowed and therefore not gain RELAYCLIENT-privileges.
Only problem left: external *incoming* mail ... as far as I can see
there's no "ready to use" solution build into vpopmail; you'd have to
create '.qmail-*' files for every "no external mail allowed" that call
a script which checks if mail is sent from external.
This can for sure be made dynamic and used by creating a "template
.qmail" and (sym)linking the other .qmail files against it, so a
change affects all at the same time.
The script checking for external incoming can e.g. inspect
"$ENV{SENDER}" for internal domain and if not 'exit(100)' to bounce
the message. If the mail is internal simply 'exit(0)' and have
"|vdelivermail '' bounce-no-mailbox" in .qmail file.
--
Best regards
Peter Palmreuther
The end move in politics is always to pick up a gun. - Buckminster
Fuller
