My setup:
netqmail-1.05
vpopmail
# cat /service/qmail-smtpd/run
#!/bin/sh
PATH=/pub/mail/qmail/bin:/usr/local/bin:/usr/bin:/bin
export PATH
QMAILQUEUE='/pub/mail/qmail/bin/qmail-qscanq-spamd' # Spam AND
Virus filtering
export QMAILQUEUE
QMAILDUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`
MAXSMTPD=`cat /pub/mail/qmail/control/concurrencyincoming`
LOCAL=`head -1 /pub/mail/qmail/control/me`
if [ -z "$QMAILDUID" -o -z "$NOFILESGID" -o -z "$MAXSMTPD" -o -z
"$LOCAL" ]; then
echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in
echo /var/qmail/supervise/qmail-smtpd/run
exit 1
fi
if [ ! -f /pub/mail/qmail/control/rcpthosts ]; then
echo "No /var/qmail/control/rcpthosts!"
echo "Refusing to start SMTP listener because it'll create an open relay"
exit 1
fi
exec /usr/local/bin/softlimit -m 60000000 \
/usr/local/bin/tcpserver -v -R -l "$LOCAL" -x /etc/tcp.smtp.cdb -c "$MAXSMTPD" \
-u "$QMAILDUID" -g "$NOFILESGID" 12.190.41.4 smtp \
/usr/local/bin/rblsmtpd -rzen.spamhaus.org -rlist.dsbl.org \
/usr/local/bin/fixcrio \
/pub/mail/qmail/bin/qmail-smtpd \
/pub/mail/vpopmail/bin/vchkpw /usr/bin/true 2>&1
# cat /etc/tcp.smtp
127.:allow,RELAYCLIENT=""
12.190.41.4:allow,RELAYCLIENT=""
I've got a user that cannot send mail from home. They are on a DSL
line that has been listed in Spamhaus Policy Black List, probably
because its in a dynamic IP block. zen.spamhaus.org consults this
list, so when the user tries to connect, there are logs returning a
451 when querying the Spamhaus.
All this is well and good, but my question is, shouldn't the user be
allowed to relay based on the fact that he has an authenticated SMTP
session? I thought that once the user is authenticated by vchkpw, the
appropriate env vars are set so that relaying wouldn't be an issue?
Obviously this is not the case, so is there a more appropriate way to
handle this scenario than what I am currently doing?
I realize that I could resolve this issue by choosing a different RBL,
but I view that as a workaround, not a solution.
Thanks,
Steve
|