Steve Brown wrote:
My setup:
netqmail-1.05
vpopmail
# cat /service/qmail-smtpd/run
#!/bin/sh
PATH=/pub/mail/qmail/bin:/usr/local/bin:/usr/bin:/bin
export PATH
QMAILQUEUE='/pub/mail/qmail/bin/qmail-qscanq-spamd' # Spam AND
Virus filtering
export QMAILQUEUE
QMAILDUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`
MAXSMTPD=`cat /pub/mail/qmail/control/concurrencyincoming`
LOCAL=`head -1 /pub/mail/qmail/control/me`
if [ -z "$QMAILDUID" -o -z "$NOFILESGID" -o -z "$MAXSMTPD" -o -z
"$LOCAL" ]; then
echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in
echo /var/qmail/supervise/qmail-smtpd/run
exit 1
fi
if [ ! -f /pub/mail/qmail/control/rcpthosts ]; then
echo "No /var/qmail/control/rcpthosts!"
echo "Refusing to start SMTP listener because it'll create an open relay"
exit 1
fi
exec /usr/local/bin/softlimit -m 60000000 \
/usr/local/bin/tcpserver -v -R -l "$LOCAL" -x /etc/tcp.smtp.cdb -c
"$MAXSMTPD" \
-u "$QMAILDUID" -g "$NOFILESGID" 12.190.41.4 smtp \
/usr/local/bin/rblsmtpd -rzen.spamhaus.org -rlist.dsbl.org \
/usr/local/bin/fixcrio \
/pub/mail/qmail/bin/qmail-smtpd \
/pub/mail/vpopmail/bin/vchkpw /usr/bin/true 2>&1
# cat /etc/tcp.smtp
127.:allow,RELAYCLIENT=""
12.190.41.4:allow,RELAYCLIENT=""
I've got a user that cannot send mail from home. They are on a DSL
line that has been listed in Spamhaus Policy Black List, probably
because its in a dynamic IP block. zen.spamhaus.org consults this
list, so when the user tries to connect, there are logs returning a
451 when querying the Spamhaus.
All this is well and good, but my question is, shouldn't the user be
allowed to relay based on the fact that he has an authenticated SMTP
session? I thought that once the user is authenticated by vchkpw, the
appropriate env vars are set so that relaying wouldn't be an issue?
Obviously this is not the case, so is there a more appropriate way to
handle this scenario than what I am currently doing?
We have this issue as well. We have a separate smtp service running on
port 587 just for smtp-auth. That service uses a different tcp.smtp.cdb
file which allows all connections, it also does no rbl checking.
bash-2.05b# cat /service/qmail-smtpd-auth/run
#!/bin/sh
# Dave Sill, 2001-11-06
# For use with The qmail Handbook, ISBN 1893115402
QMAILDUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`
MAXSMTPD=`head -1 /var/qmail/control/concurrencyincoming`
if [ -z "$QMAILDUID" -o -z "$NOFILESGID" -o -z "$MAXSMTPD" ]; then
echo QMAILDUID, NOFILESGID, or MAXSMTPD is unset in
echo $0
exit 1
fi
exec /usr/local/bin/softlimit -m 2000000 \
/usr/local/bin/tcpserver -v -P -R -h -l auth-ecluster6.tls.net -x
/var/qmail/control/tcp.smtp-auth.cdb -c "$MAXSMTPD" \
-u "$QMAILDUID" -g "$NOFILESGID" 10.0.241.136 587 \
/usr/local/bin/fixcrio /var/qmail/bin/qmail-smtpd-auth \
/home/vpopmail/bin/vchkpw /usr/bin/true 2>&1
bash-2.05b# cat /var/qmail/control/tcp.smtp-auth
#_Allow_the_local_machine_to_use_SMTP
127.:allow,RELAYCLIENT=""
:allow
:deny
DAve
--
Three years now I've asked Google why they don't have a
logo change for Memorial Day. Why do they choose to do logos
for other non-international holidays, but nothing for
Veterans?
Maybe they forgot who made that choice possible.
|