Hi all,
I've been searching around a bit but I'm not finding a good, simple way to
accomplish this.
Currently we've got two qmail-smtpd listeners on a box, each running on a
different IP. One is published as an mxer, one isn't. The latter is given to
clients for mail relay. Both have smtp-auth patches.
We made this split so that when we are totally inundated with spammers, clients
can still connect and send mail since they are using the unpublished smtpd
listener. This works, but as you'd imagine, anything that listens on port 25,
even when no mx records point to it, ends up getting targetted.
What I would like to do is allow only two classes of people to successfully
relay through this second smtp instance:
-people who have authenticated via smtp-auth
-people with IPs in our netblocks listed in tcp.cdb
In short, it seems like I want one qmail-smtpd to basically ignore
rcpthosts/morercpthosts. This would also allow me to not run rblsmtpd on the
relay-only instance - that currently gives us problems with users on dynamic
IPs.
What's a simple way to accomplish this?
Thanks,
Charles
___
Charles Sprickman
NetEng/SysAdmin
Bway.net - New York's Best Internet - www.bway.net
spork@bway.net - 212.655.9344
|