Jeff Jansen wrote:
On Sunday 12 October 2003 07:24, Mark Mays wrote:I've never gotten a "relaying denied."
I don't have a "me" file or a locals file. The hostname resolves to "mail.domain.com."
All mail users are in userdb and userdb.dat using uid, gid, mail, home, and systempw. Owner of all files is courier.
format is: [EMAIL PROTECTED] uid=500|systempw=...|home=...|mail=...|gid=...
Well, I don't have THE answer but I have some ideas. For starters this seems odd. If the machine is called "mail.domain.com" then is "domain.com" in hosteddomains and acceptmailfor? If not I'm not sure how you are getting any mail into this system. If courier doesn't know that "domain.com" is a valid domain to accept mail for, then it ought to give you a "513 Relaying denied" error every time you try and accept mail through SMTP. At least I think it should. Perhaps wiser heads than mine can shed some light on this.
Both hosteddomains and esmtpacceptmailfor.dir directories conatin the following files, among others:
**hosteddomains/domain.com** domain.com mail.domain.com domain.com
**esmtpacceptmailfor.dir/domain.com** domain.com mail.domain.com
Works like a charm, at least for receiving and retrieving inbound mail.
This is an excellent thought. I assumed that you had to deny access to bad guys. I like it better the way you say it works. My smtp access had the following, because external access comes through my firewall with an address on a 10. IP. My smtpaccess/default contains the following:smtpaccess.dat allows local machines (192.168...) to send mail without
authentication. This file is owned by courier. External IP addresses are
denied in smtpaccess. My understanding is that this forces
authentication for external IP's. In fact, it is requesting
authentication for IP's outside the 192.168 network., it just is not
accepting the userid and password.
External addresses don't need to be explicitly denied in the smtpaccess file. By default NO ONE can relay. You use smtpaccess to allow ip addresses to relay or you can use smtp auth to allow people to relay. Conversely you can use smtpaccess to categorically deny some ip addresses. Try removing the lines that block outside addresses and just leave the lines that allow the internal network to relay. Maybe the explicit block is "winning", so that even if you authenticate those addresses are still blocked from relaying.
Sam would have to explain the order that these get checked and whether this is true or not, however.
10.0.0.0/8 deny
192.168.100.98 allow,RELAYCLIENT
To test your idea, I commented out the 192.168.100.98 line, regenerated the smtpaccess.dat file, and attempted to send an e-mail from the 192 network. Now I could not send out e-mail. I went into Mozilla outbound smtp setting, set the outbound mail server to mail.domain.com, userid to [EMAIL PROTECTED], use ssl to never, and tried to send a test e-mail. I got a prompt asking for the password to [EMAIL PROTECTED]@mail.domain.com. I enter the password I know is valid several times, and am denied. Log says:
Oct 12 22:50:22 mail courieresmtpd: error,relay=192.168.100.98,msg="535 Authentication failed.",cmd: AUTH LOGIN b<snip>Q=
Oct 12 22:50:48 mail courieresmtpd: setgid: Operation not permitted
Oct 12 22:50:48 mail courieresmtpd: error,relay=192.168.100.98,msg="535 Authentication failed.",cmd: AUTH LOGIN b<snip>Q=
Oct 12 22:51:59 mail imapd-ssl: Connection, ip=[192.168.100.98]
This is new, apparently before my logins were hitting the "deny" clause in the smtpaccess file. I don't remember seeing the setgid error before. What would the "setgid: Operation not permitted" mean? The group ID in the userdb file entry for [EMAIL PROTECTED] is correct.
Can courieresmtp be set to give up more information with a debug option,
the way courier-IMAP produces detailed logging??
Too bad about the logging. It would be a bit easier if I could find out what rules were causing the rejection, until things work.
I think I am closer now, if I can find out what the setgid message is telling me.
Thanks, I know you've given this much time and thought so far.
------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php _______________________________________________ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
