Hello all, again.
In new qmail-ldap there is the RBL env variable that should be turning on RBL checking on incoming mails, using hosts listed in control/rbllist.
But, it is not clear enough how this wonderfull feature should be used.
Docs say that I should use RBL="" in env variable for tcpserver, and I've put in my qmail-smtpd.rules the following line
:allow,RBL="",RCPTCHECK="",NOPBS=""
Now, is this enough for current versions of qmail-ldap, or shoud I use rblsmtpd program like in older days, with 20030501 that I have on one machine? How can I be sure that all incoming mails are checked at RBL sites (no trace of any check in qmail logs, which is not the case when using rblsmtpd).
In order to see this you want to increase your debugging level. It will then show in the logs:
qmail-smtpd 6860: enabled options: starttlssanitycheck returnmxcheck rblcheck rcptcheck smtp-auth-tls-required qmailqueue /var/qmail/bin/qmail-scanner-queue.pl
qmail-smtpd 6860: RBL check with 'sbl.spamhaus.org': no match found, continue.
qmail-smtpd 6860: RBL check with 'relays.ordb.org': no match found, continue.
qmail-smtpd 6860: RBL check with 'list.dsbl.org': no match found, continue.
qmail-smtpd 6860: RBL check with 'bl.spamcop.net': no match found, continue.
qmail-smtpd 6860: RBL check with 'spamguard.leadmon.net': no match found, continue.
Actually, I tried using rblsmtpd in the run script for qmail-smtpd, but it doesn't work - I can't communicate with smtp process (connection is made, although, but no HELO or anything from qmail).
Also, I'm a bit confused with AUTHREQUIRED and SMTPAUTH env variables. Which is for what exactly, and how to use them?
from QLDAPNEWS:
Added auth_smtp and AUTH capabilities to qmail-smtpd. Enabled via the SMTPAUTH env var. If SMTPAUTH is set to TLSREQUIRED it is neccesairy to do a STARTTLS before issuing an AUTH command. If AUTHREQUIRED is set any user MUST successfully authenticate before issuing a MAIL FROM command. The string in the env var AUTHPREPEND will be prepended to the userid in the received line.
So if you are going to enable SMTPAUTH and want to ensure that authentication is not handled cleartext, set it to SMTPAUTH="TLSREQUIRED". AUTHREQUIRED makes it so that users cannot relay unless they have AUTHENTICATED first.
Thanks, Andrea
