Hi,
I have replied inline::
Questions :
Have you rebuilt the /etc/tcp.smtp.cdb file after modification of
the rules file? probably yes.
Have you rebuilt the /etc/tcp.smtp.cdb file after modification of
the rules file? probably yes.
-----Yes
Can you show us the /var/qmail/bin/qmail-showctl output?
------I have enclosed file with
this.
Have you enabled "AUTHREQUIRED"? it appear as "authrequired" in
"enabled options" debug
----I have not enable
AUTHREQUIRED.
What is the debug when activating "RCPTCHECK" in the rules file?
-----only accept those domains mail which are from rcpthost file...working fine..
Points:
SMTPAUTH allows for remote users to RELAY email when authenticated,
OPTIONAL, not required.
AUTHREQUIRED - guess!
------------ i am able to send
mail without authentication.I want to force each and
every user to give username and password who are want to send mail.so outside network will not send any
mails without authencation.
PS: Try to check the qmail-smtpd.c source code
void smtp_mail(char *arg)
{
...
if (needauth && !flagauthok) {
out("530 authentication needed\r\n");
logline(3, "auth needed");
if (errdisconnect) err_quit();
return;
}
/* check if we are authenticated, if yes enable relaying */
if (flagauthok && relayclient == 0)
relayclient = "";
...
}
every user to give username and password who are want to send mail.so outside network will not send any
mails without authencation.
PS: Try to check the qmail-smtpd.c source code
void smtp_mail(char *arg)
{
...
if (needauth && !flagauthok) {
out("530 authentication needed\r\n");
logline(3, "auth needed");
if (errdisconnect) err_quit();
return;
}
/* check if we are authenticated, if yes enable relaying */
if (flagauthok && relayclient == 0)
relayclient = "";
...
}
----------------------------------------
void smtp_mail(char
*arg)
{
unsigned int i,j;
char *rblname;
int bounceflag = 0;
{
unsigned int i,j;
char *rblname;
int bounceflag = 0;
/* address syntax check
*/
if (!addrparse(arg))
{
err_syntax();
logline2(3,"RFC2821 syntax error in mail from: ",arg);
if (errdisconnect) err_quit();
return;
}
if (!addrparse(arg))
{
err_syntax();
logline2(3,"RFC2821 syntax error in mail from: ",arg);
if (errdisconnect) err_quit();
return;
}
logline2(3,"mail from:
",addr.s);
if (needauth &&
!flagauthok) {
out("530 authentication needed\r\n");
logline(3, "auth needed");
if (errdisconnect) err_quit();
return;
}
out("530 authentication needed\r\n");
logline(3, "auth needed");
if (errdisconnect) err_quit();
return;
}
/* check if we are
authenticated, if yes enable relaying */
if (flagauthok && relayclient == 0)
relayclient = "";
if (flagauthok && relayclient == 0)
relayclient = "";
/* smtp size check
*/
if (databytes && !sizelimit(arg))
{
err_size(); /* logging is done in error routine */
if (errdisconnect) err_quit();
return;
}
if (databytes && !sizelimit(arg))
{
err_size(); /* logging is done in error routine */
if (errdisconnect) err_quit();
return;
}
sir, in source code it's there but wny it's not working i dont
know...
Let me know what do to??
Harindra.
----- Original Message -----
From: "Rui Lapa" <[EMAIL PROTECTED]>
To: "Hyper Axe" <[EMAIL PROTECTED]>
Cc: "'Harindra Patel'" <[EMAIL PROTECTED]>;
"'Andrew Ross'" <[EMAIL PROTECTED]>; <[email protected]>
Sent: Tuesday, May 31, 2005 2:53 PM
Subject: Re: SMTP AUTH problem...Very
High
>
> From what I seen from every mail exchanged:
>
> 1.st Origin IP: 172.16.2.100
> 2.st Origin IP: Outside 172.16.2.X network
> Destination IP: 203.187.192.14
> <mailto:[EMAIL PROTECTED]>
> Origin Email: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
> Destination Email: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
>
>
> TCPSERVER RULES:
> 172.16.2.:allow,RCPTCHECK="",SMTPAUTH="",LOGLEVEL="3"
> :allow,RELAYCLIENT="",RCPTCHECK="",SMTP500DISCONNECT="",RETURNMXCHECK="",SANITYCHECK="",BLOCKRELAYPROBE="",TARPITCOUNT="20",TARPITDELAY="3000",SMTPAUTH="",LOGLEVEL="3"
>
> Changed later to:
> 172.16.2.:allow,SMTPAUTH="",LOGLEVEL="3"
> :allow,SMTPAUTH="",LOGLEVEL="3"
>
> AUTH is being announced but not used:
> 220 sumail02.iqara.net ESMTP
> EHLO dude
> 250-sumail02.iqara.net
> 250-PIPELINING
> >>>>>>>>>>>>>>>>>>>>>> 250-AUTH LOGIN PLAIN
>
> @40000000429c002b3975d4cc tcpserver: status: 0/200
> @40000000429c00361390df7c tcpserver: status: 1/200
> @40000000429c003613a939dc tcpserver: pid 24886 from 172.16.2.100
> @40000000429c003613c18884 tcpserver: ok 24886
> sumail02.iqara.net:203.187.192.14:25 :172.16.2.100::1974
> @40000000429c003614487b64 qmail-smtpd 24886: connection from
> 172.16.2.100 (unknown) to sumail02.iqara.net
> >>>>>>>>>>>>>>>>>>>>>> @40000000429c0036144965c4 qmail-smtpd 24886:
> enabled options: rcptcheck smtp-auth
>
>
> Questions :
> Have you rebuilt the /etc/tcp.smtp.cdb file after modification of
> the rules file? probably yes.
> Can you show us the /var/qmail/bin/qmail-showctl output?
> Have you enabled "AUTHREQUIRED"? it appear as "authrequired" in
> "enabled options" debug
> What is the debug when activating "RCPTCHECK" in the rules file?
>
> Points:
> SMTPAUTH allows for remote users to RELAY email when authenticated,
> OPTIONAL, not required.
> AUTHREQUIRED - guess!
>
> PS: Try to check the qmail-smtpd.c source code
> void smtp_mail(char *arg)
> {
> ...
> if (needauth && !flagauthok) {
> out("530 authentication needed\r\n");
> logline(3, "auth needed");
> if (errdisconnect) err_quit();
> return;
> }
>
> /* check if we are authenticated, if yes enable relaying */
> if (flagauthok && relayclient == 0)
> relayclient = "";
> ...
> }
>
>
>
>
>
> Hyper Axe wrote:
>
>> I see. You don't have to run the make command then. :o)
>>
>> Best regards,
>>
>> hyperaxe
>>
>> -----Original Message-----
>> *From:* Harindra Patel [mailto:[EMAIL PROTECTED]
>> *Sent:* Tuesday, May 31, 2005 2:48 PM
>> *To:* Harindra Patel; Andrew Ross
>> *Cc:* [email protected]
>> *Subject:* Re: SMTP AUTH problem...Very High
>>
>> I am running
>>
>> #!/bin/sh
>>
>> QMAILDUID=`/usr/xpg4/bin/id -u qmaild`
>> NOFILESGID=`/usr/xpg4/bin/id -g qmaild`
>> MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
>> LOCAL=`head -1 /var/qmail/control/me`
>>
>> exec /usr/local/bin/softlimit -m 50000000 \
>> /usr/local/bin/tcpserver -v -R -l "$LOCAL" -x
>> /etc/tcp.smtp.cdb -c "$MAXSMTPD" \
>> -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp
>> /var/qmail/bin/qmail-smtpd \ /var/qmail/bin/auth_smtp
>> /usr/bin/true 2>&1
>>
>> and creating tcp.smtp.cdb file like this::
>>
>> tcprules /etc/tcp.smtp.cdb /etc/tcp.smtp.tmp < /etc/tcp.smtp
>>
>> what else i need to do?? where i need to run make command??
>> till i am able to send mail using command prompt.
>>
>> Harindra.
>>
>> ----- Original Message -----
>> From: "Harindra Patel" <[EMAIL PROTECTED]
>> <mailto:[EMAIL PROTECTED]>>
>> To: "Andrew Ross" <[EMAIL PROTECTED]
>> <mailto:[EMAIL PROTECTED]>>
>> Cc: <[email protected] <mailto:[email protected]>>
>> Sent: Tuesday, May 31, 2005 12:11 PM
>> Subject: Re: SMTP AUTH problem...Very High
>>
>> > Dear sir,
>> > Rightnow, My tcp.smtp file is like this. and my ip is belong to
>> first line
>> > 172.16.2.100.
>> >
>> > 172.16.2.:allow,RCPTCHECK="",SMTPAUTH="",LOGLEVEL="3"
>> >
>> :allow,RELAYCLIENT="",RCPTCHECK="",SMTP500DISCONNECT="",RETURNMXCHECK="",SANITYCHECK="",BLOCKRELAYPROBE="",TARPITCOUNT="20",T
>> > ARPITDELAY="3000",SMTPAUTH="",LOGLEVEL="3"
>> >
>> > What changes i need to do ?? tell me so outside network will not
>> send any
>> > mails without authencation.
>> >
>> > With Regards,
>> > Harindra.
>> >
>> > ----- Original Message -----
>> > From: "Andrew Ross" <[EMAIL PROTECTED]
>> <mailto:[EMAIL PROTECTED]>>
>> > To: "Harindra Patel" <[EMAIL PROTECTED]
>> <mailto:[EMAIL PROTECTED]>>
>> > Sent: Tuesday, May 31, 2005 11:55 AM
>> > Subject: Re: SMTP AUTH problem...Very High
>> >
>> >
>> >> Harindra Patel wrote:
>> >>> I have enalbled smth auth in my qmail-ldap patch.
>> >>
>> >>> I am able to send message without auth..how to resrict this
>> thing and
>> >>> that also who are sending messages in outlook without auth enable.
>> >>
>> >>> Please suggest anyone who has done same thing....i want to
>> smth auth so
>> >>> nobody can send mail without authencation.
>> >>
>> >> Check the value of RELAYCLIENT in /etc/tcp.smtp.cdb (or rather, in
>> >> whatever input file you use to genereate tcp.smtp.cdb).
>> >>
>> >> If RELAYCLIENT is set (doesn't matter what the value is) then
>> relaying is
>> >> enabled. This is used to allow relaying based on IP address,
>> particuarly
>> >> for internal networks.
>> >>
>> >> If RELAYCLIENT is never set, then the only way to send email
>> using your
>> >> SMTP server is either using SMTP-AUTH or if the recipient's
>> email address
>> >> belongs one one of the domains in /var/qmail/controls/rcpthosts
>> >>
>> >> This should all be documented at http://www.lifewithqmail.org/
>> - I suggest
>> >> you read it.
>> >>
>> >> Cheers
>> >>
>> >> Andrew
>> >>
>> >>
>> >
>> >
>> >
>> >
>>
>> --
>> No virus found in this incoming message.
>> Checked by AVG Anti-Virus.
>> Version: 7.0.322 / Virus Database: 267.3.0 - Release Date: 5/30/2005
>>
>>
>> --
>> No virus found in this outgoing message.
>> Checked by AVG Anti-Virus.
>> Version: 7.0.322 / Virus Database: 267.3.0 - Release Date: 5/30/2005
>>
>
>
>
qmail home directory: /var/qmail. user-ext delimiter: -. paternalism (in decimal): 2. silent concurrency limit: 500. subdirectory split: 23. user ids: 7790, 7791, 7792, 0, 7793, 7794, 7795, 7796. group ids: 2108, 2107. me: My name is sumail02.iqara.net ldapserver: My ldap server is sudsr.iqara.net:389
badmailfrom: [EMAIL PROTECTED] not accepted in MAIL FROM. [EMAIL PROTECTED] not accepted in MAIL FROM. [EMAIL PROTECTED] not accepted in MAIL FROM. [EMAIL PROTECTED] not accepted in MAIL FROM. [EMAIL PROTECTED] not accepted in MAIL FROM. [EMAIL PROTECTED] not accepted in MAIL FROM. [EMAIL PROTECTED] not accepted in MAIL FROM. [EMAIL PROTECTED] not accepted in MAIL FROM. newmovies.com not accepted in MAIL FROM. badmailfrom-unknown: [EMAIL PROTECTED] not accepted in MAIL FROM from host without PTR. badrcptto: [EMAIL PROTECTED] not accepted in RCPT TO bouncefrom: (Default.) Bounce user name is MAILER-DAEMON. bouncehost: (Default.) Bounce host name is sumail02.iqara.net. bouncemaxbytes: Bounce data limit is 512000 bytes. concurrencylocal: Local concurrency is 250. concurrencyremote: Remote concurrency is 250. custombouncetext: (Default.) No custombouncetext. databytes: (Default.) SMTP DATA limit is 0 bytes. defaultdomain: Default domain name is iqara.net. defaulthost: (Default.) Default host name is sumail02.iqara.net. dirmaker: Program to create homedirs /var/qmail/bin/custom_dirmaker. doublebouncehost: (Default.) 2B recipient host: sumail02.iqara.net. doublebounceto: (Default.) 2B recipient user: postmaster. envnoathost: (Default.) Presumed domain name is sumail02.iqara.net. goodmailaddr: @iqara.net is allowed in any case. @sumail02.iqara.net is allowed in any case. @in.iqara.net is allowed in any case. @surat.iqara.net is allowed in any case. @worldgate.co.in is allowed in any case. helohost: (Default.) SMTP client HELO host name is sumail02.iqara.net. idhost: (Default.) Message-ID host name is sumail02.iqara.net. localiphost: (Default.) Local IP address becomes sumail02.iqara.net. locals: Messages for sumail02.iqara.net are delivered locally. me: My name is sumail02.iqara.net. outgoingip: (Default.) Bind qmail-remote to 0.0.0.0. pbscachesize: (Default.) PBS cachesize is 1048576 bytes. pbsenv: (Default.) No environment variables will be passed. pbsip: (Default.) Bind PBS daemon to 0.0.0.0. pbsport: (Default.) PBS deamon listens on port 2821. pbssecret: (Default.) PBS shared secret is undefined! Uh-oh. pbsservers: (Default.) No PBS servers. pbstimeout: (Default.) PBS entries will be valid for 600 seconds. percenthack: (Default.) The percent hack is not allowed. plusdomain: Plus domain name is iqara.net. qmqpcip: (Default.) Bind qmail-qmqpc to 0.0.0.0. qmqpservers: (Default.) No QMQP servers. queuelifetime: Message lifetime in the queue is 86400 seconds. quotawarning: (Default.) No quotawarning. rbllist: (Default.) No RBL listed. rcpthosts: SMTP clients may send messages to recipients at sumail02.iqara.net. SMTP clients may send messages to recipients at in.iqara.net. SMTP clients may send messages to recipients at iqara.net. SMTP clients may send messages to recipients at get.iqara.net. SMTP clients may send messages to recipients at surat.iqara.net. SMTP clients may send messages to recipients at bg-group.com. SMTP clients may send messages to recipients at gujaratgas.com. SMTP clients may send messages to recipients at mafoi.com. SMTP clients may send messages to recipients at sendmail.iqara.net. SMTP clients may send messages to recipients at gtsweb.iqara.net. SMTP clients may send messages to recipients at getmail.iqara.net. SMTP clients may send messages to recipients at officemail.iqara.net. SMTP clients may send messages to recipients at hari.iqara.net. SMTP clients may send messages to recipients at testdomain.com. morercpthosts: (Default.) No effect. morercpthosts.cdb: (Default.) No effect. relaymailfrom: Envelope senders allowed to relay: @iqara.net. Envelope senders allowed to relay: @sumail02.iqara.net. Envelope senders allowed to relay: @in.iqara.net. Envelope senders allowed to relay: @surat.iqara.net. Envelope senders allowed to relay: @worldgate.co.in. smtpgreeting: (Default.) SMTP greeting: 220 sumail02.iqara.net. smtproutes: SMTP route: suqmail.iqara.net:203.187.192.5:5000 SMTP route: in.iqara.net:203.187.192.14:10025 SMTP route: get.iqara.net:203.187.192.5:5000 SMTP route: surat.iqara.net:203.187.192.14:10025 SMTP route: iqara.net:203.187.192.14:10025 SMTP route: bg-group.com:203.187.192.5:5000 SMTP route: gujaratgas.com:203.187.192.5:5000 SMTP route: mafoi.com:203.187.192.5:5000 SMTP route: sendmail.iqara.net:203.187.192.5:5000 SMTP route: gtsweb.iqara.net:203.187.192.5:5000 SMTP route: getmail.iqara.net:203.187.192.5:5000 SMTP route: officemail.iqara.net:203.187.192.5.5000 SMTP route: hari.iqara.net:203.187.192.5.5000 SMTP route: testdomain.com:203.187.192.5.5000 timeoutconnect: (Default.) SMTP client connection timeout is 60 seconds. timeoutremote: (Default.) SMTP client data timeout is 1200 seconds. timeoutsmtpd: (Default.) SMTP server data timeout is 1200 seconds. virtualdomains: (Default.) No virtual domains. Now the qmail-ldap specific files: ldapbasedn: LDAP basedn: o=iqaranew.net. ldapserver: sudsr.iqara.net:389 ldaplogin: LDAP login: cn=Directory Manager. ldappassword: LDAP password: testing. ldaptimeout: (Default.) LDAP server timeout is 30 seconds. ldapuid: Default UID is 11184. ldapgid: Default GID is 2110. ldapobjectclass: (Default.) The objectclass to limit ldap filter is not defined. ldapmessagestore: Prefix for non absolute paths is /var/qmail/maildirs. ldapdefaultdotmode: (Default.) Default dot mode for ldap users is ldaponly. defaultquotasize: (Default.) Mailbox size quota is 0 bytes (0 is unlimited). defaultquotacount: (Default.) Mailbox count quota is 0 messages (0 is unlimited) . ldaplocaldelivery: (Default.) Local passwd lookup is 1 (1 = on, 0 = off). ldaprebind: Ldap rebinding is 1 (1 = on, 0 = off). ldapcluster: (Default.) Clustering is 0 (1 = on, 0 = off). ldapclusterhosts: (Default.) Messages for me are not redirected. qmail-smtpd.rules: I have no idea what this file does. qmail-qmqpd.rules: I have no idea what this file does. qmail-pop3d.rules: I have no idea what this file does. qmail-imapd.rules: I have no idea what this file does. Makefile: I have no idea what this file does. signatures: I have no idea what this file does. concurrencyincoming: I have no idea what this file does. defaultdelivery: I have no idea what this file does. ldapserver.bak: I have no idea what this file does. relaymailfrom.bak: I have no idea what this file does. smtproutes.org: I have no idea what this file does. locals.cdb: I have no idea what this file does. rcpthosts.cdb: I have no idea what this file does. qmail-smtpd.cdb: I have no idea what this file does. qmail-qmqpd.cdb: I have no idea what this file does. qmail-pop3d.cdb: I have no idea what this file does. qmail-imapd.cdb: I have no idea what this file does.
