What is in your rcpthosts file? That is the FIRST point that needs to be
in place to prevent relaying. RELAYCLIENT overrides the rcpthosts file,
it does not replace it.
On Wed, 6 Jan 1999, Roger O. Svenning wrote:
> I installed tcpserver for use with qmail 1.03 yesterday so
> I could allow and restrict relaying. (According to the instrucions in FAQ 5.4)
> After setting up the tcp.smtp file and rebuilding the cdb, mail relaying worked
> ... for everyone :)
>
> I tried to just make a test tcp.smtp with the following content
>
> 123.12.:allow,RELAYCLIENT=""
> :allow
>
> After rebuilding I was still able to relay mail trough our server from whatever host
> I wanted (I tried from several different shell accounts).
> Guess I have to put in deny entries too to keep other ppl away but will they be able
>to
> deliver mail to local addresses then ? (I have several virtual domains on the
>server),
> and if this is the case then the FAQ is wrong and should be corrected ... cause it
>does
> not say anything about adding 'deny' entries.
>
> Anyway ... I moved pop3 from inetd to tcpserver and it looked like it worked just
>perfectly
> until one customer called and complained about he could not authenticate on one of
>their
> accounts. This customer has 8 accounts belonging to the same virtual domain and he
>got
> 7 of them to work. I tried to access that account from my workstation and it worked
>just fine
> but no matter what he did he could not access that particular account.
> Then .. just out of the blue sky .. I tried to put his ip into the tcp.smtp and
>voila .. he could open
> that account too ... how is this possible??, that a customer from one computer can
>open
> [EMAIL PROTECTED] but not [EMAIL PROTECTED] .. though if tcpserver had worked correctly he
>should not
> have been able to log in at all.
>
> To answer some questions before you ask them:
> No .. I do not run tcpserver from inetd :) .. it's started trough rc.local
> And (again) .. yes I did build the cdb .. over and over again
>
> Any suggestions ?
>
> Roger O. Svenning
>
>
---------------------------------
Timothy L. Mayo mailto:[EMAIL PROTECTED]
Senior Systems Manager http://www.mayod.nb.net/
The National Business Network Inc.
localconnect(sm) http://www.nb.net/
