>What is in your rcpthosts file? That is the FIRST point that needs to be
>in place to prevent relaying. RELAYCLIENT overrides the rcpthosts file,
>it does not replace it.
>
localhost
fab.foobar.com
fib.foofub.no
In other words .. Localhost, the local domain and all virtual domains
RELAYCLIENT is supposed to give a client that's not in the rcpthosts file relay
acces .. right?
But why did he get partial (7 of 8 accounts belonging to the same domain) access
to pop3 login and why did it help to include him in tcp.smtp
^^^^
-Roger
>On Wed, 6 Jan 1999, Roger O. Svenning wrote:
>
>> I installed tcpserver for use with qmail 1.03 yesterday so
>> I could allow and restrict relaying. (According to the instrucions in FAQ 5.4)
>> After setting up the tcp.smtp file and rebuilding the cdb, mail relaying worked
>> ... for everyone :)
>>
>> I tried to just make a test tcp.smtp with the following content
>>
>> 123.12.:allow,RELAYCLIENT=""
>> :allow
>>
>> After rebuilding I was still able to relay mail trough our server from whatever host
>> I wanted (I tried from several different shell accounts).
>> Guess I have to put in deny entries too to keep other ppl away but will they be
>able to
>> deliver mail to local addresses then ? (I have several virtual domains on the
>server),
>> and if this is the case then the FAQ is wrong and should be corrected ... cause it
>does
>> not say anything about adding 'deny' entries.
>>
>> Anyway ... I moved pop3 from inetd to tcpserver and it looked like it worked just
>perfectly
>> until one customer called and complained about he could not authenticate on one of
>their
>> accounts. This customer has 8 accounts belonging to the same virtual domain and he
>got
>> 7 of them to work. I tried to access that account from my workstation and it worked
>just fine
>> but no matter what he did he could not access that particular account.
>> Then .. just out of the blue sky .. I tried to put his ip into the tcp.smtp and
>voila .. he could open
>> that account too ... how is this possible??, that a customer from one computer can
>open
>> [EMAIL PROTECTED] but not [EMAIL PROTECTED] .. though if tcpserver had worked correctly he
>should not
>> have been able to log in at all.
>>
>> To answer some questions before you ask them:
>> No .. I do not run tcpserver from inetd :) .. it's started trough rc.local
>> And (again) .. yes I did build the cdb .. over and over again
>>
>> Any suggestions ?
>>
>> Roger O. Svenning
>>
>>
>
>---------------------------------
>Timothy L. Mayo mailto:[EMAIL PROTECTED]
>Senior Systems Manager http://www.mayod.nb.net/
>The National Business Network Inc.
>localconnect(sm) http://www.nb.net/
>
>
