On Thu, Jan 07, 1999 at 11:34:40PM -0600, Aijaz A. Ansari wrote:
> Hello.
>
> My name is Aijaz and I am trying to teach myself the different aspects of
> system administration. Allow me to say that I've found this list very
> helpful in the week or so I've been on. Thank you. I have read the
> relevant parts of the FAQ and mail list archives but had some more
> questions:
>
> I installed qmail last week, and as far as I know, I followed the
> installation instructions to the letter _except_ that I'm running a
> different pop3d that my ISP had compiled and given me. I trust the
> guy, and he said that this one worked with qmail and the Mailbox (as
> opposed to Maildir) format. Sure enough, I can use MS Outlook express
> from my machine at home to read mail on the server using 'Incoming
> Mail server' and 'Outgoing Mail (SMTP) Server' set to ansari.org in
> MSOE and using the 'aijaz' userid.
>
> However, I cannot send mail from within MSOE to domain names that I do
> not host (specifically anyone at interaccess.com). I get the common
> `sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)'
> error. The FAQ suggests I
> a) run qmail-smtpd under tcpserver (I don't think I am now) and
> b) Create /etc/tcp.smtp containing
> 1.2.3.6:allow,RELAYCLIENT=""
> 127.:allow,RELAYCLIENT=""
> ... and so on.
>
> My questions are:
> 1) To do this, do I have to know in advance what the IP addresses for
> which I want to allow relaying are?
Yes. There are ways to allow someone to relay for a period of time after he's
authenticated with your POP server, though. See http://qmail.presys.com/#usersoft.
> 2) The only user who needs POP3 now is my sister-in-law. If her
> dialup provider (MegsInet) assigns her a variable IP address, would
> I have to effectively allow all IP addresses? Is that a huge
> Netiquette/security no-no?
You don't need to allow relaying to give her POP3 access--relaying has only to
do with sending mail. She can use her ISP's SMTP server to send her mail, and
connect to your POP3 server to collect her mail.
Allowing any IP address to relay through your SMTP server would indeed be a big
no-no.
> 3) If I can get away with doing it, am I better off not allowing
> POP access at all? I am not planning on being an ISP who offers a
> ton of POP3 accounts. I could probably acquaint my sister-in-law
> with the wonders of pine. :)
Like I said, there's no problem allowing POP access. Your users just need to
use their ISPs' SMTP servers. If by "planning on being an ISP" you mean you're
going to provide network connections, then you'll know your own IP addresses
and can allow relaying for them.
I have come across a couple of brain-dead ISPs that insist that you not only be
connected to their networks to relay through their SMTP servers, but also use
the e-mail address they provide as the envelope sender address on mail you
send. The worst instance of this is the Microsoft Network; if you don't use
your msn.com address on your mail, they silently discard it--no bounce, no
warning, nothing! This is not the typical case, though, and most people with an
Internet connection will have some SMTP server available to him.
Chris
