Hello. I just installed qmail after promoting it wherever
I went on IRC, even freshmeat.net. Yes I had a good reason
to do that.
Now I got a real problem. How can I allow selective realying
*without* blocking ports as sugested in the FAQ and *without*
moving the smtpd to a "secret" port as DJB suggests on the
web page, or doing PGP sig check. I don't like the pop3-auth-
before-smtp implementations eighter. Yes I have tcp_wrappers.
So what is my problem then? Well I want certain hosts I specify
to override control/rcpthosts and to be able to send/relay mail.
And again, I don't want to block port 25. Sendmail has this
feature. And no I don't want sendmail, smail, exim, postfix
or any other insecure and slow MTA which hangs Mutt in my tty!
Why I don't want to block the smtp port? Because all my mail
comes on that port. I would be losing mail if I blocked it,
wouldn't I?
Why I don't want a general relay? Because not long ago someone
sent a flame message to [EMAIL PROTECTED] through my
smtp server. I think this is a good reason, don't you?
And no it wasn't the backdoored eggdrop on sodre.net that did
it :). Just anoher evil guy..
For whom I want to relay? For the hosts behind the firewall.
My mail server is also a NAT-firewall (IP-masquerade). And
not only for them. I might want to relay for say freemail.ro
or for 193.230.247.0/255.255.255.0 one day.
For whom I don't want to relay? For the rest of the world,
the evil spammers on internet.
>From whom am I receiving mail? From the rest of the world,
the friendly users on the internet (hopefully). Nice people
like you for instance.
What did I do in this direction? Read the FAQ, read the qmail
web page, got some patches, tried them, read some messages on
the mailing list archieves.
I also patched with qmail-1.03-relayclient.diff which adds two
files: control/relayclients and conrtol/relaydomains. I edited
these to include the internal adresses which are allowed to relay
like this:
control/relayclients --
127.0.0.1
192.168.221.0/255.255.255.0
conrtol/relaydomains --
.karellen.itslinux.net
Did I screw something up? It doesn't work :(
I also wasted one entire day on this, missed some of my
math preparation I should have done for my upcoming semestrial
tests :((
*please*help*
--
Karellen <[EMAIL PROTECTED]>
If something just can't go wrong, it will go wrong anyway --Murphy
