FAQ: ftp://koobera.math.uic.edu/www/qmail/faq/servers.html#authorized-relay
On Sat, Jan 09, 1999 at 08:16:43PM +0200, Karellen wrote:
> Hello. I just installed qmail after promoting it wherever
> I went on IRC, even freshmeat.net. Yes I had a good reason
> to do that.
>
> Now I got a real problem. How can I allow selective realying
> *without* blocking ports as sugested in the FAQ and *without*
> moving the smtpd to a "secret" port as DJB suggests on the
> web page, or doing PGP sig check. I don't like the pop3-auth-
> before-smtp implementations eighter. Yes I have tcp_wrappers.
>
> So what is my problem then? Well I want certain hosts I specify
> to override control/rcpthosts and to be able to send/relay mail.
> And again, I don't want to block port 25. Sendmail has this
> feature. And no I don't want sendmail, smail, exim, postfix
> or any other insecure and slow MTA which hangs Mutt in my tty!
>
> Why I don't want to block the smtp port? Because all my mail
> comes on that port. I would be losing mail if I blocked it,
> wouldn't I?
>
> Why I don't want a general relay? Because not long ago someone
> sent a flame message to [EMAIL PROTECTED] through my
> smtp server. I think this is a good reason, don't you?
> And no it wasn't the backdoored eggdrop on sodre.net that did
> it :). Just anoher evil guy..
>
> For whom I want to relay? For the hosts behind the firewall.
> My mail server is also a NAT-firewall (IP-masquerade). And
> not only for them. I might want to relay for say freemail.ro
> or for 193.230.247.0/255.255.255.0 one day.
>
> For whom I don't want to relay? For the rest of the world,
> the evil spammers on internet.
>
> From whom am I receiving mail? From the rest of the world,
> the friendly users on the internet (hopefully). Nice people
> like you for instance.
>
> What did I do in this direction? Read the FAQ, read the qmail
> web page, got some patches, tried them, read some messages on
> the mailing list archieves.
> I also patched with qmail-1.03-relayclient.diff which adds two
> files: control/relayclients and conrtol/relaydomains. I edited
> these to include the internal adresses which are allowed to relay
> like this:
>
> control/relayclients --
> 127.0.0.1
> 192.168.221.0/255.255.255.0
>
> conrtol/relaydomains --
> .karellen.itslinux.net
>
> Did I screw something up? It doesn't work :(
> I also wasted one entire day on this, missed some of my
> math preparation I should have done for my upcoming semestrial
> tests :((
>
> *please*help*
>
> --
> Karellen <[EMAIL PROTECTED]>
> If something just can't go wrong, it will go wrong anyway --Murphy
