I've always liked the way that qmail separated rcpthosts from locals and
virtualdomains, so that you can have private virtual domains for your
local and LAN users not visible to the outside.
This lets me have, say, a fax gateway where I set up, say. fax.example.org
in virtualdomains but not in rcpthosts, so my users and I can send messages
to 13115552368@fax and it sends it along to the fax modem, without opening it
up to the entire world. It's a private relay.
Except that there's a glaring loophole: that address is mapped to a
non-virtual address something like [EMAIL PROTECTED], which means
that if you let the world send mail to your local domain, anyone who can
guess the mapping of virtuals can send to any virtual address.
I can plug the loophole by having the fax gateway code look at the first
couple of Received: headers to see where a message came from, but in effect
I'm reimplenting the relay protection that tcpserver already has, which can
get hairy and unpleasnt when you have pop-before-smtp and other complex rules
about who gets RELAYHOST and who doesn't. Or I could move everything out of
the local domain, make everything a virtual domain and empty out locals.
That surely is not the right solution.
Am I missing something, or is there straightforward no way to implement a
private virtual domain in qmail?
Regards,
John Levine, [EMAIL PROTECTED], Primary Perpetrator of "The Internet for Dummies",
Information Superhighwayman wanna-be, http://iecc.com/johnl, Sewer Commissioner
Finger for PGP key, f'print = 3A 5B D0 3F D9 A0 6A A4 2D AC 1E 9E A6 36 A3 47
