Marek Narkiewicz wrote:
>
> Hi there. I aked this a while ago but in the wrong context. I intend to set up an
>ISP style
> smtp and pop server using qmail. I need full relaying to any host from dialup users
>on my
> network. What do I put in the me file? As I can't get the ./config script to find
>my dns
> name and As my machine runs a lot of virtual hosts(over 50) I need to know what to
>put in
> the file. I've found a nice article on relaying which I am sure will be a lot of
>help but it
> doesn't mention this file. If anyone has any thoughts let me know.
> Incidently the hostname of the machine is not a dns name.
I'm new to qmail and not entirely sure what you are asking, but as
for allowing relaying only on your network, as I understand it you
can use tcpserver to limit relaying to hosts on your network only,
or you can do what I did which is to roll your own script which
allows or denies relaying based upon IP address of the SMTP peer.
Here is the script that I use to allow relaying only for hosts
on our network (I called it /var/qmail/bin/selectiverelay.sh):
------------------------------------------------------
#! /usr/local/bin/bash
ADDR=${TCPREMOTEIP##209.116.169.}
if [ -z $ADDR ]; then
unset RELAYCLIENT
elif [ $ADDR = 127.0.0.1 ]; then
export RELAYCLIENT=""
elif [ $ADDR = $TCPREMOTEIP ]; then
unset RELAYCLIENT
elif [ $ADDR -lt 66 -o $ADDR -gt 126 ]; then
unset RELAYCLIENT
else
export RELAYCLIENT=""
fi
/var/qmail/bin/qmail-smtpd
-------------------------------------------------------
My inetd.conf entry for qmail looks like this:
smtp stream tcp nowait qmaild /var/qmail/bin/tcp-env tcp-env
/var/qmail/bin/selectiverelay.sh
As you can see, you can set up any number of rules and tests to
see if relaying should be accepted for the host in question. This
gives you all the power in the world to determine who to relay for.
The script above first sets the variable ADDR to be the last octal
of the remote peer's IP address using some bash string magic. The
variable TCPREMOTEIP will have been set by tcp-env, whose job is
to set such variables. If the remote peer is not in the
209.116.169. network (which is our network) ADDR will remain
whatever it was, otherwise it will only be the last octal.
Then, if ADDR is nothing (which should never happen anyway), or
ADDR is the same as the remote peer's IP (which means that the
remote peer was not in the 209.116.169. network) the variable
RELAYCLIENT is unset. If the last octal is in the range 66 - 126
or the IP is 127.0.0.1 (which are all of the valid hosts in our
network and the localhost IP, respectively), RELAYCLIENT is set.
qmail-smtpd will ignore the rcpthosts file if RELAYCLIENT is set,
so for the hosts we have allowed RELAYCLIENT, relaying happens,
otherwise relaying only to the hosts in our network (which are
listed in our rcpthosts file) is allowed.
The only drawback I can see to a script like the above is that it
runs yet another process (a bash process) every time an email is
received. But it's working well for us so far, and it's easy
to change and to even add a "trusted" remote IP address.
You can also selectively relay using the tcpserver program, if
memory serves correctly. You may want to check into that as well,
especially if you are using tcpserver already, because the selective
relaying will then essentially be "free".
I don't know if this addresses your problem in any way, but I
posted it in hopes that if it doesn't, it might help someone
else sometime.
Any comments or suggestions (or reports of any problems with
my approach to selective relaying) are welcome.
Best wishes,
Bryan
--
--------------------------------------------------------------------
Bryan Ischo p l u m b d e s i g n
[EMAIL PROTECTED] http://www.plumbdesign.com
