On Mon, Jun 26, 2000 at 05:18:05PM +0200, Thilo Bangert wrote:
>
> ----- Original Message -----
> From: Wolfgang Walter <[EMAIL PROTECTED]>
> To: Thilo Bangert <[EMAIL PROTECTED]>
> Cc: <[EMAIL PROTECTED]>
> Sent: Monday, June 26, 2000 4:42 PM
> Subject: Re: selective relaying: two smtpd�s?
>
>
> > On Fri, Jun 23, 2000 at 04:47:44PM +0200, Thilo Bangert wrote:
> > > Hi all,
> > >
>
> <snip>
>
> > >
> > > i absolutely need to allow my pop3 users relaying, for which i want to
> use
> > > relay-ctrl (is there a better solution out there). but that would mean
> the
> > > smtp-port would be blocked for any connections, except those made
> available
> > > by relay-ctrl, so no mailserver could deliver email for my users.
> > > I figured, a way to get around this would be to have to qmail-smtpd�s
> > > running: one allowing selective relay by using rcpthosts (incoming
> smtp),
> > > and another being made available by relay-ctrl (outgoing smtp).
> > >
>
> <snip>
>
> > How do you start qmail-smtpd? If you use inetd this is a little bit
> difficult.
> >
> > One way to do that is: assign 2 ip-adresses to you mailserver. Use one
> > address to receive mail from outside with qmail, the other one for
> relaying.
> >
> > You can even use qmail for both tasks.
> >
> > We for example use xinetd to start qmail-smtp:
> >
> > 10.20.30.10 is for relaying your clients
> > 10.20.31.11 is for receiving
> >
> > Be 10.20.30.0/19 your network (where your clients are):
> >
> > -----------------
> > service smtp
> > {
> > id = mailout-smtpd
> > socket_type = stream
> > protocol = tcp
> > interface = 10.20.30.10
> > wait = no
> > user = qmaild
> > server = /var/qmail/bin/tcp-env
> > server_args = /var/qmail/bin/qmail-smtpd
> > only_from = 10.20.30.0/19
> > env = RELAYCLIENT=
> > }
> >
> > service smtp
> > {
> > id = mailin-smtpd
> > socket_type = stream
> > protocol = tcp
> > interface = 10.20.30.11
> > wait = no
> > user = qmaild
> > server = /var/qmail/bin/tcp-env
> > server_args = /var/qmail/bin/qmail-smtpd
> > no_access = 10.20.30.0/19
> > }
> > ------------------
> >
> > Use rcpthosts to restrict qmail-smtpd to only receive for your domains
> > Setting the environment variable RELAYCLIENT when your clients access
> > qmail via 10.20.30.10 switch rcpthosts for them off. With only_from you
> > control that only hosts in your network can access qmail with RELAYCLIENT
> > set.
> >
> > Of course, you can start relay-ctrl instead of qmail-send.
> >
> > And xinetd is not the only superdaemon you could use (I think there is one
> > >from Bernstein, too) but it is part of a lot of distributions.
> >
> >
> > Greetings
> >
> > Wolfgang
> >
>
> You are right - but in your case you need to know the ip�s from your
> clients. My clients could come from all over the world and I have no other
> way than checking their poppassword to know that they are legitimite.
In this case do not start qmail-smtpd directly. Instead call a programm which
checks if the relaying host could authenticate and then starts qmail-smtpd (or
does the work itself). Remove the access_only lines and the no_access lines.
>
> the superdaemon you are referring to is tcpserver and is part of the
> deamontools-0.53 and it can in fact do the same as you setting does -
> unfortuneatly this is not what I want. Thank you anyways. I think you got me
> on the right path - thanks
>
> thilo
>
Wolfgang
