rcpthosts is no good. We want to accept mail for ALL domains. This is a
primary mail server for many virtual domains. I need to be able to send to
any domain in existance. such a rcpt hosts file would be HUGE!
-----Original Message-----
From: Chris Johnson [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 25, 2001 11:17 AM
To: Dan Egli
Cc: '[EMAIL PROTECTED]'
Subject: Re: relay controls
On Thu, Jan 25, 2001 at 10:39:26AM -0700, Dan Egli wrote:
> We have a QMAIL server that our previous sysadmin left in open relay
> mode. I am trying to close the security holes, but I don't understand
Qmail
> worth a damb (having used sendmail and being groomed on sendmail my entire
> unix life).
>
> I have a tcprules file the directory it appears my predecessor left the
> setup files in, and acording to the runline in PS (I still cannot find
where
> he is actually launching tcpserver for smtp but it is running) the file
> should be /var/service/qmail-smtpd/tcprules.cdb
>
> This file does exist, and it is readable, containing the following rule:
>
> 127.0.0.1:allow,RELAYCLIENT=""
> 209.254.33.:allow,RELAYCLIENT=""
>
> yet if I jump onto a machine that is not in these rules, and I telnet into
> port 25, I can setup a mail from outside the realm to outside the realm.
Does /var/qmail/control/rcpthosts exist? If not, you should create it, and
you
should put in it a list of domains for which you're willing to receive mail,
one per line.
See http://web.infoave.net/~dsill/lwq.html for lots of good qmail
information.
Chris
