On Thu, Jan 25, 2001 at 11:26:09AM -0700, Dan Egli wrote:
> rcpthosts is no good. We want to accept mail for ALL domains. This is a
No you don't. You want to accept mail for a small subset of the known
domains in the universe.
> primary mail server for many virtual domains. I need to be able to send to
> any domain in existance.
You said receive above and send here. Which are you talking about? The
direction *is* important as they are handled by separate mechanisms
within qmail.
rcpthosts is for inbound mail that your server delivers. RELAYCLIENT
stuff in tcpserver is used to identify which IP addresss can use your
server as a sending relay for any domain.
> such a rcpt hosts file would be HUGE!
So? Having a huge file is not a problem for qmail. Is it hard for you
to create it?
Check out the man page for qmail-newmrh. qmail especially knows how to
handle a large list of domains efficiently.
Regards.
>
> -----Original Message-----
> From: Chris Johnson [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, January 25, 2001 11:17 AM
> To: Dan Egli
> Cc: '[EMAIL PROTECTED]'
> Subject: Re: relay controls
>
>
> On Thu, Jan 25, 2001 at 10:39:26AM -0700, Dan Egli wrote:
> > We have a QMAIL server that our previous sysadmin left in open relay
> > mode. I am trying to close the security holes, but I don't understand
> Qmail
> > worth a damb (having used sendmail and being groomed on sendmail my entire
> > unix life).
> >
> > I have a tcprules file the directory it appears my predecessor left the
> > setup files in, and acording to the runline in PS (I still cannot find
> where
> > he is actually launching tcpserver for smtp but it is running) the file
> > should be /var/service/qmail-smtpd/tcprules.cdb
> >
> > This file does exist, and it is readable, containing the following rule:
> >
> > 127.0.0.1:allow,RELAYCLIENT=""
> > 209.254.33.:allow,RELAYCLIENT=""
> >
> > yet if I jump onto a machine that is not in these rules, and I telnet into
> > port 25, I can setup a mail from outside the realm to outside the realm.
>
> Does /var/qmail/control/rcpthosts exist? If not, you should create it, and
> you
> should put in it a list of domains for which you're willing to receive mail,
> one per line.
>
> See http://web.infoave.net/~dsill/lwq.html for lots of good qmail
> information.
>
> Chris
