David Means <[EMAIL PROTECTED]> wrote:
>
> I believe your points are valid. But I'm just stuborn, I suppose :)
Perhaps. More importantly, you're re-inventing the wheel, possibly with bugs.
> So stuborn as a matter of fact, that I patched qmail-smptd this weekend
> to read a new control file which I called ipaddrallowed. In which I can
> put things like 192.168. or a full IP addr. If the source address of
> the client (as found via 'remoteip') matches those in the file, then the
> connect/relay is allowed.
tcpserver's tcprules files already allow exactly this, with IP address or
host/domain names:
192.168.:allow,RELAYCLIENT="" # Allow LAN clients to relay
24.67.65.132:reject # Known spammer, don't let him in at all
foo.bar.example.com:allow,RELAYCLIENT="" # Let John relay
.example.net:allow,RELAYCLIENT="" # as well as this broken ISP
:allow # All others can connect, but not relay
> That way, I can have only my domain in rcpthosts, but allow my other clients
> access.
You're misunderstanding the purpose of rcpthosts. It's only supposed to
contain the domains for which you act as either a primary or backup mail
exchanger.
> Since I'm on a private network and behind a firewall, I don't have to worry
> about spoofed source addresses.
With TCP, you don't need to worry about them either. But if you're concerned,
tcpserver has paranoid mode to do forward- and reverse-correlation of DNS
entries.
Now that you've written code to do some of this for qmail-smtpd, what would
happen if you wanted exactly the same features with qmail-qmtpd, or
qmail-pop3d, or fingerd? With djb's modular approach, you don't need to
rewrite a single line of code. tcpserver "just works" for all of them.
Charles
--
-----------------------------------------------------------------------
Charles Cazabon <[EMAIL PROTECTED]>
GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/
Any opinions expressed are just that -- my opinions.
-----------------------------------------------------------------------
