David Means <[EMAIL PROTECTED]> wrote:
> 
> I believe your points are valid.  But I'm just stuborn, I suppose :)

Perhaps.  More importantly, you're re-inventing the wheel, possibly with bugs.

> So stuborn as a matter of fact, that I patched qmail-smptd this weekend
> to read a new control file which I called ipaddrallowed.  In which I can
> put things like 192.168. or a full IP addr.  If the source address of
> the client (as found via 'remoteip') matches those in the file, then the
> connect/relay is allowed.

tcpserver's tcprules files already allow exactly this, with IP address or
host/domain names:

192.168.:allow,RELAYCLIENT=""   # Allow LAN clients to relay
24.67.65.132:reject             # Known spammer, don't let him in at all
foo.bar.example.com:allow,RELAYCLIENT=""    # Let John relay
.example.net:allow,RELAYCLIENT=""           # as well as this broken ISP
:allow                          # All others can connect, but not relay

> That way, I can have only my domain in rcpthosts, but allow my other clients
> access.

You're misunderstanding the purpose of rcpthosts.  It's only supposed to
contain the domains for which you act as either a primary or backup mail
exchanger.

> Since I'm on a private network and behind a firewall, I don't have to worry
> about spoofed source addresses.

With TCP, you don't need to worry about them either.  But if you're concerned,
tcpserver has paranoid mode to do forward- and reverse-correlation of DNS
entries.

Now that you've written code to do some of this for qmail-smtpd, what would
happen if you wanted exactly the same features with qmail-qmtpd, or
qmail-pop3d, or fingerd?  With djb's modular approach, you don't need to
rewrite a single line of code.  tcpserver "just works" for all of them.

Charles
-- 
-----------------------------------------------------------------------
Charles Cazabon                            <[EMAIL PROTECTED]>
GPL'ed software available at:  http://www.qcc.sk.ca/~charlesc/software/
Any opinions expressed are just that -- my opinions.
-----------------------------------------------------------------------

Reply via email to