At 03:30 PM 8/16/2001 +0200, Johan Almqvist wrote:
>* Martin <[EMAIL PROTECTED]> [010816 15:01]:
>
> > Well I have a number of items in the tcprules database tcp.smtp which I
> > updated the cdb with :
> > tcprules /etc/tcp.smtp.cdb /etc/tcp.smtp.tmp < /etc/tcp.smtp
>
>Ok.
>
> > 208.179.97.10:deny
> > [EMAIL PROTECTED]:deny
> > s2u2.com:deny
> > I tested the IP by doing :-
> > setenv TCPREMPTEIP 208.179.97.10
> > tcprulescheck /etc/tcp.smtp.cdb
> > and successfully get rule 208.179.97.10 deny.
>
>Good, but not quite right...
>
> > Problem #1
> > I have tried using TCPREMOTEHOST and TCPREMOTEINFO and it fails ie. they
> > are allowed.
>
>Have you not read the documentation for tcprules?
I have. It`s printed out. But they are not clear. as per the docs. The few
examples mainly relate to IP addresses. Except for one host example.
e.g. - tcprules.html Second page. For example, here are some rules:
[EMAIL PROTECTED]:first
etc.
No = in that example.
>A rule with a hostname need to look like this:
>=s2u2.com:deny
>(note the =) and make sure that reverse lookup is activated in your
>startup script...
>
>If you use @, this will check against the ident info for the connection,
>not the email address...
>
> > Problem #2
> > Further, I noted I received a mail from [EMAIL PROTECTED] to one account, even
> > though this should have been denied.
> > I then tried mconnect and tried several addresses of the form host@domain
> > of e-mail addresses AND domains and the mails were successfully received,
> > ie. despite having deny against those addresses and domains, the mails
> > were successfully delivered.
> > Any hints ?
>
>E-mail addresses can't be blocked with tcprules. They are blocked in
>/var/qmail/control/badmailfrom
Are you saying that e-mail addresses can`t be denied, but they are allowed e.g.
[EMAIL PROTECTED]:allow apparently is legal but
[EMAIL PROTECTED]:deny is not.???
Does anyone have a better document that gives more explicit examples and
descriptions.
http://cr.yp.to/ucspi-tcp has to be the worst of al djb`s documents in my
opinion
>man qmail-smtpd
>
>
>
>
>-Johan
Thanks Johan.
