No security issues, just disabling MX check for
recipients affect your relay users.
This MX check IMHO __only__pretend__ to help YOUR
users don't make mistakes in domain part of the email address of the recipient,
when sending OUTSIDE your mailbox.
The real effect is that temporary DNS problems on the
recipients infraestructure (for example, a DNS server not responding, it happens
more than you think, since people tend to use BIND ( eric :-P :-P)), that should
be temporary (your toaster must accept the message and try to send 'til the
MX problem is fixed or bounces it if the message is in the queue for too long),
become a permanent error to the user (and you probably get nasty phone calls
complaining), instead a bounce.
I did
disable that check in chkuser with no problem at all.
In my
humble opinion, chkuser is a lil' too much paranoid.
I have
too nasty non-that-standard email ids like john&[EMAIL PROTECTED], and is
a burden to recompile qmail-smtpd to append '&'
characters to valid ones for recipients and senders
in chkuser.h
Just
my 2 cents
*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
|
David Sanchez
Martin
|
[EMAIL PROTECTED]
Administrador de
Sistemas
| http://www.e2000.es
E2000 Nuevas
Tecnologias
|
|
E2000 Organizacion de Empresarios | Tel
: +34 902 19 61 77
Mediadores de
Seguros
|
|
Agustin Bravo Esquina Calle C
|
33120 Pravia Asturias
Spain
|
|
*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
De: Bill Kwok [mailto:[EMAIL PROTECTED]
Enviado el: miércoles, 08 de noviembre de 2006 8:49
Para: [email protected]
Asunto: Re: [qmailtoaster] disabling CHKUSER_RCPT_MX?
I don't have much concern about it. Especially when some of the
senders / recipients use a not-that-standard email ID, such as having '&' or
'/' characters in the email ID, you have to disable that rules anyway.
Best regards,
Bill
On 11/8/06, Quinn
Comendant <[EMAIL PROTECTED]> wrote:
Ok, that was easy enough. Actually instead of modifying the sleep length, I found it more convenient to just stop the rpmbuild job (control z) and edit chkuser_settings.h, the restart the rpmbuild job (fg return).
Regarding disabling CHKUSER_RCPT_MX. And regrets to doing so? Works great for me, but I'm not completely aware if this opens any security exploits.
Quinn
On Wed, 8 Nov 2006 14:56:26 +0800, Bill Kwok wrote:
> You have to rebuild qmail. See the procedure provided by Nick Hemmesch:
>
> Nick Hemmesch wrote:
>>
>> The easy way:
>>
>> rpm -Uvh qmail-toaster*.src.rpm
>>
>> cd /usr/src/redhat/SPECS (assuming you are using CentOS 4)
>>
>> edit qmail-toaster.spec
>>
>> find 'sleep 5' (should be line 606)
>>
>> change 5 to 300 (5 seconds to 300 seconds)
>>
>> rpmbuild -bb --with cnt40 qmail-toaster.spec
>>
>> When the build process pauses, make your changes. You have 5 minutes.
>>
>> edit /usr/src/redhat/BUILD/qmail- 1.03/chkuser_settings.h as you wish
>>
>> Save your changes and wait for the 300 seconds to expire and
>> watch it build.
>>
>> cd ../RPMS/i386/
>>
>> qmailctl stop
>>
>> rpm -Uvh --replacefiles --replacepkgs qmail-*.rpm
>>
>> qmailctl start
>>
>>
> On 11/8/06, Lucian Cristian <[EMAIL PROTECTED] > wrote:
>> Quinn Comendant wrote:
>>> Is there an easy way to disable CHKUSER_RCPT_MX or do I need to
>> recompile chkuser?
>>>
>>> It seems this one should be disabled by default. It is pretty
>> annoying to be sending an email to a couple dozen people and not be
>> able to send because one domain is wrong -- then having to go over
>> the list manually with your human eye-balls. That's the job of the
>> computer tell me which domain is missing MX records (even if via a
>> bounce message).
>>>
>>> Quinn
>>>
>>> ---------------------------------------------------------------------
>>> QmailToaster hosted by: VR Hosted <http://www.vr.org>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>>> For additional commands, e-mail: [EMAIL PROTECTED]
>>>
>>>
>> I couldn't disable it even if I disabled the lines in
>> chkuser_settings.h and recompiled it.
>>
>> ---------------------------------------------------------------------
>> QmailToaster hosted by: VR Hosted <http://www.vr.org>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>
>
>
> --
> Best regards,
> Bill
---------------------------------------------------------------------
QmailToaster hosted by: VR Hosted < http://www.vr.org>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
BEGIN:VCARD VERSION:2.1 N:Sánchez Martín;David FN:[EMAIL PROTECTED] ([EMAIL PROTECTED]) ORG:E2000 Financial Investments, S.A.;Centro de Nuevas Tecnologías TITLE:Administrador de Sistemas TEL;WORK;VOICE:902196177 ADR;WORK;ENCODING=QUOTED-PRINTABLE:;;Agust=EDn Bravo 17 2=BA B=0D=0A33120 PRAVIA;Asturias;;;Espa=F1a LABEL;WORK;ENCODING=QUOTED-PRINTABLE:Agust=EDn Bravo 17 2=BA B=0D=0A33120 PRAVIA=0D=0AAsturias=0D=0AEspa=F1a URL;WORK:http://www.e2000.es EMAIL;PREF;INTERNET:[EMAIL PROTECTED] REV:20060705T152542Z END:VCARD
---------------------------------------------------------------------
QmailToaster hosted by: VR Hosted <http://www.vr.org>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
