Elliot F wrote:
Currently, the check_relay checks for both relaying clients and rcpt
hosts. I split the existing check_relay plugin into "set_relay", and
"check_rcpthosts". The "set_relay" is the very first plugin to fire,
setting relay_client (or not) if $ENV{RELAYCLIENT} exists (as I'm using
tcpserver).
Except then you are missing the AUTH users by doing it that way. For
most people's purposes, AUTH users are completely equivalent to local
network users. The problem is that you know whether they are a
RELAYCLIENT during the connect phase, but you don't know the AUTH until
the transaction actually starts (after HELO/EHLO but before MAIL FROM:).
Actually, you must not be running recent code, because currently
check_relay only tests $ENV{RELAYCLIENT}, relayclients, and
morerelayclients (the latter two being qmail config files). The rcpt_ok
plugin does the rcpthosts test, and is intended to run last of all of
the rcpt plugins.
I also did it because I differentiate between a local address and a rcpt
address.
I don't understand why you want to do this. As I said above, anyone who
is a RELAYCLIENT or AUTH'd can send e-mail anywhere, local or foreign.
You can still do your LDAP test, but it is just one of several rcpt checks.
John
- Re: NOT reject authenicated users? John Peacock
-
