Dave Rolsky wrote:
> I wanted to allow for my server to send mail via direct SMTP connections
> locally but still block other servers that claim to be one of my local
> domains, so I wrote a plugin to do this, which can be seen at
> https://svn.urth.org/svn/qpsmtpd-plugins/trunk/check_forged_local_domain
I don't know that this is the best way to accomplish this task, however. What
you are doing is blocking in the HELO hook instead of in one of the relay_client
tests in the connect/rcpt hooks. What can you do with this that you cannot
accomplish by adding hosts to the relay_clients config?
If it helps, I have a trivial plugin which refuses any connection that isn't a
relay_client, so I can have a public server which will not accept mail like the
two MX boxes except for trusted hosts or AUTH clients. This is it called
relay_only:
sub hook_rcpt {
if ( shift->qp->connection->relay_client ) {
return (OK);
}
else {
return (DENY);
}
}
and it needs to run after check_relay and before any other RCPT hooks.
> One thing that would make this nicer would be if the server knew what IP
> addresses it is listening on. Unfortunately, this information is not
> passed from the daemon-running script into the main code.
In the general case, that may not be possible to provide. If the master process
is listening to all interfaces (0.0.0.0) then it would only be possible to get
all of the possible IP addresses from iterating them at the operating system
level. The master process simply doesn't have the information to provide.
John
