On 2007-08-17, at 2113, Trey Nolen wrote:
I would suggest starting another instance of qmail-smtpd on port
587 that does not use the rbls, and has its own tcp.submpt.cdb
that allows anyone to connect, but does not ever set RELAYCLIENT.
This allows all addresses, but will only allow relay for
authenticated users.
Port 587, is the default port for this kind of operation.
Thanks. We will start that, too. But, we do have a number of
clients that are ALREADY using port 25 for smtp-auth. Is there any
way to keep them from being affected by the rblmtpd? For instance,
is there a way to pass a variable to tcpserver if the connection is
authenticated via smtp-auth?
no, because there's no way for tcpserver to know whether or not a
valid AUTH command will be sent. remember that qmail-smtpd would be
accepting the AUTH command, and rblsmtpd runs before qmail-smtpd does.
the correct answer is to create one or more AUTH-only SMTP services,
preferably also "encrypted only" for security, and tell your users
that they must use those instead. i'm not sure which patches you're
using, but my combined patch has support for both of these features
(i.e. it won't accept any MAIL commands until a valid AUTH command
has been sent, and it won't accept any AUTH commands unless the
connection is secured.) i *think* both of these features are
available in other patches but i will admit that i'm not 100%
familiar with them- i'm sure if you can tell us which patches you're
using, somebody on the list will be able to give you some quick
directions for how to set this up.
if you're not married to any particular patch, here's the info
regarding mine. do your research and make see if it will work for
you, if so you're (obviously) welcome to use it.
http://qmail.jms1.net/patches/combined.shtml
http://qmail.jms1.net/smtp-service.shtml
http://qmail.jms1.net/tls-auth.shtml
| John M. Simpson--- KG4ZOW ---Programmer At Large |
| http://www.jms1.net/ <[EMAIL PROTECTED]> |
| http://video.google.com/videoplay?docid=-1656880303867390173 |
PGP.sig
Description: This is a digitally signed message part