Re: [vchkpw] smtp-auth and rblsmtpd

2007-08-18 Thread Trey Nolen 
Thanks for the info.  



Trey Nolen

- Original Message - 
From: "John Simpson" <[EMAIL PROTECTED]>

To: 
Sent: Saturday, August 18, 2007 7:28 PM
Subject: Re: [vchkpw] smtp-auth and rblsmtpd

Re: [vchkpw] smtp-auth and rblsmtpd

2007-08-18 Thread John Simpson 

On 2007-08-17, at 2113, Trey Nolen wrote:
I would suggest starting another instance of qmail-smtpd on port  
587 that does not use the rbls, and has its own tcp.submpt.cdb  
that allows anyone to connect, but does not ever set RELAYCLIENT.   
This allows all addresses, but will only allow relay for  
authenticated users.


Port 587, is the default port for this kind of operation.


Thanks.  We will start that, too.   But, we do have a number of  
clients that are ALREADY using port 25 for smtp-auth.  Is there any  
way to keep them from being affected by the rblmtpd?  For instance,  
is there a way to pass a variable to tcpserver if the connection is  
authenticated via smtp-auth?


no, because there's no way for tcpserver to know whether or not a  
valid AUTH command will be sent. remember that qmail-smtpd would be  
accepting the AUTH command, and rblsmtpd runs before qmail-smtpd does.


the correct answer is to create one or more AUTH-only SMTP services,  
preferably also "encrypted only" for security, and tell your users  
that they must use those instead. i'm not sure which patches you're  
using, but my combined patch has support for both of these features  
(i.e. it won't accept any MAIL commands until a valid AUTH command  
has been sent, and it won't accept any AUTH commands unless the  
connection is secured.) i *think* both of these features are  
available in other patches but i will admit that i'm not 100%  
familiar with them- i'm sure if you can tell us which patches you're  
using, somebody on the list will be able to give you some quick  
directions for how to set this up.


if you're not married to any particular patch, here's the info  
regarding mine. do your research and make see if it will work for  
you, if so you're (obviously) welcome to use it.


http://qmail.jms1.net/patches/combined.shtml
http://qmail.jms1.net/smtp-service.shtml
http://qmail.jms1.net/tls-auth.shtml


| John M. Simpson---   KG4ZOW   ---Programmer At Large |
| http://www.jms1.net/ <[EMAIL PROTECTED]> |

| http://video.google.com/videoplay?docid=-1656880303867390173 |





PGP.sig
Description: This is a digitally signed message part