Hi Peter,
At 17:24 31.03.04 +0200, you wrote:
Hello Erwin,
On Wednesday, March 31, 2004 at 10:09:29 AM you wrote (at least in
part):
In case a client is accepted via pop-4-smtpd, the $RELAYCLIENT environment
variable is set. It might be useful to define this variable explicitely,
ie. RELAYCLIENT=PB4S.
No. It will, for sure, not be useful.
I somehow disagree.
,- [ man qmail-smtpd ]
| [...]
| Exception: If the environment variable RELAYCLIENT is
| set, qmail-smtpd will ignore rcpthosts, and will
| append the value of RELAYCLIENT to each incoming
| recipient address.
| [...]
`-
Setting RELAYCLIENT to something different than an empty string is
only useful when one KNOWS what he/she does. The overwhelming majority
only wants RELAYCLIENT unlocks relay restrictions and therefore has to
set it empty.
Yes. But this is *EXACTLY* what we want.
The reason is twofold:
1. Relayclients which are identfied by - let's say - static IP addresses
(ie. NOT by POP-b4-SMTP) have RELAYCLIENT=.
2. Relayclients identfied by POP-b4-SMTP carrying RELAYCLIENT=P4S (sample).
Ok. qmail-smtpd will append this string to the Recipient address ([EMAIL PROTECTED]
= [EMAIL PROTECTED]). However, using ie. ksh capabilities you can do
${RECIPIENT%P4S} thus retaining the old RECIPIENT variable.
Check it and call qmail-smtpd without any arguments.
In case the variable is not set or empty, call qmail-smtpd with the proper
SMTP Auth args.
This whole wrapper-stuff should not be necessary. If tcpserver sets
RELAYCLIENT due to .cdb or SQL-lookup it'll be passed to qmail-smtpd.
qmail-smtpd than will allow relaying even w/o SMTP-Auth.
Correct.
I'm running a SMTP which offers SMTP-Auth and POP3-b4-SMTP and it
works w/o any wrappers at all. The SMTP-Auth patch simply sets
RELAYCLIENT for qmail-smtpd /WHEN/ someone authenticated successful,
if not the formerly set RELAYCLIENT (passed as ENV-var from tcpserver,
when set) is not reset when authentication fails.
@Joel:
How about this: Copy your current qmail-smtpd invocation, remove all
the 'qmail-smtpd foo bar bla' stuff and replace it with a simply
'/usr/bin/env'. Make the tcpserver listen on port 26. Prepend an
environment clearing 'env' call. Start the stuff on command line. It
can be something similar to this:
env -i PATH=/var/qmail/bin:/usr/local/bin tcpserver -vRX \
0 26 /usr/bin/env
(plus adding the stuff necessary for tcpserver reading the database
for potentially set environment vars like RELAYCLIENT)
Than connect to this server from a client-IP that should be set to
relaying allowed (e.g. by formerly executed POP3 authentication):
telnet $SERVER 26
You should see a line with PATH=... and some TCPREMOTExxx and
TCPLOCALxxx lines. Additionally you should see a line 'RELAYCLIENT='.
If this is there and your qmail-smtpd invocation looks up the same
database for possible RELAYCLIENT settings try this:
telnet $SERVER 35
EHLO _
MAIL FROM:
RCPT TO:[EMAIL PROTECTED]
QUIT
If this fails: please post the error you get, your qmail-smtpd startup
script and the result of above 'env'-test.
But thats not the question:
Even if RELAYCLIENT is set, (the Auth patched) qmail-smtpd *WILL* ask for
Authentication.
If I understood correctly, thats *EXACTLY* what should be avoided.
regards.
--eh.
Dr. Erwin Hoffmann | FEHCom | http://www.fehcom.de/
Wiener Weg 8, 50858 Cologne | T: +49 221 484 4923 | F: ...24