Re: [vchkpw] Re: submission port 587
Check bill shupp site you can find anything you need Inviato da iPhone Il giorno Sep 11, 2010, alle ore 23:25, Eric Shubert e...@shubes.net ha scritto: The 'stock' qmail-toaster (http://qmailtoaster.com) contains this. The only difference between the smtp/run and submission/run files is that the submission/run file contains the -H flag for tcpserver, and: export REQUIRE_AUTH=1 which tells the authentication patch to always authenticate. qmail-toaster includes the following patch: Jean-Paul van de Plasse - REQUIRE_AUTH Patch which is what checks the REQUIRE_AUTH environment variable. You'll need to do some searching to find that patch, or grab it from the qmail-toaster srpm package. HTH. -- -Eric 'shubes' jeffk...@intersessions.com wrote: Hi Thiago – thanks – I’ll give this a try. Jeff *From:* Thiago Bujnowski - Ticonnect Solutions [mailto:tbujnow...@ticonnect.com.br] *Sent:* Saturday, September 11, 2010 9:43 PM *To:* vchkpw@inter7.com *Subject:* Re: [vchkpw] submission port 587 You can just create another directory at /var/qmail/supervise with a run file running on port 587 and using a different tcp.smtp file. I wanted separeted processes for internal and external incoming mail at my MX server. Here is how I did it: - I followed a regular instalation as described in lifewithqmail + smtpauth. - Instaled Vpopmail - Applied the chkuser patch - Instead of replacing qmail-smtp at /var/qmail/bin I renamed the patched file to qmail-mx and copied into it. - Created a /var/qmail/supervise/qmail-mx folder and modified the run file to use qmail-mx instead of qmail-smtp binary and tcp.mx.cdb instead of tcp.smtp.cdb, and chaged the listening IP. (You your case, you should modify the listening port to 587) - Created the link at /service - Modified qmailctl adding the qmail-mx process. (Also generating the tcp.mx.cdb file from tcp.mx) It works like a charm for me and I think you could just adapt the overall idea fitting your needs. There is just one inconvenience with this setup. The config files for qmail (rcpthosts and etc..) must be the same for both processes. It would require further modifications on qmail-smtp.c to use diferent config files for each process. Your new CDB file should have no open relays allowing only authenticated mail to pass through. That should do the trick. Does anyone have a better suggestion? Regards, Thiago Bujnowski *From:* Rick Macdougall mailto:ri...@ummm-beer.com *Sent:* Saturday, September 11, 2010 9:57 PM *To:* vchkpw@inter7.com mailto:vchkpw@inter7.com *Subject:* Re: [vchkpw] submission port 587 Sorry for the top post, on my IPod. If no one answers before tomorrow, I'll reply when I get on my computer. It's pretty straight forward. Rick On 2010-09-11, at 18:39, jeffk...@intersessions.com mailto:jeffk...@intersessions.com wrote: This may be the wrong forum for this but I can’t seem to find any info. Does anyone have information on how to setup a second SMTP process within qmail that listens on port 587 and accepts ONLY authenticated smtp connections? In this scenario port 25 would accept normal smtp (non-relay) and smtp-auth traffic but now could also be filtered to block dynamic IP ranges. Thanks, Jeff Koch !DSPAM:4c8cdccb32713523326026!
RE: [vchkpw] Re: submission port 587
Hi Remo: Actually we do use Bill Shupp's toaster and find his instructions very easy to follow. Unfortunately it's been over three years since he's updated his toaster and, I far as I can tell, there are NO instructions for adding an SMTP-AUTH only submission port on 587 in addition to the main smtp port on 25. If you found some special instructions please let me know. Jeff Koch -Original Message- From: Remo Mattei [mailto:r...@italy1.com] Sent: Sunday, September 12, 2010 9:59 AM To: vchkpw@inter7.com Cc: vchkpw@inter7.com Subject: Re: [vchkpw] Re: submission port 587 Check bill shupp site you can find anything you need Inviato da iPhone Il giorno Sep 11, 2010, alle ore 23:25, Eric Shubert e...@shubes.net ha scritto: The 'stock' qmail-toaster (http://qmailtoaster.com) contains this. The only difference between the smtp/run and submission/run files is that the submission/run file contains the -H flag for tcpserver, and: export REQUIRE_AUTH=1 which tells the authentication patch to always authenticate. qmail-toaster includes the following patch: Jean-Paul van de Plasse - REQUIRE_AUTH Patch which is what checks the REQUIRE_AUTH environment variable. You'll need to do some searching to find that patch, or grab it from the qmail-toaster srpm package. HTH. -- -Eric 'shubes' jeffk...@intersessions.com wrote: Hi Thiago – thanks – I’ll give this a try. Jeff *From:* Thiago Bujnowski - Ticonnect Solutions [mailto:tbujnow...@ticonnect.com.br] *Sent:* Saturday, September 11, 2010 9:43 PM *To:* vchkpw@inter7.com *Subject:* Re: [vchkpw] submission port 587 You can just create another directory at /var/qmail/supervise with a run file running on port 587 and using a different tcp.smtp file. I wanted separeted processes for internal and external incoming mail at my MX server. Here is how I did it: - I followed a regular instalation as described in lifewithqmail + smtpauth. - Instaled Vpopmail - Applied the chkuser patch - Instead of replacing qmail-smtp at /var/qmail/bin I renamed the patched file to qmail-mx and copied into it. - Created a /var/qmail/supervise/qmail-mx folder and modified the run file to use qmail-mx instead of qmail-smtp binary and tcp.mx.cdb instead of tcp.smtp.cdb, and chaged the listening IP. (You your case, you should modify the listening port to 587) - Created the link at /service - Modified qmailctl adding the qmail-mx process. (Also generating the tcp.mx.cdb file from tcp.mx) It works like a charm for me and I think you could just adapt the overall idea fitting your needs. There is just one inconvenience with this setup. The config files for qmail (rcpthosts and etc..) must be the same for both processes. It would require further modifications on qmail-smtp.c to use diferent config files for each process. Your new CDB file should have no open relays allowing only authenticated mail to pass through. That should do the trick. Does anyone have a better suggestion? Regards, Thiago Bujnowski *From:* Rick Macdougall mailto:ri...@ummm-beer.com *Sent:* Saturday, September 11, 2010 9:57 PM *To:* vchkpw@inter7.com mailto:vchkpw@inter7.com *Subject:* Re: [vchkpw] submission port 587 Sorry for the top post, on my IPod. If no one answers before tomorrow, I'll reply when I get on my computer. It's pretty straight forward. Rick On 2010-09-11, at 18:39, jeffk...@intersessions.com mailto:jeffk...@intersessions.com wrote: This may be the wrong forum for this but I can’t seem to find any info. Does anyone have information on how to setup a second SMTP process within qmail that listens on port 587 and accepts ONLY authenticated smtp connections? In this scenario port 25 would accept normal smtp (non-relay) and smtp-auth traffic but now could also be filtered to block dynamic IP ranges. Thanks, Jeff Koch !DSPAM:4c8d770232711197767315!
Re: [vchkpw] Re: submission port 587
I use the patch from bill and I created a rule on my firewall that goes on port 25 so when I travel I can use upper ports and u have to auth on both port anyhow Inviato da iPhone Il giorno Sep 12, 2010, alle ore 18:57, jeffk...@intersessions.com ha scritto: Hi Remo: Actually we do use Bill Shupp's toaster and find his instructions very easy to follow. Unfortunately it's been over three years since he's updated his toaster and, I far as I can tell, there are NO instructions for adding an SMTP-AUTH only submission port on 587 in addition to the main smtp port on 25.. If you found some special instructions please let me know. Jeff Koch -Original Message- From: Remo Mattei [mailto:r...@italy1.com] Sent: Sunday, September 12, 2010 9:59 AM To: vchkpw@inter7.com Cc: vchkpw@inter7.com Subject: Re: [vchkpw] Re: submission port 587 Check bill shupp site you can find anything you need Inviato da iPhone Il giorno Sep 11, 2010, alle ore 23:25, Eric Shubert e...@shubes.net ha scritto: The 'stock' qmail-toaster (http://qmailtoaster.com) contains this. The only difference between the smtp/run and submission/run files is that the submission/run file contains the -H flag for tcpserver, and: export REQUIRE_AUTH=1 which tells the authentication patch to always authenticate. qmail-toaster includes the following patch: Jean-Paul van de Plasse - REQUIRE_AUTH Patch which is what checks the REQUIRE_AUTH environment variable. You'll need to do some searching to find that patch, or grab it from the qmail-toaster srpm package. HTH. -- -Eric 'shubes' jeffk...@intersessions.com wrote: Hi Thiago – thanks – I’ll give this a try. Jeff *From:* Thiago Bujnowski - Ticonnect Solutions [mailto:tbujnow...@ticonnect.com.br] *Sent:* Saturday, September 11, 2010 9:43 PM *To:* vchkpw@inter7.com *Subject:* Re: [vchkpw] submission port 587 You can just create another directory at /var/qmail/supervise with a run file running on port 587 and using a different tcp.smtp file. I wanted separeted processes for internal and external incoming mail at my MX server. Here is how I did it: - I followed a regular instalation as described in lifewithqmail + smtpauth. - Instaled Vpopmail - Applied the chkuser patch - Instead of replacing qmail-smtp at /var/qmail/bin I renamed the patched file to qmail-mx and copied into it. - Created a /var/qmail/supervise/qmail-mx folder and modified the run file to use qmail-mx instead of qmail-smtp binary and tcp.mx.cdb instead of tcp.smtp.cdb, and chaged the listening IP. (You your case, you should modify the listening port to 587) - Created the link at /service - Modified qmailctl adding the qmail-mx process. (Also generating the tcp.mx.cdb file from tcp.mx) It works like a charm for me and I think you could just adapt the overall idea fitting your needs. There is just one inconvenience with this setup. The config files for qmail (rcpthosts and etc..) must be the same for both processes. It would require further modifications on qmail-smtp.c to use diferent config files for each process. Your new CDB file should have no open relays allowing only authenticated mail to pass through. That should do the trick. Does anyone have a better suggestion? Regards, Thiago Bujnowski *From:* Rick Macdougall mailto:ri...@ummm-beer.com *Sent:* Saturday, September 11, 2010 9:57 PM *To:* vchkpw@inter7.com mailto:vchkpw@inter7.com *Subject:* Re: [vchkpw] submission port 587 Sorry for the top post, on my IPod. If no one answers before tomorrow, I'll reply when I get on my computer. It's pretty straight forward. Rick On 2010-09-11, at 18:39, jeffk...@intersessions.com mailto:jeffk...@intersessions.com wrote: This may be the wrong forum for this but I can’t seem to find any info. Does anyone have information on how to setup a second SMTP process within qmail that listens on port 587 and accepts ONLY authenticated smtp connections? In this scenario port 25 would accept normal smtp (non-relay) and smtp-auth traffic but now could also be filtered to block dynamic IP ranges. Thanks, Jeff Koch !DSPAM:4c8d87e332711912320825!
