On Friday 29 Apr 2005 05:59, Bill D'Anjou wrote: > Could someone provide an example or two of how to modify this file so that > tcpserver runs in paranoid mode - and returns an error message to servers > with bad (reverse) DNS. > > Thank-you. > > #!/bin/sh > QMAILDUID=`id -u vpopmail` > NOFILESGID=`id -g vpopmail` > MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` > exec /usr/local/bin/softlimit -m 8000000 \ > /usr/local/bin/tcpserver -v -H -R -l 0 \ > -x /home/vpopmail/etc/tcp.smtp.cdb -c "$MAXSMTPD" \ > -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \ > /var/qmail/bin/qmail-smtpd \ > /home/vpopmail/bin/vchkpw /bin/true 2>&1
I think you need a -p in there from cr.yp.to/ucspi-tcp/tcpserver.html -p: Paranoid. After looking up the remote host name in DNS, look up the IP addresses in DNS for that host name, and remove the environment variable $TCPREMOTEHOST if none of the addresses match the client's IP address. I haven't used this, but it might work with Maciej's patch also, see http://www.qmail.org/top.html search for 'reverse' HTH -- ----------------- Bob Hutchinson Midwales dot com -----------------
