I had the same problem, as a lots of people has according to this list..
the solution, or let's say workaround, i came up with is pretty ugly.
but hey! it works.

First, i got the relay-ctrl package from www.qmail.org somewhere,
installed it by reading the docs shipped with it. made the needed
changes to the imap.rc/imap-ssl.rc (see docs)

What is needed to be modified is the qmails rcscript, making the
tcpserver to use the envdir binary (from the daemontools package, if you
dont use daemontols, download and compile it, and snip the binary from
the compiled sorce tree and put it in some reasonable path).
made the changes to your qmail start script (see the docs).

restart qmail and courier. now you will have a relay that allows roaming
users to realy unitil whatever you set the RELAY_CTRL_EXPIRY variable
to, defaults is 900 seconds i think.

next, the tricky part... i made up a simple shells script looking like
this. I guess it could be possible to add the ipaddresses the script get
into a sql or cdb batabase. anyways, this does the job. 


# relay-ctrl-imap-tweek
# This script should be invoked from within roots crontab 
# instead of the relay-ctrl-age binary shipped with the 
# relay-ctrl package.

# Where do we find the conf files for realy-ctrl?

# Enable _ONE_ of these
#PORT="143" # IMAP
PORT="993"  # IMAPS

# Check what addreses are configured for relaying. 
# To end up in this list the client need to preform an
# authenticated login on the imap server.
for RELAY in `ls $RLCDIR/allow`; do

# First we need to find out what established conections we 
# have actually have.
# Let's sort them, and make sure we only get a single entry
# form each one, no matter how many connections we have from
# a single host, we just want it once.
NETS=`netstat --protocol=inet -n 2>/dev/null \
        | grep :"$PORT" | grep "$RELAY" \
        | grep ESTABLISHED \
        | awk '{print $5}' \
        | awk -F: '{print $1}' \
        | sort \
        | uniq`

    if [ "$RELAY" = "$NETS" ]; then
        # _IF_ we have an establised connection on
        # the right port, AND the address is configured 
        # to allow realying, THEN we touches the file 
        # in $RLCDIR/allow/, to increase the time the 
        #client should be allowed to use our SMTP.
        touch /var/qmail/relay-ctrl/allow/"$NETS"

        # It might be handy to set some sane ownership
        # and permissions on the file, making it possible 
        # for the imap daemon to owerwrite them, if the 
        # same ip conects again with another client. 
        # Masquerading firewalls comes in mind here...
        chown vpopmail.vchkpw /var/qmail/relay-ctrl/allow/"$NETS"
        chmod 666 /var/qmail/relay-ctrl/allow/"$NETS"


# Since this script is run every minute, it updates the 
# allowed relayhost just as often, we can safely set
# the value of $RLCDIR/RELAY_CTRL_EXPIRY to 300
# (seconds, 5 minutes). This will make it possible for
# the client host to send mails for 5 more minutes.
# You should not set this value to anything less,
# because some SMTP servers tries to preform auth/ident
# lookups of the sender (which most firewalls, as well 
# as mailservers reject nowadays anyway).
# Anyhow, i have been running this for about 5 mounts now,
# and there is no problem know with this settings, as long
# as the relay-ctrl is set up ok.

# Update the allowed relayhosts.
/usr/local/bin/envdir \
        $RCLDIR/conf \


On Wed, 2003-01-15 at 00:29, Bill Shupp wrote:
> On Tuesday, January 14, 2003, at 03:25  PM, Andrew Kohlsmith wrote:
> > That's a good point -- In my particular case authdaemon is not 
> > updating the
> > tcp.smtp.cdb file at all though.
> authdaemon does NOT pass the IP to vpopmail.  That's why you can't use 
> it if you want roaming IMAP users.
> Bill
i3 micro technology ab
Lars Gustafson
System Administrator
phone: +46(0)850638856

Reply via email to