On Tue, 15 Jul 2003 13:55:34 +0200 Bård Tommy Nilsen wrote:
[Quoting fixed, top posting is bad to read and reply]
>>> When I tried to relay trough my test server with an to Address that
>>> matched one domain in rcpthost it accepts the relay.
>> Well ... what do you think 'rcpthosts' is for?
>> You have no idea? READ THE FU^HINE MANUAL!
>> It would be a bug if qmail did _NOT_ accept the mail adressed to somebody
>> whos domain is in 'rcpthosts', unless the recipients address is blocked
>> otherwise, e.g. by 'badmailto' or 'chkusr' patch.
> Sorry for starting the discussion.
> If I set up an script that generates mail from one adress in the rcpthost to
> Another adress in rcpthost I can fill every mailbox on the server ...
*erm* Sorry. If _YOU_ write a script that tries to fill up mailboxes
under _YOUR CONTROL_, why and how should qmail prevent you from doing
> I thought that smtp auth should prevent that anyone could send
> messages through the Server without being authenticated ...
No. SMTP-AUTH *CLEARLY* states it is there for allowing selective
*RELAY*, not selective *SENDING*.
> But I you do it this way you can RELAY without Being smtp
No. You _CAN'T_, unless you defined environment variable 'RELAYCLIENT'
in any other way, e.g. by 'tcp.smtp.cdb'. For '127.' this variable
usually is set, so a script connecting to port 25 from your server to
your server usually _will have_ this variable set and therefore would
even be allowed to 'relay', albeit sending mails to a domain in
'rcpthosts' and 'virtualdomains' (or 'locals') ain't relaying.
If you don't want anybody being able to send messages to your qmail,
unless he/she authenticated him-/herself with SMTP-AUTH clear your
'rcpthosts' file. But this _WILL_ prevent your qmail from acting
correctly as 'MX', because external SMTP servers trying to deliver
messages to your system will, usually, not SMTP authenticate, simply
because they don't know how to authenticate on your system.