Hi Peter,

At 17:24 31.03.04 +0200, you wrote:
>Hello Erwin,
>On Wednesday, March 31, 2004 at 10:09:29 AM you wrote (at least in
>> In case a client is accepted via pop-4-smtpd, the $RELAYCLIENT environment
>> variable is set. It might be useful to define this variable explicitely,
>No. It will, for sure, not be useful.

I somehow disagree.

>,----- [ man qmail-smtpd ]
>| [...]
>|  Exception: If the environment variable RELAYCLIENT is
>|  set,  qmail-smtpd  will  ignore  rcpthosts,  and will
>|  append the value  of  RELAYCLIENT  to  each  incoming
>|  recipient address.
>| [...]
>Setting RELAYCLIENT to something different than an empty string is
>only useful when one KNOWS what he/she does. The overwhelming majority
>only wants RELAYCLIENT unlocks relay restrictions and therefore has to
>set it empty.

Yes. But this is *EXACTLY* what we want.

The reason is twofold:

1. Relayclients which are identfied by - let's say - static IP addresses
(ie. NOT by POP-b4-SMTP) have RELAYCLIENT="".
2. Relayclients identfied by POP-b4-SMTP carrying RELAYCLIENT="P4S" (sample).
Ok. qmail-smtpd will append this string to the Recipient address ([EMAIL PROTECTED]
=> [EMAIL PROTECTED]). However, using ie. ksh capabilities you can do
${RECIPIENT%P4S} thus retaining the old RECIPIENT variable.

>> Check it and call qmail-smtpd without any arguments.
>> In case the variable is not set or empty, call qmail-smtpd with the proper
>> SMTP Auth args.
>This whole wrapper-stuff should not be necessary. If tcpserver sets
>RELAYCLIENT due to .cdb or SQL-lookup it'll be passed to qmail-smtpd.
>qmail-smtpd than will allow relaying even w/o SMTP-Auth.


>I'm running a SMTP which offers SMTP-Auth and POP3-b4-SMTP and it
>works w/o any wrappers at all. The SMTP-Auth patch simply sets
>RELAYCLIENT for qmail-smtpd /WHEN/ someone authenticated successful,
>if not the formerly set RELAYCLIENT (passed as ENV-var from tcpserver,
>when set) is not reset when authentication fails.
>How about this: Copy your current qmail-smtpd invocation, remove all
>the 'qmail-smtpd foo bar bla' stuff and replace it with a simply
>'/usr/bin/env'. Make the tcpserver listen on port 26. Prepend an
>environment clearing 'env' call. Start the stuff on command line. It
>can be something similar to this:
>env -i PATH=/var/qmail/bin:/usr/local/bin tcpserver -vRX \
> 0 26 /usr/bin/env
>(plus adding the stuff necessary for tcpserver reading the database
>for potentially set environment vars like RELAYCLIENT)
>Than connect to this server from a client-IP that should be set to
>"relaying allowed" (e.g. by formerly executed POP3 authentication):
>telnet $SERVER 26
>You should see a line with PATH=... and some TCPREMOTExxx and
>TCPLOCALxxx lines. Additionally you should see a line 'RELAYCLIENT='.
>If this is there and your qmail-smtpd invocation looks up the same
>database for possible RELAYCLIENT settings try this:
>telnet $SERVER 35
>If this fails: please post the error you get, your qmail-smtpd startup
>script and the result of above 'env'-test.

But thats not the question:

Even if RELAYCLIENT is set, (the Auth patched) qmail-smtpd *WILL* ask for

If I understood correctly, thats *EXACTLY* what should be avoided.


Dr. Erwin Hoffmann | FEHCom | http://www.fehcom.de/
Wiener Weg 8, 50858 Cologne | T: +49 221 484 4923 | F: ...24

Reply via email to