Hello Bruno,

On Tuesday, June 14, 2005 at 2:29:58 PM Bruno wrote:

> Let me see if I understood your plan. You say that, in order to disable the
> RELAYCLIENT to just some accounts, and this way, setting them as 
> partially** internal-only, I should:

> 1 - Disable the pop-before-smtp scheme by recompiling vpopmail.
>     ( OR disable it just to a specific domain by
>     running "vmoduser -r domainname". ),
>     AND Remove the RELAYCLIENT variable for the whole network,
>     AND Enable the SMTP-AUTH scheme on the qmail server,
>     AND configure "full" accounts (not internal-only) to authenticate via
>     SMTP-AUTH.


> Is this what you planned?

Yes. As it was rather late yesterday when I wrote my mail I wasn't
100% concentrated. Sorry.

'vmoduser -r' will disable 'open_relay()'-calling when these users
authenticate via POP3 or IMAP. This way they wont end up in
'tcp.smtp.cdb' and RELAYCLIENT will not be set next time they

'vmoduser -rs' will disable relay *AND* disable SMTP-AUTH ability for
given e-mail-address, so even if they set up their MUA to do SMTP-AUTH
they'll not be allowed and therefore not gain RELAYCLIENT-privileges.

Only problem left: external *incoming* mail ... as far as I can see
there's no "ready to use" solution build into vpopmail; you'd have to
create '.qmail-*' files for every "no external mail allowed" that call
a script which checks if mail is sent from external.

This can for sure be made dynamic and used by creating a "template
.qmail" and (sym)linking the other .qmail files against it, so a
change affects all at the same time.

The script checking for external incoming can e.g. inspect
"$ENV{SENDER}" for internal domain and if not 'exit(100)' to bounce
the message. If the mail is internal simply 'exit(0)' and have
"|vdelivermail '' bounce-no-mailbox" in .qmail file.
Best regards
Peter Palmreuther

The end move in politics is always to pick up a gun. - Buckminster

Reply via email to