Trey Nolen wrote:
We have been using smtp-after-pop for a long time, but are also using
smtp-auth for some purposes. When users authenticate via POP, a line
like the following gets added to open-smtp:
ww.xx.yy.zz:allow,RELAYCLIENT="",RBLSMTPD="",WHITELIST="" 1187395788
This keeps the users from being affected by rblsmtpd.
We added sorbs to our rblsmtpd to block "dynamic IP pools", but it seems
to be blocking our users that use smtp-auth. Our smtp-after-pop users
work fine using the same dynamic IPs. We have some users that need to
be able send via our servers but that do not have a POP account to
authenticate against. Is there a way to get smtp-auth excluded from the
rblsmtpd blocks?
I would suggest starting another instance of qmail-smtpd on port 587
that does not use the rbls, and has its own tcp.submpt.cdb that allows
anyone to connect, but does not ever set RELAYCLIENT. This allows all
addresses, but will only allow relay for authenticated users.
Port 587, is the default port for this kind of operation.
My run file for the submission port is:
#!/bin/sh
QMAILUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
exec /usr/local/bin/softlimit -m 10000000 \
/usr/local/bin/tcpserver -v -H -R -l 0 \
-x /mail/etc/tcp.submission.cdb -c "$MAXSMTPD" \
-u "$QMAILUID" -g "$NOFILESGID" 0 587 \
/var/qmail/bin/qmail-smptd \
/mail/bin/vchkpw /bin/true 2>&1
/mail/bin/ is my ~vpopmail/bin, in absolute terms.
