Trey Nolen wrote:
We have been using smtp-after-pop for a long time, but are also using smtp-auth for some purposes. When users authenticate via POP, a line like the following gets added to open-smtp:
ww.xx.yy.zz:allow,RELAYCLIENT="",RBLSMTPD="",WHITELIST=""     1187395788

This keeps the users from being affected by rblsmtpd.

We added sorbs to our rblsmtpd to block "dynamic IP pools", but it seems to be blocking our users that use smtp-auth. Our smtp-after-pop users work fine using the same dynamic IPs. We have some users that need to be able send via our servers but that do not have a POP account to authenticate against. Is there a way to get smtp-auth excluded from the rblsmtpd blocks?

I would suggest starting another instance of qmail-smtpd on port 587 that does not use the rbls, and has its own tcp.submpt.cdb that allows anyone to connect, but does not ever set RELAYCLIENT. This allows all addresses, but will only allow relay for authenticated users.

Port 587, is the default port for this kind of operation.

My run file for the submission port is:

QMAILUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
exec /usr/local/bin/softlimit -m 10000000 \
     /usr/local/bin/tcpserver -v -H -R -l 0 \
     -x /mail/etc/tcp.submission.cdb -c "$MAXSMTPD" \
     -u "$QMAILUID" -g "$NOFILESGID" 0 587 \
     /var/qmail/bin/qmail-smptd \
     /mail/bin/vchkpw /bin/true 2>&1

/mail/bin/ is my  ~vpopmail/bin, in absolute terms.

Reply via email to