On 2007-08-17, at 2113, Trey Nolen wrote:
I would suggest starting another instance of qmail-smtpd on port 587 that does not use the rbls, and has its own tcp.submpt.cdb that allows anyone to connect, but does not ever set RELAYCLIENT. This allows all addresses, but will only allow relay for authenticated users.

Port 587, is the default port for this kind of operation.

Thanks. We will start that, too. But, we do have a number of clients that are ALREADY using port 25 for smtp-auth. Is there any way to keep them from being affected by the rblmtpd? For instance, is there a way to pass a variable to tcpserver if the connection is authenticated via smtp-auth?

no, because there's no way for tcpserver to know whether or not a valid AUTH command will be sent. remember that qmail-smtpd would be accepting the AUTH command, and rblsmtpd runs before qmail-smtpd does.

the correct answer is to create one or more AUTH-only SMTP services, preferably also "encrypted only" for security, and tell your users that they must use those instead. i'm not sure which patches you're using, but my combined patch has support for both of these features (i.e. it won't accept any MAIL commands until a valid AUTH command has been sent, and it won't accept any AUTH commands unless the connection is secured.) i *think* both of these features are available in other patches but i will admit that i'm not 100% familiar with them- i'm sure if you can tell us which patches you're using, somebody on the list will be able to give you some quick directions for how to set this up.

if you're not married to any particular patch, here's the info regarding mine. do your research and make see if it will work for you, if so you're (obviously) welcome to use it.


| John M. Simpson    ---   KG4ZOW   ---    Programmer At Large |
| http://www.jms1.net/                         <[EMAIL PROTECTED]> |
| http://video.google.com/videoplay?docid=-1656880303867390173 |

Attachment: PGP.sig
Description: This is a digitally signed message part

Reply via email to