|
|
|
|
|
|
| Author |
Message |
John Anderson
*nix forums beginner
Joined: 22 Jun 2005
Posts: 7
|
 Posted: Mon Jun 19, 2006 11:39 pm Post subject:
tcpserver
|
|
|
Hi all.
I'm sure that this has been covered many times over, and I apologize for
coming to you with this question. I've looked thru the archives and
couldn't find the answer.
So here goes. I'm hosting about 12 email domains on my server. I also
need to allow relaying for about 4 of those clients, along with my internal
mail being sent out thru my qmail system.
I'm running tcpserver.
My questions are fairly simple:
1. I'd like to be able to "lock down" qmail to only send mail from the 6 or
so IPs I need to send from.
2. I would like to deny everything else.
3. And obviously I would like to receive the email from anywhere for my 12
or so domains.
No matter how I compile the rules in the cdb file, running the tcprulescheck
always just kicks back the first rule. (Eventho the cdb file I am currently
running is allowing everything to work, I'm just not certain how secure I
am).
What am I missing? Is the tcprulescheck not a good testing tool?
Thanks in advance.
--John |
|
| Back to top |
|
 |
Maurice Lucas
*nix forums beginner
Joined: 30 Mar 2005
Posts: 38
|
| Posted: Tue Jun 20, 2006 6:30 am Post subject:
Re: tcpserver
|
|
|
On Mon, 2006-06-19 at 19:39 -0400, John Anderson wrote:
| Quote: | My questions are fairly simple:
1. I'd like to be able to "lock down" qmail to only send mail from
the 6 or so IPs I need to send from.
#allow and relay |
127.:allow,RELAYCLIENT=""
192.168.1.:allow,RELAYCLIENT=""
# allow but don't relay
192.168.2.:allow,RELAYCLIENT=""
# allow all connections
:allow
#or as last line deny all connections
#:deny
| Quote: | 2. I would like to deny everything else.
take the last line but you won't receive any mail from the outside world |
| Quote: | 3. And obviously I would like to receive the email from anywhere for
my 12 or so domains.
|
So take as last line the allow
| Quote: | No matter how I compile the rules in the cdb file, running the
tcprulescheck always just kicks back the first rule. (Eventho the cdb
file I am currently running is allowing everything to work, I'm just
not certain how secure I am).
What am I missing? Is the tcprulescheck not a good testing tool?
|
TCPREMOTEIP=192.168.1.1 && tcprulescheck /etc/tcp.smtp.cdb
TCPREMOTEIP=127.0.0.1 && tcprulescheck /etc/tcp.smtp.cdb
--
With kind regards,
Maurice Lucas
TAOS-IT |
|
| Back to top |
|
|
Brian T Glenn
*nix forums beginner
Joined: 17 Mar 2005
Posts: 22
|
| Posted: Tue Jun 20, 2006 12:22 pm Post subject:
Re: tcpserver
|
|
|
On Mon, Jun 19, 2006 at 07:39:06PM -0400, John Anderson may have written:
| Quote: |
So here goes. I'm hosting about 12 email domains on my server. I also
need to allow relaying for about 4 of those clients, along with my internal
mail being sent out thru my qmail system.
I'm running tcpserver.
1. I'd like to be able to "lock down" qmail to only send mail from the 6 or
so IPs I need to send from.
|
ip.of.the.server:allow,RELAYCLIENT=""
Rinse and repeat for each IP. This will allow that IP address complete
relay access through your system.
| Quote: | 2. I would like to deny everything else.
|
Is this server an MX for any of those domains? If so, you don't actually
want to do this.
| Quote: | 3. And obviously I would like to receive the email from anywhere for my 12
or so domains.
|
This answers my above question. After putting in your 6 IP address with
RELAYCLIENT access, put a line like the following at the bottom of
tcp.smtp:
:allow
| Quote: | No matter how I compile the rules in the cdb file, running the tcprulescheck
always just kicks back the first rule. (Eventho the cdb file I am currently
running is allowing everything to work, I'm just not certain how secure I
am).
What am I missing? Is the tcprulescheck not a good testing tool?
|
As another member of the list replied, you'll need to set TCPREMOTEIP in
the environment of tcprulescheck in order to get the correct
information.
It would have also been a lot more helpful to include the complete,
unedited output of your tcp.smtp file if you'd like real help debugging
it.
--
http://www.delink.net/
BOFH excuse #441:
Hash table has woodworm |
|
| Back to top |
|
|
Google
|
|
| Back to top |
|
|
|
|
The time now is Sat Jan 10, 2009 1:15 am | All times are GMT
|
|
Credit Counseling | Bankruptcy | Payday Loans | BabbFest | MPAA
|
|
Copyright © 2004-2005 DeniX Solutions SRL
|
|
|
|
Other DeniX Solutions sites:
Unix/Linux blog |
electronics forum |
medicine forum |
science forum |
|
|
Privacy Policy
|
Powered by phpBB © 2001, 2005 phpBB Group
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
Forum index
»
Apps
»
Qmail
