|
|
|
|
|
|
| Author |
Message |
Charles Cazabon
*nix forums Guru
Joined: 08 Jan 2005
Posts: 805
|
 Posted: Tue Jun 20, 2006 1:43 pm Post subject:
Re: Tcpserver part 2
|
|
|
John Anderson <janderson@ceeva.com> wrote:
| Quote: |
No matter how I compile the rules in the cdb file, running the tcprulescheck
always just kicks back the first rule.
|
That's a classic symptom of running tcprulescheck incorrectly. Hint: tcprules
check gets the IP address to use in the check from an environment variable,
not from the commandline. Check its documentation again if you're unsure.
Charles
--
--------------------------------------------------------------------------
Charles Cazabon <qmail@discworld.dyndns.org>
Read http://pyropus.ca/personal/writings/12-steps-to-qmail-list-bliss.html
My services include qmail consulting. See http://pyropus.ca/ for details.
-------------------------------------------------------------------------- |
|
| Back to top |
|
 |
Jeremy Eder
*nix forums beginner
Joined: 11 Jan 2005
Posts: 15
|
| Posted: Tue Jun 20, 2006 1:18 pm Post subject:
RE: Tcpserver part 2
|
|
|
-----Original Message-----
From: Brian T Glenn [mailto:brian-qmail@delink.net]
Sent: Tuesday, June 20, 2006 8:25 AM
To: qmail@list.cr.yp.to
Subject: Re: Tcpserver part 2
On Mon, Jun 19, 2006 at 10:19:33PM -0400, John Anderson may have
written:
[snip reposted question]
| Quote: |
Several users recommended that I include my CDB file. Problem is, I
wrote up what I am trying to do and am looking for guideance in how to
accomplish that. This is what I'm doing now:
209.114.187.231:allow,RELAYCLIENT=""
209.114.187.232:allow,RELAYCLIENT=""
206.210.88.18:allow,RELAYCLIENT=""
Obviously I think that I need to lock this down a little more.
|
Just add ":allow" to the bottom of the file, and this is exactly what
you need to do.
You do have the domains you are doing MX for in your rcpthosts file,
right?
Cheers,
--
http://www.delink.net/
BOFH excuse #418:
Sysadmins busy fighting SPAM.
Hi,
You seem rather security-conscious. To me, this means smtp-auth.
Ideally:
Setup smtp-auth (theres a ton of patches to qmail to handle it).
Remove any static relayclient allows from tcp.smtp.
In your user's MUA, enable authentication.
Your situation:
Include the 6 static relayclient allows in your tcp.smtp.
Setup smtp-auth, and convert your customers over.
In the future, remove any static allows from tcp.smtp.
resist the temptation to stick :deny at the end of tcp.smtp. This is
not what you want.
Best Regards,
Jeremy Eder
UNIX Administrator
INVISION.COM
631.543.1000 x334 |
|
| Back to top |
|
|
Brian T Glenn
*nix forums beginner
Joined: 17 Mar 2005
Posts: 22
|
| Posted: Tue Jun 20, 2006 12:25 pm Post subject:
Re: Tcpserver part 2
|
|
|
On Mon, Jun 19, 2006 at 10:19:33PM -0400, John Anderson may have written:
[snip reposted question]
| Quote: |
Several users recommended that I include my CDB file. Problem is, I wrote
up what I am trying to do and am looking for guideance in how to accomplish
that. This is what I'm doing now:
209.114.187.231:allow,RELAYCLIENT=""
209.114.187.232:allow,RELAYCLIENT=""
206.210.88.18:allow,RELAYCLIENT=""
Obviously I think that I need to lock this down a little more.
|
Just add ":allow" to the bottom of the file, and this is exactly what
you need to do.
You do have the domains you are doing MX for in your rcpthosts file,
right?
Cheers,
--
http://www.delink.net/
BOFH excuse #418:
Sysadmins busy fighting SPAM. |
|
| Back to top |
|
|
John Anderson
*nix forums beginner
Joined: 22 Jun 2005
Posts: 7
|
| Posted: Tue Jun 20, 2006 2:19 am Post subject:
Tcpserver part 2
|
|
|
I'm sure that this has been covered many times over, and I apologize for
coming to you with this question. I've looked thru the archives and
couldn't find the answer.
So here goes. I'm hosting about 12 email domains on my server. I also
need to allow relaying for about 4 of those clients, along with my internal
mail being sent out thru my qmail system.
I'm running tcpserver.
My questions are fairly simple:
1. I'd like to be able to "lock down" qmail to only send mail from the 6 or
so IPs I need to send from.
2. I would like to deny everything else.
3. And obviously I would like to receive the email from anywhere for my 12
or so domains.
No matter how I compile the rules in the cdb file, running the tcprulescheck
always just kicks back the first rule. (Eventho the cdb file I am currently
running is allowing everything to work, I'm just not certain how secure I
am).
What am I missing? Is the tcprulescheck not a good testing tool?
Thanks in advance.
--John
Hi all,
Several users recommended that I include my CDB file. Problem is, I wrote
up what I am trying to do and am looking for guideance in how to accomplish
that. This is what I'm doing now:
209.114.187.231:allow,RELAYCLIENT=""
209.114.187.232:allow,RELAYCLIENT=""
206.210.88.18:allow,RELAYCLIENT=""
Obviously I think that I need to lock this down a little more.
Thanks.
--John |
|
| Back to top |
|
|
Google
|
|
| Back to top |
|
|
|
|
The time now is Fri Jan 09, 2009 9:24 pm | All times are GMT
|
|
Remortgages | Bankruptcy | Cash Advance Loan | Looking for Credit Cards? | Debt Consolidation
|
|
Copyright © 2004-2005 DeniX Solutions SRL
|
|
|
|
Other DeniX Solutions sites:
Unix/Linux blog |
electronics forum |
medicine forum |
science forum |
|
|
Privacy Policy
|
Powered by phpBB © 2001, 2005 phpBB Group
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
Forum index
»
Apps
»
Qmail
