[3336] in RedHat Linux List
Re: qmail & pam was Re: Protecting sendmail?
daemon@ATHENA.MIT.EDU (Eric Smith)
Fri Nov 8 03:03:04 1996
Date: 8 Nov 1996 08:53:24 -0000
From: Eric Smith <eric@brouhaha.com>
To: Joe Block <jpb@miamisci.org>
CC: redhat-list@redhat.com, djb-qmail@koobera.math.uic.edu
In-reply-to: <v03007809aea86907c6ac@[192.168.1.69]> (message from Joe Block on
Thu, 7 Nov 1996 23:48:17 -0500)
Resent-From: redhat-list@redhat.com
Reply-To: redhat-list@redhat.com
I wrote some stuff about the advantages of qmail, and using it to prevent
unauthorized use of a machine as a mail relay.
Joe Block <jpb@miamisci.org> writes:
> This is nice, but 95% of my users are using Eudora or Netscape as a mail
> client, so my mailhub has to accept mail for any destination.
...
> Have you managed to set up a qmail machine so that it will only accept mail
> for outside destinations from a list of allowable ips (like the ones my
> portmaster assigns), and otherwise only accept mail for stuff in
> control/locals?
There may be a more elegant solution for this, but my approach is to run
qmail on two separate mail relays, one for inbound mail, and one for outbound.
The inbound relay will accept SMTP connections for any host, but its
/var/qmail/rcpthosts file is set up so it will only accept mail with
destinations in your domains.
The outbound relay is configured to only accept SMTP connections from
IP addresses you control (by using tcpd), but it has no rcpthosts file so
it will allow any destination.
And if I were running an ISP, I would also put filters in my firewall to
prevent my customers from directly connecting to the SMTP ports of machines
other than my outbound mail relay. I'd also seriously consider hacking up
some anti-spamming code in the outbound relay.
With a lot of work, it might be possible to run both mail relays on a single
host, but I don't think it's worth the effort. You'd have to build two
separate qmails, with different control directories, different user IDs, and
make each qmail-smtpd bind a different IP address.
Perhaps someone on the qmail list might have some insights as to a better
way to set this up.
Cheers,
Eric
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
________________________________________________________________________
http://www.redhat.com/RedHat-FAQ http://www.redhat.com/RedHat-Errata
http://www.redhat.com/RedHat-Tips http://www.redhat.com/mailing-lists
------------------------------------------------------------------------
To unsubscribe: mail -s unsubscribe redhat-list-request@redhat.com < /dev/null
