[PLUG] How rcpthosts under qmail works...

Steven A. Adams stevea at nwtechops.com
Mon May 12 20:10:02 UTC 2003 

On Mon, 2003-05-12 at 10:40, Michael C. Robinson wrote:
> I'm getting the impression that any domain that isn't under rcpthosts is
> denied, but this is awfully restrictive where I want to allow my trusted
> users to send to anywhere and anyone to be able to send to me.  Short of
> being an open relay, what option is there to make the latter happen
> transparently?
> 
> I'm guessing with smtp protocol that it doesn't know the difference
> between inbound and outbound traffic.   
> 
> I would think all you'd want to block is email not going to or coming
> from your local network plus spam/malicious email.  Wouldn't the latter
> protect against blacklisting due to being an open relay?

this is the rcpthosts files sole purpose, to control what domain(s) can
access the smtp daemon. Incoming mail is destined for users that are on
the domains listed in rcpthosts and messages that are destined for
foreign hosts originate from a domain that is listed in rcpthosts or
they are not processed by qmails smtp daemon. If your using tcpserver
you'll also need to add the trusted network segment addresses to the
active cdb by appending those addresses to /etc/tcp.smtp (or whatever
your cdb text file name and path is) and running
<qmail_bin_path>/qmailctl cdb.

> 
> Hopefully moving from kmail under Redhat 7.2 to evolution under 7.3 will
> help security wise.  I've gotten Maildir boxes going for the first time
> also :-)
> 
> I wonder if evolution reads rcpthosts where kmail seemingly didn't or
> does this file merely affect qmail?  

only qmail. The pop/imap client probably should not have access to that
file since removing the entries or deleting the file will turn your mail
server into an open relay.

> This is the first time I've ever
> removed the mail and the procmail programs.  Has anyone experimented
> with creating two home areas for their users and modifying the user
> account creation scripts to place the maildir in one area while 
> setting a user's home to the other?  Using UW-IMAP before I guess
> creating a non-login user for the imap accounts will help seperate 
> the imap files from other files.  Trouble is, I want the normal 
> account name to be the email name also.  I would like the user's
> home directory to be free of their email stuff although the .qmail
> should stay there as should any home directory stuff for qconfirm, etc.

try putting your maildirs where you would like them and use ln -s to
link from the users home.

-snip-

More information about the PLUG mailing list