Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Qmail>
  3. users
qmail/pop3 problem
jailbird at alcatraz
Feb 8, 1997, 1:45 PM
Post #1 of 13 (4043 views)
Permalink
Okay.. I need some help here... I've installed qmail recently,
and it works great. I'm still using mbox format because of compatibility
issues, and because I don't use NFS, so I'd prefer not to have to
switch. Because qmail-pop3d only works with Maildir, I cannot use it.
I've been using qpopper, and I've noticed that my users cannot send
e-mail to addresses that are not in my rcpthosts. I've also tried this
with in.pop3d+shadow. If anybody has any ideas on how to allow pop3
messages through, please share them. Here's a copy of an error message
one of my users received:

---------- Forwarded message ----------
Date: Sat, 8 Feb 1997 14:38:40 -0006
From: Darren Dale <mrspock@insnet.com>
To: jailbird@alcatraz.fdf.net
Subject: (Fwd) Mail Delivery Failure.

Forwarded message:
From: Mail Delivery System <>
To: Self
Subject: Mail Delivery Failure.
Date: Sat, 8 Feb 1997 14:30:30

Delivery has failed on the enclosed message for the following
reasons reported either by the mail delivery system on the mail
relay host or by the local TCP/IP transport module:

553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)

Your original mail message follows:
--------------------------------------------------------

From: "Darren Dale" <mrspock@alcatraz.fdf.net>
To: mrspock@insnet.com
Date: Sat, 8 Feb 1997 14:30:18 -0006
Subject: Test
Reply-to: mrspock@insnet.com
Priority: normal
X-mailer: Pegasus Mail for Windows (v2.23)

Testing


-Dustin Marquess
Re: qmail/pop3 problem [ In reply to ]
richard at illuin
Feb 8, 1997, 2:00 PM
Post #2 of 13 (3972 views)
Permalink
On Sat, 8 Feb 1997, JaiL BiRD wrote:

>
> Okay.. I need some help here... I've installed qmail recently,
> and it works great. I'm still using mbox format because of compatibility
> issues, and because I don't use NFS, so I'd prefer not to have to
> switch. Because qmail-pop3d only works with Maildir, I cannot use it.
> I've been using qpopper, and I've noticed that my users cannot send
> e-mail to addresses that are not in my rcpthosts. I've also tried this
> with in.pop3d+shadow. If anybody has any ideas on how to allow pop3
> messages through, please share them. Here's a copy of an error message
> one of my users received:

when users SEND mail message they use SMTP -- POP3 is a receive-only
protocol.

you need to set the 'RELAYCLIENT' environment variable for your local
users; this allows them to send to any hosts.
To do this I use the TCP wrappers:
eg:
/etc/inetd.conf:
smtp stream tcp nowait qmaild /usr/sbin/tcpd /var/qmail/bin/tcp-env /var/qmail/bin/qmail-smtpd

/etc/hosts.allow:
tcp-env: 10.0.0.1, 127.0.0.1, 10.0.0.2, 158.152.202.79 : setenv = RELAYCLIENT

> X-mailer: Pegasus Mail for Windows (v2.23)
BTW 2.52 of Pegasus is the latest version; I use 2.42 at work.

+----------------------------+
| richard@illuin.demon.co.uk | Aut viam inveniam aut faciam
+----------------------------+
Re: qmail/pop3 problem [ In reply to ]
jailbird at alcatraz
Feb 8, 1997, 2:39 PM
Post #3 of 13 (3981 views)
Permalink
On Sat, 8 Feb 1997, Richard Letts wrote:

> On Sat, 8 Feb 1997, JaiL BiRD wrote:
>
> >
> > Okay.. I need some help here... I've installed qmail recently,
> > and it works great. I'm still using mbox format because of compatibility
> > issues, and because I don't use NFS, so I'd prefer not to have to
> > switch. Because qmail-pop3d only works with Maildir, I cannot use it.
> > I've been using qpopper, and I've noticed that my users cannot send
> > e-mail to addresses that are not in my rcpthosts. I've also tried this
> > with in.pop3d+shadow. If anybody has any ideas on how to allow pop3
> > messages through, please share them. Here's a copy of an error message
> > one of my users received:
>
> when users SEND mail message they use SMTP -- POP3 is a receive-only
> protocol.
>
> you need to set the 'RELAYCLIENT' environment variable for your local
> users; this allows them to send to any hosts.

Okay.. I did that, and now I see /var/log/messages entries if I
telnet to port 25... but I don't see them when a pop client sends mail,
and they still get the same error... so I assume it's not connecting to
port 25, so tcpd doesn't get ran to set RELAYCLIENT. Any ideas? Also...
since I really have no way of knowning what address my users are to be
comming from, the only way to implment this is to set RELAYCLIENT for ALL
connections, which would kind of defeat rcpthosts... any other ideas?

-Dustin Marquess
Re: qmail/pop3 problem [ In reply to ]
dkelson at inconnect
Feb 8, 1997, 2:43 PM
Post #4 of 13 (3953 views)
Permalink
On Sat, 8 Feb 1997, JaiL BiRD wrote:

> Okay.. I did that, and now I see /var/log/messages entries if I
> telnet to port 25... but I don't see them when a pop client sends mail,
> and they still get the same error... so I assume it's not connecting to
> port 25, so tcpd doesn't get ran to set RELAYCLIENT. Any ideas? Also...
> since I really have no way of knowning what address my users are to be
> comming from, the only way to implment this is to set RELAYCLIENT for ALL
> connections, which would kind of defeat rcpthosts... any other ideas?
>
> -Dustin Marquess

How can you not know what addresses your clients would be connecting from?
This is in the FAQ, I used the Alternate method with "tcpserver" and
"tcpcontrol".

Dax Kelson
Internet Connect, Inc.
Re: qmail/pop3 problem [ In reply to ]
jailbird at alcatraz
Feb 8, 1997, 2:50 PM
Post #5 of 13 (3958 views)
Permalink
On Sat, 8 Feb 1997, Dax Kelson wrote:

> On Sat, 8 Feb 1997, JaiL BiRD wrote:
>
> > Okay.. I did that, and now I see /var/log/messages entries if I
> > telnet to port 25... but I don't see them when a pop client sends mail,
> > and they still get the same error... so I assume it's not connecting to
> > port 25, so tcpd doesn't get ran to set RELAYCLIENT. Any ideas? Also...
> > since I really have no way of knowning what address my users are to be
> > comming from, the only way to implment this is to set RELAYCLIENT for ALL
> > connections, which would kind of defeat rcpthosts... any other ideas?
>
> How can you not know what addresses your clients would be connecting from?
> This is in the FAQ, I used the Alternate method with "tcpserver" and
> "tcpcontrol".

Because I am not an ISP... I just provide accounts for people
that telnet in from systems like BBS's with PPP, in order for them to
have a full-fledged account. So not all the addresses will end in my
domain, etc...

-Dustin Marquess
Re: qmail/pop3 problem [ In reply to ]
pgf at foxharp
Feb 8, 1997, 3:17 PM
Post #6 of 13 (3951 views)
Permalink
> > > since I really have no way of knowning what address my users are to be
> > > comming from, the only way to implment this is to set RELAYCLIENT for ALL
> > > connections, which would kind of defeat rcpthosts... any other ideas?
> >
> > How can you not know what addresses your clients would be connecting from?
> > This is in the FAQ, I used the Alternate method with "tcpserver" and
> > "tcpcontrol".
>
> Because I am not an ISP... I just provide accounts for people
> that telnet in from systems like BBS's with PPP, in order for them to
> have a full-fledged account. So not all the addresses will end in my
> domain, etc...

either you need to be able to list the clients you will allow to use you
as a relay, or you might as well just remove rcpthosts, and open up relaying
to everyone. i don't understand how you expect to restrict relaying
to a certain set of clients if you don't know who they are.

perhaps we don't understand what you're trying to accomplish?

paul
---------------------
paul fox, pgf@foxharp.boston.ma.us (arlington, ma)
Re: qmail/pop3 problem [ In reply to ]
jailbird at alcatraz
Feb 8, 1997, 3:22 PM
Post #7 of 13 (3970 views)
Permalink
On Sat, 8 Feb 1997, Paul Fox wrote:

> > > > since I really have no way of knowning what address my users are to be
> > > > comming from, the only way to implment this is to set RELAYCLIENT for ALL
> > > > connections, which would kind of defeat rcpthosts... any other ideas?
> > >
> > > How can you not know what addresses your clients would be connecting from?
> > > This is in the FAQ, I used the Alternate method with "tcpserver" and
> > > "tcpcontrol".
> >
> > Because I am not an ISP... I just provide accounts for people
> > that telnet in from systems like BBS's with PPP, in order for them to
> > have a full-fledged account. So not all the addresses will end in my
> > domain, etc...
>
> either you need to be able to list the clients you will allow to use you
> as a relay, or you might as well just remove rcpthosts, and open up relaying
> to everyone. i don't understand how you expect to restrict relaying
> to a certain set of clients if you don't know who they are.
>
> perhaps we don't understand what you're trying to accomplish?

Ya... that's what I was trying not to do, but it looks like it's
the only way. Since I don't know what the hostnames are going to be, I'm
going to have to open-up relaying to everybody. Would removing rcpthosts
do this? Right now I just have hosts.allow set RELAYCLIENT for everybody.

-Dustin Marquess
Re: qmail/pop3 problem [ In reply to ]
kimc at w8hd
Feb 8, 1997, 3:54 PM
Post #8 of 13 (3968 views)
Permalink
On Sat, 8 Feb 1997, JaiL BiRD wrote:

> Because I am not an ISP... I just provide accounts for people
> that telnet in from systems like BBS's with PPP, in order for them to
> have a full-fledged account. So not all the addresses will end in my
> domain, etc...

It appears there is one good solution for this; tcpserver and tcpcontrol.

The combination allows you to enable relaying for ranges of IP addresses
or individual numbers.

This is a common requirement for those providing this type of service,
how about including the details of setup in the FAQ ?

regards
kim

--
kimc@w8hd.org
Re: qmail/pop3 problem [ In reply to ]
jailbird at alcatraz
Feb 8, 1997, 4:00 PM
Post #9 of 13 (3973 views)
Permalink
On Sat, 8 Feb 1997, Richard Letts wrote:

> On Sat, 8 Feb 1997, JaiL BiRD wrote:
>
> >
> > Okay.. I need some help here... I've installed qmail recently,
> > and it works great. I'm still using mbox format because of compatibility
> > issues, and because I don't use NFS, so I'd prefer not to have to
> > switch. Because qmail-pop3d only works with Maildir, I cannot use it.
> > I've been using qpopper, and I've noticed that my users cannot send
> > e-mail to addresses that are not in my rcpthosts. I've also tried this
> > with in.pop3d+shadow. If anybody has any ideas on how to allow pop3
> > messages through, please share them. Here's a copy of an error message
> > one of my users received:
>
> when users SEND mail message they use SMTP -- POP3 is a receive-only
> protocol.
>
> you need to set the 'RELAYCLIENT' environment variable for your local
> users; this allows them to send to any hosts.

This works great, thanks... I've been thinking though...

The pop3 user sent mail from his machine at address
FDF@mrspock.insnet.com, through my smtp server alcatraz.fdf.net, with an
address of mrspock@alcatraz.fdf.net to the address mrspock@insnet.com.
Since insnet.com isn't in my rcpthosts, it bounced the message, and sent
an error message to mrspock@insnet.com, which is the To: address...
shouldn't it be bounced back to mrspock@alcatraz.fdf.net? Also, I got to
thinking... maybe hack qmail to allow relays if the from address is a
valid user on the machine? It's got the qmail-users file to read from.
This way all pop3 users that have their software setup right, would be
able to e-mail fine....

-Dustin Marquess
Re: qmail/pop3 problem [ In reply to ]
nelson at crynwr
Feb 8, 1997, 8:25 PM
Post #10 of 13 (3956 views)
Permalink
JaiL BiRD writes:
> On Sat, 8 Feb 1997, Paul Fox wrote:

> > either you need to be able to list the clients you will allow to use you
> > as a relay, or you might as well just remove rcpthosts, and open up relaying
> > to everyone.
>
> Ya... that's what I was trying not to do, but it looks like it's
> the only way. Since I don't know what the hostnames are going to be, I'm
> going to have to open-up relaying to everybody. Would removing rcpthosts
> do this? Right now I just have hosts.allow set RELAYCLIENT for everybody.

Yes, removing rcpthosts would work. There are, however, two
alternative methods to CYA:

1) Run two SMTP servers -- one on the standard port, which never sets
RELAYCLIENT for anybody, and another on some weird-ass port
nobody's ever heard of. Tell your customers to specify that port
in their SMTP server configuration.

2) Tell your customers to use their ISP's SMTP server, not yours.

--
-russ <nelson@crynwr.com> http://www.crynwr.com/~nelson
Crynwr Software sells network driver support | PGP ok
521 Pleasant Valley Rd. | +1 315 268 1925 voice | Peace, Justice, Freedom:
Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | pick two (only mostly true)
Re: qmail/pop3 problem [ In reply to ]
jailbird at alcatraz
Feb 8, 1997, 9:56 PM
Post #11 of 13 (3968 views)
Permalink
On 9 Feb 1997, Russell Nelson wrote:

> > Ya... that's what I was trying not to do, but it looks like it's
> > the only way. Since I don't know what the hostnames are going to be, I'm
> > going to have to open-up relaying to everybody. Would removing rcpthosts
> > do this? Right now I just have hosts.allow set RELAYCLIENT for everybody.
>
> Yes, removing rcpthosts would work. There are, however, two
> alternative methods to CYA:
>
> 1) Run two SMTP servers -- one on the standard port, which never sets
> RELAYCLIENT for anybody, and another on some weird-ass port
> nobody's ever heard of. Tell your customers to specify that port
> in their SMTP server configuration.
>
> 2) Tell your customers to use their ISP's SMTP server, not yours.

Actually.. I've thought about both of those... I'd choose #2 over
#1 though... But I was thinking... if qmail would check the From:
address, see if the hostname is in rcpthosts, and the username is valid,
then it would work with all the pop3 accounts, and still retain the
rcpthosts security...

-Dustin Marquess
Re: qmail/pop3 problem [ In reply to ]
gerg at wco
Feb 8, 1997, 10:25 PM
Post #12 of 13 (3973 views)
Permalink
JaiL BiRD <jailbird@alcatraz.fdf.net> writes:
>
> But I was thinking... if qmail would check the From:
>address, see if the hostname is in rcpthosts, and the username is valid,
>then it would work with all the pop3 accounts, and still retain the
>rcpthosts security...
>

That's no good. It would allow anyone to use you as a relay
as long as they forged the From: line to look like it came
from one of your accounts.

-Greg
--
Greg Andrews West Coast Online
Unix System Administrator 5800 Redwood Drive
gerg@wco.com Rohnert Park CA 94928
(yes, 'greg' backwards) 1-800-WCO-INTERNET
Re: qmail/pop3 problem [ In reply to ]
ian at uns
Feb 9, 1997, 12:51 AM
Post #13 of 13 (3956 views)
Permalink
Russell Nelson <nelson@crynwr.com> wrote:
>> Yes, removing rcpthosts would work. There are, however, two
>> alternative methods to CYA:
>>
>> 1) Run two SMTP servers -- one on the standard port, which never sets
>> RELAYCLIENT for anybody, and another on some weird-ass port
>> nobody's ever heard of. Tell your customers to specify that port
>> in their SMTP server configuration.

Or, if you are running qmail on a Linux machine with a fairly recent
kernel, and have you clients in a reasonably confined set of IP
networks, set up input firewall rules to automatically redirect
SMTP connections to the port where the other qmail-smtpd is listening.

i.

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal