Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. Experienced User Forum
  4. Topic: QMail aliases privacy
« previous next »
Pages: [1]   Go Down

QMail aliases privacy

  • 6 Replies
  • 849 Views

Max

QMail aliases privacy
« on: July 11, 2002, 04:10:19 AM »
I have an everyone alias/group on an e-smith 4.1.2 machine.
I do not want people to be able to send email to everyone@mydomain.com from the outside network.
but I would like people inside the network to be able to send mail to everyone.
is this possible?

(right now people both inside and outside can send mail to everyone)
Logged

Charlie Brady

Re: QMail aliases privacy
« Reply #1 on: July 11, 2002, 07:28:58 PM »
Max wrote:
>
> I have an everyone alias/group on an e-smith 4.1.2 machine.
> I do not want people to be able to send email to
> everyone@mydomain.com from the outside network.
> but I would like people inside the network to be able to send
> mail to everyone.
> is this possible?
>
> (right now people both inside and outside can send mail to
> everyone)

Upgrade to a later version, preferably 5.5. The "everyone" address is protected from outside access.

Regards

Charlie
Logged

Nathan Fowler

Re: QMail aliases privacy
« Reply #2 on: July 11, 2002, 09:14:45 PM »
If you do not wish to ugprade there is an RPM that you can install that will modify the smtpd_check_rules providing this security.

The RPM is located here:
http://myezserver.com/downloads/mitel/contrib/smtpdcheckrules-0.0.1/dmc-mitel-smtpdcheckrules-0.0.1-5.noarch.rpm

I hate to make Charlie angry, but I'm not a big fan of E-Smith 5.5

Hope this helped,
Nathan
Logged

Max

Re: QMail aliases privacy
« Reply #3 on: July 12, 2002, 05:18:20 AM »
Thank you both for the information. Right now its going to be a lot easier for me to go for the rpm fix. I installed it and tried sending email to my everyone alias from outside and it still got through. Is there something I need to do on top of installing the rpm?

my /var/qmail/alias/.qmail-everyone looks like this:

&example
&hello
&internal
&emails

Thanks
Logged

Nathan Fowler

Re: QMail aliases privacy
« Reply #4 on: July 12, 2002, 07:07:56 AM »
Strange, I know it's going to be large, but please paste me the contents of /etc/smtpd_check_rules (yes I know it's a symlink but the real path is so long and I can never remember it.)

That is where your allow/deny SMTP rules are.

Hope this helped,
Nathan
Logged

Charlie Brady

Nathan doesn't like 5.5 (was Re: QMail aliases privacy)
« Reply #5 on: July 12, 2002, 07:37:21 AM »
Nathan Fowler wrote:

> I hate to make Charlie angry, but I'm not a big fan of
> E-Smith 5.5

You won't make be angry. You have made me curious though. What in particular don't you like about 5.5?

Charlie
Logged

Max

Re: QMail aliases privacy
« Reply #6 on: July 12, 2002, 09:34:24 PM »
Well I thought it might be that I had not restarted qmail after installing the rpm, so I rebooted the server, but still I can send email to everyone@mydomain.com from outside. So here is the file:

#------------------------------------------------------------
# DO NOT MODIFY THIS FILE! It is updated automatically by the
# e-smith server and gateway software. Instead, modify the source
# template in the /etc/e-smith/templates directory. For more
# information, see http://www.e-smith.org.
#
# copyright (C) 1999, 2000 e-smith, inc.
#------------------------------------------------------------


# Don't allow bang paths via us
noto:ALL:ALL:*!*@*:551 Sorry %H (%I), I don't allow unauthorized relaying. You can't use me to send mail from %F to %T.

# Don't allow two @s (equivalent to %hack) via us
noto:ALL:ALL:*@*@*:551 Sorry %H (%I), I don't allow unauthorized relaying. You can't use me to send mail from %F to %T.

# Don't allow %hack relay via us
noto:ALL:ALL:*%*@*:551 Sorry %H (%I), I don't allow unauthorized relaying. You can't use me to send mail from %F to %T.


# Allow relaying from the local network
allow:127.0.0.1:ALL:ALL
allow:192.168.0.0/24:ALL:ALL

# Prohibit access to these addresses from the outside world
noto:ALL:ALL:everyone@*.zbe.com everyone@zbe.com:551 Sorry %H (%I), you cannot send mail to %T from outside our local network.
noto:ALL:ALL:everyone@*.zbeworkstream.com everyone@zbeworkstream.com:551 Sorry %H (%I), you cannot send mail to %T from outside our local network.
noto:ALL:ALL:maxtest@*.zbe.com maxtest@zbe.com:551 Sorry %H (%I), you cannot send mail to %T from outside our local network.
noto:ALL:ALL:maxtest@*.zbeworkstream.com maxtest@zbeworkstream.com:551 Sorry %H (%I), you cannot send mail to %T from outside our local network.
noto:ALL:ALL:shared@*.zbe.com shared@zbe.com:551 Sorry %H (%I), you cannot send mail to %T from outside our local network.
noto:ALL:ALL:shared@*.zbeworkstream.com shared@zbeworkstream.com:551 Sorry %H (%I), you cannot send mail to %T from outside our local network.

# Allow any of our domains
allow:ALL:ALL:*.zbe.com *@zbe.com
allow:ALL:ALL:*.zbeworkstream.com *@zbeworkstream.com

# Just say no to anything else, we won't relay for people we don't know.
noto:ALL:ALL:ALL:551 Sorry %H(%I), I don't allow unauthorized relaying. Please use another SMTP host to mail from %F to %T

#------------------------------------------------------------
# TEMPLATE END
#------------------------------------------------------------
Logged
Pages: [1]   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. Experienced User Forum
  4. Topic: QMail aliases privacy