Topic: Qmail Relaying

[Bruce Watkins]

How do I kill off Qmail relaying completely

I want to make the server be able to send email ( from a web form ) and receive email for local users but to deny email to be bounced somewhere else

Thanks
   Bruce Watkins

[paul nesbit]

Bruce Watkins wrote:
>
> How do I kill off Qmail relaying completely

It sounds like this isn't what you want - you want your server to
relay your users outbound mail, and relay inbound mail to valid
local recipients only.  That's what the server does in a standard
configuration.  It won't allow unauthorized relay.  

> I want to make the server be able to send email ( from a web form )

Beware web form CGIs.  I've seen one used (recently) to allow
unauthorized relaying.  (Culprit was FormMail.pl.)

> and receive email for local users but to deny email to be bounced
> somewhere else

Again, that's what the default configuration will do.  It'll bounce
e-mail to non-existant users in your domain to the sender with an
"That user doesn't exist" message.  If the mail is addressed to a
domain that you haven't configured (as either primary or virtual) it
will be bounced to the sender with an "I don't allow unauthorized
relaying" message.  

http://edocs.mitel.com/6000_SME_Server/smeserveruserguide/English/index.html


Cheers,

Paul

[Bruce Watkins]

The default server allows networks classed as local to relay messages
I don't use the server to relay messages and would like to turn it off (for local networks at least)

I need the server to send mail, recieve mail but not relay mail

Thanks
   Bruce

[paul nesbit]

Bruce Watkins wrote:
>
> The default server allows networks classed as local to relay
> messages I don't use the server to relay messages and would like
> to turn it off (for local networks at least)
> [...]

You'll need an (empty) custom template to prevent the server from relaying mail from local networks.

  # mkdir -p /etc/e-smith/templates-custom/etc/tcprules/tcp.smtp
  # touch /etc/e-smith/templates-custom/etc/tcprules/tcp.smtp/80relayFromLocalNetwork

Now only relaying from the server itself is allowed.  

Cheers,

Paul

[paul nesbit]

paul nesbit wrote:
>
>   # mkdir -p
> /etc/e-smith/templates-custom/etc/tcprules/tcp.smtp
>   # touch
/etc/e-smith/templates-custom/etc/tcprules/tcp.smtp/80relayFromLocalNetwork

Note that the above is two commands, not three.  (The second line may be wrapped.)

> Now only relaying from the server itself is allowed.  

Not quite complete -- you'll also have to signal email-update:

  # /sbin/e-smith/signal-event email-update

These instructions apply to version 5.5, BTW.

Paul

[Charlie Brady]

Bruce Watkins wrote:

> How do I kill off Qmail relaying completely
>
> I want to make the server be able to send email ( from a web
> form )

Be very careful with your web form. Allowing relaying from your local network (default) is a much smaller problem than denying relaying from your LAN but allowing relaying from anywhere on the Internet (via the web form).

Charlie

[Dave]

> ... allowing relaying from anywhere on the Internet (via the web form).

Inclined to agree but I should imagine that you are fairly safe if you just code flag(s) into the web form and let the CGI that the form uses to fill in the appropiate mail address's.

Having a form with either a slot for a user entered recipient or it coded as an address is just asking for trouble.

Cheers
Dave.

[Bruce Watkins]

> Bruce Watkins wrote:
>
> > How do I kill off Qmail relaying completely
> >
> > I want to make the server be able to send email ( from a web
> > form )
>
> Be very careful with your web form. Allowing relaying from your local
> network (default) is a much smaller problem than denying relaying from
> your LAN but allowing relaying from anywhere on the Internet (via the
> web form).
>
> Charlie
>
The web forms cannot be used to relay messages. It can only send set
messages to set users loaded from our database, so no problems
there.

I think I've found the file which is /etc/smtpd_check_rules

Thanks
   Bruce Watkins