Koozali.org: home of the SME Server

Legacy Forums => Experienced User Forum => Topic started by: Max on July 11, 2002, 04:10:19 AM

Title: QMail aliases privacy
Post by: Max on July 11, 2002, 04:10:19 AM

I have an everyone alias/group on an e-smith 4.1.2 machine.
I do not want people to be able to send email to everyone@mydomain.com from the outside network.
but I would like people inside the network to be able to send mail to everyone.
is this possible?

(right now people both inside and outside can send mail to everyone)

Title: Re: QMail aliases privacy
Post by: Charlie Brady on July 11, 2002, 07:28:58 PM

Max wrote:
>
> I have an everyone alias/group on an e-smith 4.1.2 machine.
> I do not want people to be able to send email to
> everyone@mydomain.com from the outside network.
> but I would like people inside the network to be able to send
> mail to everyone.
> is this possible?
>
> (right now people both inside and outside can send mail to
> everyone)

Upgrade to a later version, preferably 5.5. The "everyone" address is protected from outside access.

Regards

Charlie

Title: Re: QMail aliases privacy
Post by: Nathan Fowler on July 11, 2002, 09:14:45 PM

If you do not wish to ugprade there is an RPM that you can install that will modify the smtpd_check_rules providing this security.

The RPM is located here:
http://myezserver.com/downloads/mitel/contrib/smtpdcheckrules-0.0.1/dmc-mitel-smtpdcheckrules-0.0.1-5.noarch.rpm

I hate to make Charlie angry, but I'm not a big fan of E-Smith 5.5

Hope this helped,
Nathan

Title: Re: QMail aliases privacy
Post by: Max on July 12, 2002, 05:18:20 AM

Thank you both for the information. Right now its going to be a lot easier for me to go for the rpm fix. I installed it and tried sending email to my everyone alias from outside and it still got through. Is there something I need to do on top of installing the rpm?

my /var/qmail/alias/.qmail-everyone looks like this:

&example
&hello
&internal
&emails

Thanks

Title: Re: QMail aliases privacy
Post by: Nathan Fowler on July 12, 2002, 07:07:56 AM

Strange, I know it's going to be large, but please paste me the contents of /etc/smtpd_check_rules (yes I know it's a symlink but the real path is so long and I can never remember it.)

That is where your allow/deny SMTP rules are.

Hope this helped,
Nathan

Title: Nathan doesn't like 5.5 (was Re: QMail aliases privacy)
Post by: Charlie Brady on July 12, 2002, 07:37:21 AM

Nathan Fowler wrote:

> I hate to make Charlie angry, but I'm not a big fan of
> E-Smith 5.5

You won't make be angry. You have made me curious though. What in particular don't you like about 5.5?

Charlie

Title: Re: QMail aliases privacy
Post by: Max on July 12, 2002, 09:34:24 PM

Well I thought it might be that I had not restarted qmail after installing the rpm, so I rebooted the server, but still I can send email to everyone@mydomain.com from outside. So here is the file:

#------------------------------------------------------------
# DO NOT MODIFY THIS FILE! It is updated automatically by the
# e-smith server and gateway software. Instead, modify the source
# template in the /etc/e-smith/templates directory. For more
# information, see http://www.e-smith.org.
#
# copyright (C) 1999, 2000 e-smith, inc.
#------------------------------------------------------------


# Don't allow bang paths via us
noto:ALL:ALL:*!*@*:551 Sorry %H (%I), I don't allow unauthorized relaying. You can't use me to send mail from %F to %T.

# Don't allow two @s (equivalent to %hack) via us
noto:ALL:ALL:*@*@*:551 Sorry %H (%I), I don't allow unauthorized relaying. You can't use me to send mail from %F to %T.

# Don't allow %hack relay via us
noto:ALL:ALL:*%*@*:551 Sorry %H (%I), I don't allow unauthorized relaying. You can't use me to send mail from %F to %T.


# Allow relaying from the local network
allow:127.0.0.1:ALL:ALL
allow:192.168.0.0/24:ALL:ALL

# Prohibit access to these addresses from the outside world
noto:ALL:ALL:everyone@*.zbe.com everyone@zbe.com:551 Sorry %H (%I), you cannot send mail to %T from outside our local network.
noto:ALL:ALL:everyone@*.zbeworkstream.com everyone@zbeworkstream.com:551 Sorry %H (%I), you cannot send mail to %T from outside our local network.
noto:ALL:ALL:maxtest@*.zbe.com maxtest@zbe.com:551 Sorry %H (%I), you cannot send mail to %T from outside our local network.
noto:ALL:ALL:maxtest@*.zbeworkstream.com maxtest@zbeworkstream.com:551 Sorry %H (%I), you cannot send mail to %T from outside our local network.
noto:ALL:ALL:shared@*.zbe.com shared@zbe.com:551 Sorry %H (%I), you cannot send mail to %T from outside our local network.
noto:ALL:ALL:shared@*.zbeworkstream.com shared@zbeworkstream.com:551 Sorry %H (%I), you cannot send mail to %T from outside our local network.

# Allow any of our domains
allow:ALL:ALL:*.zbe.com *@zbe.com
allow:ALL:ALL:*.zbeworkstream.com *@zbeworkstream.com

# Just say no to anything else, we won't relay for people we don't know.
noto:ALL:ALL:ALL:551 Sorry %H(%I), I don't allow unauthorized relaying. Please use another SMTP host to mail from %F to %T

#------------------------------------------------------------
# TEMPLATE END
#------------------------------------------------------------