Koozali.org: home of the SME Server

Obsolete Releases => SME Server 7.x => Topic started by: icemannz on May 09, 2008, 01:59:27 AM

Title: Relay from Gateway Address
Post by: icemannz on May 09, 2008, 01:59:27 AM

Hi all,
I need to enable relaying from the Gateway Address of the SME Box.
Before you say it, I know the implications, but the Gateway Address of the SME Server is not going to enable an open relay as it is just a router between 2 subnets.

The is a template called
/etc/e-smith/templates/var/service/qpsmtpd/config/norelayclients/20norelayFromRouter
where the gateway address appears to come from but if I delete the contents of this file and do a
expand-template /var/service/qpsmtpd/config/norelayclients
signal-event email-update
THe address comes back in the file
/var/service/qpsmtpd/config/norelayclients
If I go straight into the file /var/service/qpsmtpd/config/norelayclients and comment out the gateway address it run perfectly (and there is no open relay as I have tested)
But I need to make the change the right way with the templates so that any time the mailserver is reconfigured it doesnt put that gateway address back in.
Any help would be appreciated.

Title: Re: Relay from Gateway Address
Post by: janet on May 09, 2008, 04:29:33 AM

icemannz

Quote

the Gateway Address of the SME Server ..... is just a router between 2 subnets

You may be able to achieve what you want by adding additional networks in the server manager Local networks panel.

Quote

But I need to make the change the right way with the templates

As you want an empty version of an existing fragment

mkdir -p /etc/e-smith/templates-custom/var/service/qpsmtpd/config/norelayclients/
touch /etc/e-smith/templates-custom/var/service/qpsmtpd/config/norelayclients/20norelayFromRouter
expand-template /var/service/qpsmtpd/config/norelayclients
signal-event email-update

Title: Re: Relay from Gateway Address
Post by: icemannz on May 09, 2008, 05:59:15 AM

Thanks for the reply Mary,
But still no go.
I have made sure that the original template is empty, there is nothing in the file,
I then created the file you mentioned:
touch /etc/e-smith/templates-custom/var/service/qpsmtpd/config/norelayclients/20norelayFromRouter
expand-template /var/service/qpsmtpd/config/norelayclients
signal-event email-update

But when I go and have a look at
/var/service/qpsmtpd/config/norelayclients
The address is back in there,
I guess it is coming from somewhere else ?
Any suggestions ?

PS: I have both subnets added to the local networks and it will relay for any address on either network after adding them to the appropriate file, but it will not relay for the SME Gateway's address. :-(

Title: Re: Relay from Gateway Address
Post by: pfloor on May 09, 2008, 07:12:49 AM

Quote from: icemannz on May 09, 2008, 05:59:15 AM

I have made sure that the original template is empty, there is nothing in the file,

You should not have done that.  Don't ever change the contents of a base template file.

Quote

I then created the file you mentioned:
touch /etc/e-smith/templates-custom/var/service/qpsmtpd/config/norelayclients/20norelayFromRouter
expand-template /var/service/qpsmtpd/config/norelayclients
signal-event email-update

But when I go and have a look at
/var/service/qpsmtpd/config/norelayclients
The address is back in there,
I guess it is coming from somewhere else ?
Any suggestions ?

You must have done something wrong.  You will have to create the custom template directory first if it doesn't already exist so try this:

Code: [Select]

mkdir -p /etc/e-smith/templates-custom/var/service/qpsmtpd/config/norelayclients

touch /etc/e-smith/templates-custom/var/service/qpsmtpd/config/norelayclients/20norelayFromRouter

expand-template /var/service/qpsmtpd/config/norelayclients
At this point you can look at the file and see any changes before issuing the email-update:

Code: [Select]

cat /var/service/qpsmtpd/config/norelayclients
Then after you have confirmed the changes have been made to the file:

Code: [Select]

signal-event email-update

Title: Re: Relay from Gateway Address
Post by: icemannz on May 11, 2008, 11:47:02 PM

Hi,
I have checked over the files again and I will post the results below:
If you can see an error in what I am doing here please let me know as I have spent far too much time on this already.
[root@smtp ~]# cat /etc/e-smith/templates/var/service/qpsmtpd/config/norelayclients/20norelayFromRouter
{
    return '' unless $GatewayIP;
   
    # we allow access from the router, but we do not allow relaying
    return $GatewayIP;
}
[root@smtp ~]# cat /etc/e-smith/templates-custom/var/service/qpsmtpd/config/norelayclients/20norelayFromRouter
[root@smtp ~]#

expand-template /var/service/qpsmtpd/config/norelayclients
signal-event email-update

cat /var/service/qpsmtpd/config/norelayclients
#------------------------------------------------------------
#              !!DO NOT MODIFY THIS FILE!!
#
# Manual changes will be lost when this file is regenerated.
#
# Please read the developer's guide, which is available
# at http://www.contribs.org/development/
#
# Copyright (C) 1999-2006 Mitel Networks Corporation
#------------------------------------------------------------
# Format is IP, or IP part with trailing dot
# e.g. "127.0.0.1", or "192.168."
192.168.50.1
[root@smtp ~]#

Title: Re: Relay from Gateway Address
Post by: pfloor on May 12, 2008, 06:01:16 AM

Post the output of:

Code: [Select]

/sbin/e-smith/audittools/templates

Title: Re: Relay from Gateway Address
Post by: janet on May 12, 2008, 12:29:59 PM

icemannz

On a sme in gateway server mode (without custom template to affect it) I get

cat /var/service/qpsmtpd/config/norelayclients           

#------------------------------------------------------------
#              !!DO NOT MODIFY THIS FILE!!
#
# Manual changes will be lost when this file is regenerated.
#
# Please read the developer's guide, which is available
# at http://www.contribs.org/development/
#
# Copyright (C) 1999-2006 Mitel Networks Corporation
#------------------------------------------------------------
# Format is IP, or IP part with trailing dot
# e.g. "127.0.0.1", or "192.168."

Title: Re: Relay from Gateway Address
Post by: icemannz on May 20, 2008, 04:36:20 AM

Hi all,
Pfloor the output of the command is
/sbin/e-smith/audittools/templates
/etc/e-smith/templates-custom/etc/ssh/sshd_config: MANUALLY_ADDED, OVERRIDE
/etc/e-smith/templates-custom/var/service/qpsmtpd/config/relayclients: MANUALLY_ADDED, OVERRIDE
/etc/e-smith/templates-custom/var/service/qpsmtpd/config/norelayclients/20norelayFromRouter: MANUALLY_ADDED, OVERRIDE
/etc/e-smith/templates/var/service/qpsmtpd/config/norelayclients/20norelayFromRouter: MODIFIED smeserver-qpsmtpd-1.2.1-52.el4.sme
/etc/e-smith/templates/var/service/qpsmtpd/config/norelayclients/20norelayFromRouter.old: MANUALLY_ADDED
[root@smtp ~]#

I have modified the /etc/e-smith/templates/var/service/qpsmtpd/config/norelayclients/20norelayFromRouter
file but it didn't help so put the contents of the file back the way they were. Still says modified though.

Title: Re: Relay from Gateway Address
Post by: icemannz on May 20, 2008, 04:37:36 AM

Hi Mary,
the only difference I can see is that the SME Server which we run is not in Gateway mode it is just running in Server only mode.
Don't know if this makes any difference.