Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Qmail: users

How to: qmail-smtpd for roaming users.

  

 
Qmail users RSS feed   Index | Next | Previous | View Threaded


fcmario76 at gmail

Feb 7, 2012, 1:12 AM

Post #1 of 13 (2651 views)
Permalink
How to: qmail-smtpd for roaming users.
Hi guys,

I hope this is the right place to ask. We use qmail-ldap (qmailrocks
installation) for our mail server for some time. To give people access to
qmail-smtpd, we used to configure /var/qmail/control/qmail-smtpd.rules.
Usually we use this configuration:


127.:allow,RELAYCLIENT="",SMTPAUTH="",AUTHREQUIRED="",QMAILQUEUE="/var/qmail/bin/simscan"
192.168.:allow,RELAYCLIENT="",SMTPAUTH="",AUTHREQUIRED="",QMAILQUEUE="/var/qmail/bin/simscan"
:allow,QMAILQUEUE="/var/qmail/bin/simscan",RETURNMXCHECK=""

Now we want to let roaming users to be able to use qmail-smtpd from
anywhere outside from local LAN, so we change qmail-smtpd.rules into


127.:allow,RELAYCLIENT="",SMTPAUTH="",AUTHREQUIRED="",QMAILQUEUE="/var/qmail/bin/simscan"
192.168.:allow,RELAYCLIENT="",SMTPAUTH="",AUTHREQUIRED="",QMAILQUEUE="/var/qmail/bin/simscan"
*:allow,RELAYCLIENT="",SMTPAUTH="",QMAILQUEUE="/var/qmail/bin/simscan"*
:allow,QMAILQUEUE="/var/qmail/bin/simscan",RETURNMXCHECK=""

It is works (we can send to or receive email from gmail), with exception
that we can send without authentication either. If we added AUTHREQUIRED=""
in the third line, gmail cannot send email to our server. If we switched
the third and fourth line (:allow,RELAYCLIENT line and :allow,QMAILQUEUE
line), then qmail will never read (or act) the last line. Is there
something we're missing here*? OR should we cooperate SMTPAUTH with PBS (we
have

127.0.0.1:allow,NOPBS=""
# default allow
:allow

in /var/qmail/control/qmail-pop3d.rules.

* thinking about using SENDERCHECK too, but we still need authentication.

Thank-you in advance.


Best regards,
Mario


feh at fehcom

Feb 7, 2012, 2:14 AM

Post #2 of 13 (2582 views)
Permalink
Re: How to: qmail-smtpd for roaming users. [In reply to]
Hi

Am 07.02.2012 um 10:12 schrieb FC Mario Patty:

> Hi guys,
>
> I hope this is the right place to ask. We use qmail-ldap (qmailrocks installation) for our mail server for some time.

Actually, this is not 100% the right place .... but lets try.


> To give people access to qmail-smtpd, we used to configure /var/qmail/control/qmail-smtpd.rules. Usually we use this configuration:
>
>
> 127.:allow,RELAYCLIENT="",SMTPAUTH="",AUTHREQUIRED="",QMAILQUEUE="/var/qmail/bin/simscan"
> 192.168.:allow,RELAYCLIENT="",SMTPAUTH="",AUTHREQUIRED="",QMAILQUEUE="/var/qmail/bin/simscan"
> :allow,QMAILQUEUE="/var/qmail/bin/simscan",RETURNMXCHECK=""
>
> Now we want to let roaming users to be able to use qmail-smtpd from anywhere outside from local LAN, so we change qmail-smtpd.rules into
>


>
> 127.:allow,RELAYCLIENT="",SMTPAUTH="",AUTHREQUIRED="",QMAILQUEUE="/var/qmail/bin/simscan"
> 192.168.:allow,RELAYCLIENT="",SMTPAUTH="",AUTHREQUIRED="",QMAILQUEUE="/var/qmail/bin/simscan"


> :allow,RELAYCLIENT="",SMTPAUTH="",QMAILQUEUE="/var/qmail/bin/simscan"
> :allow,QMAILQUEUE="/var/qmail/bin/simscan",RETURNMXCHECK=""
>

You have two rules for the same condition. his is bad. The typical way would be:

> :allow,SMTPAUTH="",QMAILQUEUE="/var/qmail/bin/simscan"



> It is works (we can send to or receive email from gmail), with exception that we can send without authentication either.

?? Auth for sending (=qmail-remote) works independently from receiving.

> If we added AUTHREQUIRED="" in the third line, gmail cannot send email to our server.

Of course not -- anybody needs to authenticate.


> If we switched the third and fourth line (:allow,RELAYCLIENT line and :allow,QMAILQUEUE line), then qmail will never read (or act) the last line. Is there something we're missing here*? OR should we cooperate SMTPAUTH with PBS (we have
>
> 127.0.0.1:allow,NOPBS=""
> # default allow
> :allow
>
> in /var/qmail/control/qmail-pop3d.rules.
>
> * thinking about using SENDERCHECK too, but we still need authentication.
>
> Thank-you in advance.
>

For a deeper understanding, read my SMTP Auth tutorial http://www.fehcom.de/qmail/smtpauth.html


regards.
--eh.

>
> Best regards,
> Mario

--
Dr. Erwin Hoffmann | FEHCom | http://www.fehcom.de | PGP Key-Id: 7E4034BE


ezmlist at news

Feb 7, 2012, 5:21 AM

Post #3 of 13 (2566 views)
Permalink
Re: How to: qmail-smtpd for roaming users. [In reply to]
On Feb 7, 2012, at 4:12 AM, FC Mario Patty wrote:

> Now we want to let roaming users to be able to use qmail-smtpd from
> anywhere outside from local LAN,

You need two instances of smtpd running on different ports. One will listen on port 25, and accept inbound email from gmail and the rest of the world, and will not require authorization and not allow relaying. The second will listen on a different port (587 is standard), and will allow relaying and require authorization. Your roaming users will configure their email clients to submit mail via port 587.


rwolfe at fpsoft

Feb 7, 2012, 7:24 AM

Post #4 of 13 (2580 views)
Permalink
RE: How to: qmail-smtpd for roaming users. [In reply to]
Or you could always set up a VPN for your users so that they can connect to
your network via a secure connection outside your LAN. Then they should not
have to make any changes. That is how I do it here and it works fine. For
my setup here, I have a Cisco SA500W and utilizing the internal VPN server
in that device. For my backup VPN concentrator, I use OpenVPN-AS running
under Debian 6 in a Windows Server 2008 R2 Hyper-V VM.


-----Original Message-----
From: Matt Simpson [mailto:ezmlist [at] news]
Sent: Tue 2/7/2012 8:21 AM
To: qmail [at] list
Subject: Re: How to: qmail-smtpd for roaming users.


On Feb 7, 2012, at 4:12 AM, FC Mario Patty wrote:

> Now we want to let roaming users to be able to use qmail-smtpd from
> anywhere outside from local LAN,

You need two instances of smtpd running on different ports. One will listen
on port 25, and accept inbound email from gmail and the rest of the world,
and will not require authorization and not allow relaying. The second will
listen on a different port (587 is standard), and will allow relaying and
require authorization. Your roaming users will configure their email
clients to submit mail via port 587.


qmlist at news

Feb 10, 2012, 5:15 AM

Post #5 of 13 (2557 views)
Permalink
Re: How to: qmail-smtpd for roaming users. [In reply to]
On Feb 10, 2012, at 6:13 AM, FC Mario Patty wrote:

> Guys, I think I've made it. I installed the second qmail-delivery and
> qmail-smtpd to another directory than the first one (/var/qmail2 instead of
> /var/qmail). Something I did to achieve that are:


That was more work than you needed to do. There was no need for a second installation of qmail-delivery. All you needed was two qmail-smtpd processes. Assuming you're using qmail-smptd through tcpserver, all you needed to do was start another tcpserver task listening to port 587, and using a different set of tcprules.


qmail at honorablemenschen

Feb 10, 2012, 7:27 AM

Post #6 of 13 (2560 views)
Permalink
Re: How to: qmail-smtpd for roaming users. [In reply to]
>
> On Feb 10, 2012, at 6:13 AM, FC Mario Patty wrote:
>
>> Guys, I think I've made it. I installed the second qmail-delivery and
>> qmail-smtpd to another directory than the first one (/var/qmail2 instead
>> of
>> /var/qmail). Something I did to achieve that are:
>
>
> That was more work than you needed to do. There was no need for a second
> installation of qmail-delivery. All you needed was two qmail-smtpd
> processes. Assuming you're using qmail-smptd through tcpserver, all you
> needed to do was start another tcpserver task listening to port 587, and
> using a different set of tcprules.

I don't know who would be responsible for doing this, but at this point I
think the LWQ setup instructions should probably include doing this by
default. I can't say that I've done this for every qmail setup I've ever
done, because I've done some that are purely MTA relay hosts, but I always
set up a second instance of qmail-smtpd on the submission port for servers
with client interaction, and it's become a de-facto standard anyway.

Just my $0.02, but since it's so common and there's the potential for
confusion (like what the OP did), maybe we can head some of it off by just
adding this to the default docs?

Josh

Joshua Megerman
SJGames MIB #5273 - OGRE AI Testing Division
You can't win; You can't break even; You can't even quit the game.
- Layman's translation of the Laws of Thermodynamics
qmail [at] honorablemenschen


kwat at mnw

Feb 11, 2012, 9:50 AM

Post #7 of 13 (2566 views)
Permalink
Re: How to: qmail-smtpd for roaming users. [In reply to]
I was wanting to do this on my qmail server but I was wondering if the
spambots hit port 587 like they do on port 25?
----- Original Message -----
From: "Joshua Megerman" <qmail [at] honorablemenschen>
To: <qmail [at] list>
Sent: Friday, February 10, 2012 9:27 AM
Subject: Re: How to: qmail-smtpd for roaming users.


>
>>
>> On Feb 10, 2012, at 6:13 AM, FC Mario Patty wrote:
>>
>>> Guys, I think I've made it. I installed the second qmail-delivery and
>>> qmail-smtpd to another directory than the first one (/var/qmail2 instead
>>> of
>>> /var/qmail). Something I did to achieve that are:
>>
>>
>> That was more work than you needed to do. There was no need for a second
>> installation of qmail-delivery. All you needed was two qmail-smtpd
>> processes. Assuming you're using qmail-smptd through tcpserver, all you
>> needed to do was start another tcpserver task listening to port 587, and
>> using a different set of tcprules.
>
> I don't know who would be responsible for doing this, but at this point I
> think the LWQ setup instructions should probably include doing this by
> default. I can't say that I've done this for every qmail setup I've ever
> done, because I've done some that are purely MTA relay hosts, but I always
> set up a second instance of qmail-smtpd on the submission port for servers
> with client interaction, and it's become a de-facto standard anyway.
>
> Just my $0.02, but since it's so common and there's the potential for
> confusion (like what the OP did), maybe we can head some of it off by just
> adding this to the default docs?
>
> Josh
>
> Joshua Megerman
> SJGames MIB #5273 - OGRE AI Testing Division
> You can't win; You can't break even; You can't even quit the game.
> - Layman's translation of the Laws of Thermodynamics
> qmail [at] honorablemenschen
>
>
>


feh at fehcom

Feb 11, 2012, 10:24 AM

Post #8 of 13 (2558 views)
Permalink
Re: How to: qmail-smtpd for roaming users. [In reply to]
Hi,

well, I can't tell about the Submission port; but my other qmail-instance running SMTPS service has less then 1% the spam hits w.r.t. standard port 25.

Running submission leaves an potential attacker no real choice, since authentication is mandatory.

With my Spamcontrol version 2.7 I will publish those figures my means of MRTG.

regards.
--eh.

Am 11.02.2012 um 18:50 schrieb Kent Watkins:

> I was wanting to do this on my qmail server but I was wondering if the spambots hit port 587 like they do on port 25?
> ----- Original Message ----- From: "Joshua Megerman" <qmail [at] honorablemenschen>
> To: <qmail [at] list>
> Sent: Friday, February 10, 2012 9:27 AM
> Subject: Re: How to: qmail-smtpd for roaming users.
>
>
>>
>>>
>>> On Feb 10, 2012, at 6:13 AM, FC Mario Patty wrote:
>>>
>>>> Guys, I think I've made it. I installed the second qmail-delivery and
>>>> qmail-smtpd to another directory than the first one (/var/qmail2 instead
>>>> of
>>>> /var/qmail). Something I did to achieve that are:
>>>
>>>
>>> That was more work than you needed to do. There was no need for a second
>>> installation of qmail-delivery. All you needed was two qmail-smtpd
>>> processes. Assuming you're using qmail-smptd through tcpserver, all you
>>> needed to do was start another tcpserver task listening to port 587, and
>>> using a different set of tcprules.
>>
>> I don't know who would be responsible for doing this, but at this point I
>> think the LWQ setup instructions should probably include doing this by
>> default. I can't say that I've done this for every qmail setup I've ever
>> done, because I've done some that are purely MTA relay hosts, but I always
>> set up a second instance of qmail-smtpd on the submission port for servers
>> with client interaction, and it's become a de-facto standard anyway.
>>
>> Just my $0.02, but since it's so common and there's the potential for
>> confusion (like what the OP did), maybe we can head some of it off by just
>> adding this to the default docs?
>>
>> Josh
>>
>> Joshua Megerman
>> SJGames MIB #5273 - OGRE AI Testing Division
>> You can't win; You can't break even; You can't even quit the game.
>> - Layman's translation of the Laws of Thermodynamics
>> qmail [at] honorablemenschen
>>
>>
>
>

--
Dr. Erwin Hoffmann | FEHCom | http://www.fehcom.de | PGP Key-Id: 7E4034BE


jschmidt at linuxi86

Feb 14, 2012, 2:19 PM

Post #9 of 13 (2547 views)
Permalink
Re: How to: qmail-smtpd for roaming users. [In reply to]
On Sat, 2012-02-11 at 11:50 -0600, Kent Watkins wrote:
> I was wanting to do this on my qmail server but I was wondering if the
> spambots hit port 587 like they do on port 25?
> ----- Original Message -----
> From: "Joshua Megerman" <qmail [at] honorablemenschen>
> To: <qmail [at] list>
> Sent: Friday, February 10, 2012 9:27 AM
> Subject: Re: How to: qmail-smtpd for roaming users.
>
>
> >
> >>
> >> On Feb 10, 2012, at 6:13 AM, FC Mario Patty wrote:
> >>
> >>> Guys, I think I've made it. I installed the second qmail-delivery and
> >>> qmail-smtpd to another directory than the first one (/var/qmail2 instead
> >>> of
> >>> /var/qmail). Something I did to achieve that are:
> >>
> >>
> >> That was more work than you needed to do. There was no need for a second
> >> installation of qmail-delivery. All you needed was two qmail-smtpd
> >> processes. Assuming you're using qmail-smptd through tcpserver, all you
> >> needed to do was start another tcpserver task listening to port 587, and
> >> using a different set of tcprules.
> >
> > I don't know who would be responsible for doing this, but at this point I
> > think the LWQ setup instructions should probably include doing this by
> > default. I can't say that I've done this for every qmail setup I've ever
> > done, because I've done some that are purely MTA relay hosts, but I always
> > set up a second instance of qmail-smtpd on the submission port for servers
> > with client interaction, and it's become a de-facto standard anyway.
> >
> > Just my $0.02, but since it's so common and there's the potential for
> > confusion (like what the OP did), maybe we can head some of it off by just
> > adding this to the default docs?
> >
> > Josh
> >
> > Joshua Megerman
> > SJGames MIB #5273 - OGRE AI Testing Division
> > You can't win; You can't break even; You can't even quit the game.
> > - Layman's translation of the Laws of Thermodynamics
> > qmail [at] honorablemenschen
> >
top-posting? really? :^)

it shouldn't matter if they do (I've not seen much illegitimate traffic
to 587), but the idea is to force authentication on 587...

Jeff


kwat at mnw

Feb 14, 2012, 4:34 PM

Post #10 of 13 (2558 views)
Permalink
Re: How to: qmail-smtpd for roaming users. [In reply to]
----- Original Message -----
From: "Jeff Schmidt" <jschmidt [at] linuxi86>
To: "Kent Watkins" <kwat [at] mnw>
Cc: <qmail [at] list>
Sent: Tuesday, February 14, 2012 4:19 PM
Subject: Re: How to: qmail-smtpd for roaming users.


>
>
>
> On Sat, 2012-02-11 at 11:50 -0600, Kent Watkins wrote:
>> I was wanting to do this on my qmail server but I was wondering if the
>> spambots hit port 587 like they do on port 25?
>> ----- Original Message -----
>> From: "Joshua Megerman" <qmail [at] honorablemenschen>
>> To: <qmail [at] list>
>> Sent: Friday, February 10, 2012 9:27 AM
>> Subject: Re: How to: qmail-smtpd for roaming users.
>>
>>
>> >
>> >>
>> >> On Feb 10, 2012, at 6:13 AM, FC Mario Patty wrote:
>> >>
>> >>> Guys, I think I've made it. I installed the second qmail-delivery and
>> >>> qmail-smtpd to another directory than the first one (/var/qmail2
>> >>> instead
>> >>> of
>> >>> /var/qmail). Something I did to achieve that are:
>> >>
>> >>
>> >> That was more work than you needed to do. There was no need for a
>> >> second
>> >> installation of qmail-delivery. All you needed was two qmail-smtpd
>> >> processes. Assuming you're using qmail-smptd through tcpserver, all
>> >> you
>> >> needed to do was start another tcpserver task listening to port 587,
>> >> and
>> >> using a different set of tcprules.
>> >
>> > I don't know who would be responsible for doing this, but at this point
>> > I
>> > think the LWQ setup instructions should probably include doing this by
>> > default. I can't say that I've done this for every qmail setup I've
>> > ever
>> > done, because I've done some that are purely MTA relay hosts, but I
>> > always
>> > set up a second instance of qmail-smtpd on the submission port for
>> > servers
>> > with client interaction, and it's become a de-facto standard anyway.
>> >
>> > Just my $0.02, but since it's so common and there's the potential for
>> > confusion (like what the OP did), maybe we can head some of it off by
>> > just
>> > adding this to the default docs?
>> >
>> > Josh
>> >
>> > Joshua Megerman
>> > SJGames MIB #5273 - OGRE AI Testing Division
>> > You can't win; You can't break even; You can't even quit the game.
>> > - Layman's translation of the Laws of Thermodynamics
>> > qmail [at] honorablemenschen
>> >
> top-posting? really? :^)
>
> it shouldn't matter if they do (I've not seen much illegitimate traffic
> to 587), but the idea is to force authentication on 587...
>
> Jeff
>
>
>
Forgive the top posting. It won't happen again. I've now got 2 instances up
and running and I'll watch my stats and see what the spam level looks like
with relaying denied on port 25.. Thanks for feedback.. Kent


qmlist at news

Mar 4, 2012, 7:01 AM

Post #11 of 13 (2412 views)
Permalink
Re: How to: qmail-smtpd for roaming users. [In reply to]
On Mar 4, 2012, at 6:07 AM, FC Mario Patty wrote:

> Ok, I change the question. Should I make the second smtpd folder and run
> file, let's say /var/qmail/service/smtpd2/run and make another link to
> /service and then running another qmail-smtpd.rules/cdb files?


Yes. You'll need to change the port that it listens to. In the script that you posted, it looks like the port is assigned via environment variable ${PORT-25}, which must be set somewhere else because it's not in that script. You'll need to either change that line in the script or change the ${PORT-25} variable. You probably want to use port 587.

You need another tcprules cdb file that will allow connection from anywhere.

Then you need to look at the doc for whatever AUTH patch you have installed. There are probably some environment variables that need to be set to turn on authentication.

--
Matt Simpson
Tatertown, KY


fcmario76 at gmail

Mar 5, 2012, 10:23 PM

Post #12 of 13 (2434 views)
Permalink
Re: How to: qmail-smtpd for roaming users. [In reply to]
FYI, here what I do to make the second smtpd(2) service:

1. Stop qmail via
# svc -d /service/qmail

2. Create the second smtpd directory with qmail-smtpd-conf
# qmail-smtpd-conf qmaild qmaill /var/qmail/service/smtpd2

3. Instead of using the tcp file in /var/qmail/service/smtpd2, I use
qmail-smtpd2.rules under /var/qmail/control, so I make the second rules
file via copy (of the first qmail-smtpd.rules) and edit its content

:allow,RELAYCLIENT="",SMTPAUTH="",AUTHREQUIRED="",QMAILQUEUE="/var/qmail/bin/simscan"

and then make some modification in /var/qmail/control/Makefile and add
qmail-smtpd2.cdb into FILES (variable?).

4. Running make under /var/qmail/control directory to create
qmail-smtpd2.cdb file.

# cd /var/qmail/control/
# make

5. I go to /var/qmail/service/smtpd2/ and modify the run file, especially
the last 3 lines (not to include the ` character).

# vi run
.......
-x/var/qmail/control/qmail-smtpd2.cdb \
-- "${IP-0}" "${PORT-587}" \
/var/qmail/bin/qmail-smtpd auth_smtp

6. Replace the port env file content (from 25 to 587).
# echo 587 > /var/qmail/service/smtpd2/env/PORT

7. Make symlink of smtpd2 in /service
# ln -s /var/qmail/service/smtpd2 /service

The last one, I run qmail with `svc -u /service/qmail`.

The result is I can send email to gmail or viceversa, or send email from
our production mail server to this trial server and succeed. Problem comes
when the sender is android smart phone email client, that the server
automatically throw the android emails and give them high SPAM score. I
guess the culprit is the HELO localhost conversation. I erased QMAILQUEUE
out of qmail-smtpd2.rules(cdb) but the result is just the same if I sent
email to our production qmail server (but it works with yahoo mail). What
can I do with qmail to deal with android smart phone? Thank you in advance.

Regards,
Mario


On Sun, Mar 4, 2012 at 10:01 PM, Matt Simpson <qmlist [at] news> wrote:

>
> On Mar 4, 2012, at 6:07 AM, FC Mario Patty wrote:
>
> > Ok, I change the question. Should I make the second smtpd folder and run
> > file, let's say /var/qmail/service/smtpd2/run and make another link to
> > /service and then running another qmail-smtpd.rules/cdb files?
>
>
> Yes. You'll need to change the port that it listens to. In the script
> that you posted, it looks like the port is assigned via environment
> variable ${PORT-25}, which must be set somewhere else because it's not in
> that script. You'll need to either change that line in the script or
> change the ${PORT-25} variable. You probably want to use port 587.
>
> You need another tcprules cdb file that will allow connection from
> anywhere.
>
> Then you need to look at the doc for whatever AUTH patch you have
> installed. There are probably some environment variables that need to be
> set to turn on authentication.
>
> --
> Matt Simpson
> Tatertown, KY
>
>
>
>


feh at fehcom

Mar 6, 2012, 12:23 AM

Post #13 of 13 (2432 views)
Permalink
Re: How to: qmail-smtpd for roaming users. [In reply to]
Hi Mario,

though I don't know what Auth patch you are using (you find mine at http://fehcom.de/qmail.html)


On Tue, 6 Mar 2012 13:23:18 +0700, FC Mario Patty <fcmario76 [at] gmail> wrote :

>
> FYI, here what I do to make the second smtpd(2) service:
>
> 1. Stop qmail via
> # svc -d /service/qmail
>
> 2. Create the second smtpd directory with qmail-smtpd-conf
> # qmail-smtpd-conf qmaild qmaill /var/qmail/service/smtpd2
>
> 3. Instead of using the tcp file in /var/qmail/service/smtpd2, I use
> qmail-smtpd2.rules under /var/qmail/control, so I make the second rules
> file via copy (of the first qmail-smtpd.rules) and edit its content

Actually, You DONT need a rules file (except for are cases) if you use Submission.

>
> :allow,RELAYCLIENT="",SMTPAUTH="",AUTHREQUIRED="",QMAILQUEUE="/var/qmail/bin/
simscan"
>

No. No. Remove the RELAYCLIENT here. It is at best useless.

It is sufficient, if you include in your qmail-smtpd2 run script the following:

export SMTPAUTH=""
export AUTHREQUIRED=""
export QMAILQUEUE="/var/qmail/bin/simscan"

or put it into ./env

> and then make some modification in /var/qmail/control/Makefile and add
> qmail-smtpd2.cdb into FILES (variable?).
>
> 4. Running make under /var/qmail/control directory to create
> qmail-smtpd2.cdb file.
>
> # cd /var/qmail/control/
> # make
>
> 5. I go to /var/qmail/service/smtpd2/ and modify the run file, especially
> the last 3 lines (not to include the ` character).
>
> # vi run
> .......
> -x/var/qmail/control/qmail-smtpd2.cdb \
> -- "${IP-0}" "${PORT-587}" \
> /var/qmail/bin/qmail-smtpd auth_smtp
>

What is 'auth_smtp' ?

Typically you need a PAM suporting your Auth feature and having access to the user database (I
discussed this at http://www.fehcom.de/qmail/smptauth.html). If -- in your case -- auth_smtp is
not a PAM (using RELAYCLIENT="") EVERYBODY can use your Submission server to relay. This is
the worst possible solution.

> 6. Replace the port env file content (from 25 to 587).
> # echo 587 > /var/qmail/service/smtpd2/env/PORT
>

Do you have the endir setting in your run script ? You tend to make settings too complicated.


> 7. Make symlink of smtpd2 in /service
> # ln -s /var/qmail/service/smtpd2 /service
>
> The last one, I run qmail with `svc -u /service/qmail`.
>
> The result is I can send email to gmail or viceversa, or send email from
> our production mail server to this trial server and succeed. Problem comes
> when the sender is android smart phone email client, that the server
> automatically throw the android emails and give them high SPAM score. I
> guess the culprit is the HELO localhost conversation. I erased QMAILQUEUE
> out of qmail-smtpd2.rules(cdb) but the result is just the same if I sent
> email to our production qmail server (but it works with yahoo mail). What
> can I do with qmail to deal with android smart phone? Thank you in advance.
>

You need to provide us the header statements your Auth package is including.
Many anti-spam SW (including Spamassassin) evaluate this information. If this is missing or wrong,
you may end up in your situation. The HELO statement being analyzed by the remote side is
probably that of your qmail host; not the Android ones.


> Regards,
> Mario
>
>
> On Sun, Mar 4, 2012 at 10:01 PM, Matt Simpson <qmlist [at] news> wrote:
>
> >
> > On Mar 4, 2012, at 6:07 AM, FC Mario Patty wrote:
> >
> > > Ok, I change the question. Should I make the second smtpd folder and run
> > > file, let's say /var/qmail/service/smtpd2/run and make another link to
> > > /service and then running another qmail-smtpd.rules/cdb files?
> >
> >
> > Yes. You'll need to change the port that it listens to. In the script
> > that you posted, it looks like the port is assigned via environment
> > variable ${PORT-25}, which must be set somewhere else because it's not in
> > that script. You'll need to either change that line in the script or
> > change the ${PORT-25} variable. You probably want to use port 587.
> >
> > You need another tcprules cdb file that will allow connection from
> > anywhere.
> >
> > Then you need to look at the doc for whatever AUTH patch you have
> > installed. There are probably some environment variables that need to be
> > set to turn on authentication.
> >
> > --
> > Matt Simpson
> > Tatertown, KY
> >
> >
> >
> >
>
>

--
Dr. Erwin Hoffmann | FEHCom | http://www.fehcom.de/

Qmail users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.