Re: [vchkpw] rblsmtpd with vchkpw

Tue, 04 Apr 2006 09:46:50 -0700 

On 2006-04-05, at 0002, Fernando Milovich wrote:
I mean bypass RBL is the client is authenticated. But it seems to be no possibly. This problem is because our customers use ISP connections like ADSL and Dial Up and these connections are blocked by CBL at spamhaus.org 
I think i´ll have to change the RBL checker.



set up a second SMTP service for your users. it should not use port  
25, it should not accept mail at all unless the client has sent a  
successful AUTH command, and it should not accept an AUTH command  
unless the connection is encrypted (via SSL or TLS.)



depending on the qmail patches you are using, the second and third  
conditions may not be possible for you- but the first condition,  
running an SMTP service on some other port, anybody can do. usually  
the biggest mental hurdle is realizing that it is possible to run  
multiple SMTP services on the same machine.



just take the "run" script from your existing service and copy it to  
a new service directory... change the port number from 25 (or "smtp",  
if that's how it's listed in your file) to 587, and fire it up. or  
run it on port 465, substitute sslserver for tcpserver, make a key  
pair, and you're up and running with an SSL-secured SMTP server.



http://qmail.jms1.net/smtp-service.shtml is a web page i wrote which  
explains how to set up SMTP services. it's slanted towards people who  
use my combined patch file (which you may want to take a look at-  
lots of tasty goodies in there) but the basic idea is the same for  
any qmail system- you can have as many SMTP services as you need, as  
long as each one has its own IP/PORT combination. it may contain some  
helpful information, and it certainly explains things in more detail  
than this message. enjoy.


--------------------------------------------------
| John M. Simpson - KG4ZOW - Programmer At Large |
| http://www.jms1.net/           <[EMAIL PROTECTED]> |
--------------------------------------------------
| Mac OS X proves that it's easier to make UNIX  |
| pretty than it is to make Windows secure.      |
--------------------------------------------------





Attachment:
PGP.sig

Description: This is a digitally signed message part






















					Reply via email to