Adjusting the tcprules files for qmail
This is my tcprules file:
> more /home/vpopmail/etc/tcp.smtp 0.0.0.0:allow,RELAYCLIENT="",RBLSMTPD="",GREETDELAY="0" xxx.xxx.xxx.xxx:allow,RELAYCLIENT="",RBLSMTPD="",GREETDELAY="0" 10.0.0.:allow,RELAYCLIENT="",RBLSMTPD="",GREETDELAY="0" 127.:allow,RELAYCLIENT="",RBLSMTPD="",GREETDELAY="0" :allow
As you can see, the localhost, the internal subnet 10.0.0., and the external server's IP are allowed to use the MTA as a relay (RELAYCLIENT=""), have rblsmtpd switched off (RBLSMTPD=""), and does not face a GREETDELAY (simply replace with SMTPD_GREETDELAY if you are using the delay before smtpd).
All other clients are allowed to send us emails (allow:), will face a GREETDELAY specified in the qmail-smtpd run script, and are not allowed to use our MTA as a relay.
And since we want to allow ourselves to use our MTA as a remote relay, the tcp.submission rules have to be simply:
> more /home/vpopmail/etc/tcp.submission :allow
And nobody is allowed to use the submission service (port 587) as an open relay without authentication.
Remember to generate the cdb files each time you make changes to your tcprules file:
> qmailctl cdb Updated tcp.smtp.cdb. Updated tcp.submission.cdb.