January 16, 2013 Roberto Puzzanghera0 comments
This is my
> more /home/vpopmail/etc/tcp.smtp 0.0.0.0:allow,RELAYCLIENT="",SMTPD_GREETDELAY="0" xxx.xxx.xxx.xxx:allow,RELAYCLIENT="",SMTPD_GREETDELAY="0" 10.0.0.:allow,RELAYCLIENT="",SMTPD_GREETDELAY="0" 127.:allow,RELAYCLIENT="",SMTPD_GREETDELAY="0" :allow
As you can see, the
localhost, the internal subnet
10.0.0., and the external server's IP are allowed to use the MTA as a relay (RELAYCLIENT=""), and does not face a GREETDELAY.
All other clients are allowed to send us emails (
allow:), will face a GREETDELAY specified in the
qmail-smtpd run script, and are not allowed to use our MTA as a relay.
And since we want to allow ourselves to use our MTA as a remote relay, the
tcp.submission rules have to be simply:
> more /home/vpopmail/etc/tcp.submission :allow
And nobody is allowed to use the submission service (port 587) as an open relay without authentication.
Remember to generate the
cdb files each time you make changes to your
> qmailctl cdb Updated tcp.smtp.cdb. Updated tcp.submission.cdb.
apache clamav dkim dovecot ezmlm fail2ban hacks lamp letsencrypt linux linux-vserver lxc mariadb mediawiki mozilla mysql owncloud patches php proftpd qmail qmailadmin rbl roundcube rsync sieve simscan slackware spamassassin ssh ssl surbl tcprules tex ucspi-tcp vpopmail vqadmin