Adjusting the tcprules files for qmail
January 16, 2013 Roberto Puzzanghera 15 comments
This is my tcprules file:
> more /home/vpopmail/etc/tcp.smtp 0.0.0.0:allow,RELAYCLIENT="",SMTPD_GREETDELAY="0" xxx.xxx.xxx.xxx:allow,RELAYCLIENT="",SMTPD_GREETDELAY="0" 10.0.0.:allow,RELAYCLIENT="",SMTPD_GREETDELAY="0" 127.:allow,RELAYCLIENT="",SMTPD_GREETDELAY="0" :allow
As you can see, the localhost, the internal subnet 10.0.0., and the external server's IP are allowed to use the MTA as a relay (RELAYCLIENT=""), and do not face a GREETDELAY.
All other clients are allowed to send us emails (:allow), will face a GREETDELAY specified in the qmail-smtpd run script, and are not allowed to use our MTA as a relay.
And since we want to allow ourselves to use our MTA as a remote relay, the tcp.submission rules have to be simply:
> more /home/vpopmail/etc/tcp.submission :allow
And nobody is allowed to use the submission service (port 587) as an open relay without authentication.
Remember to generate the cdb files each time you make changes to your tcprules file:
> qmailctl cdb Updated tcp.smtp.cdb. Updated tcp.submission.cdb.
qmail notes
Pay me a coffee:
LXC scripts
Other contents
Recent comments
qq_temporary_problem_(#4.3.0)
June 2, 2023 06:32
qq_temporary_problem_(#4.3.0)
June 1, 2023 21:18
qq_temporary_problem_(#4.3.0)
May 31, 2023 18:22
qq_temporary_problem_(#4.3.0)
May 31, 2023 14:42
qq_temporary_problem_(#4.3.0)
May 31, 2023 14:33
Thank you! for all the documentation, patches and support
May 26, 2023 08:42
free(): double free detected in tcache 2: /var/www/qmail/cgi-bin/qmailadmin
May 17, 2023 15:25
free(): double free detected in tcache 2: /var/www/qmail/cgi-bin/qmailadmin
May 17, 2023 07:46
Tags
apache clamav dkim dovecot ezmlm fail2ban hacks lamp letsencrypt linux linux-vserver lxc mariadb mediawiki mozilla mysql openboard owncloud patches php proftpd qmail qmail to postfix qmail-spp qmailadmin rbl roundcube rsync sieve simscan slackware solr spamassassin spf ssh ssl surbl tcprules tex ucspi-tcp vpopmail vqadmin
Comments
tcprules problem
JonsoF November 16, 2020 11:58
Hi there,
Having installed the ucspi-tcp6-1.06.tgz, i noticed that tcprules ignores hosts and applies all the enviroment variable for all ( :allow...)
for example
if i have the tcp.submission file
Then tcprules applies the rules to all hosts instead of x.x.x.x.x
I finaly managed to execute tcprules (ucspi-tcp6-1.02) , i produced the cdb and moved to the newest email server (ucspi-tcp6-1.06)
Is this a bug ?
Reply | Permalink
tcprules problem
Roberto Puzzanghera JonsoF November 16, 2020 12:33
And you didn't define a default rule at all?
I don't know if it's a bug, we should look at the code to see what it does when a default rule is not defined... Anyway I think that defining a default rule such as
should be a good practice
Reply | Permalink
tcprules problem
JonsoF Roberto Puzzanghera November 16, 2020 13:10
i also tried with the
in the bottom of the file, but the result was the same.
Hosts are ignored and all the env variables are applied as if there were no hosts rules but just :allow
using ucspi-tcp6-1.02
using ucspi-tcp6-1.06
Reply | Permalink
tcprules problem
Roberto Puzzanghera JonsoF November 16, 2020 14:48
you are not declaring TCPREMOTEIP, so it always prints the default rule. This is the usage as per man page:
Reply | Permalink
tcprules problem
JonsoF Roberto Puzzanghera November 16, 2020 15:33
tcp.submission
There is no host definition at all.
Reply | Permalink
tcprules problem
Roberto Puzzanghera JonsoF November 16, 2020 16:50
apparently this output is not compatible with your tcp source file, as that is not the default defined rule...
Reply | Permalink
tcprules problem
JonsoF Roberto Puzzanghera November 16, 2020 17:38
yes, that is the problem.
i did not missed anything during the qmail installation. I followed all the instructions in this web site.
Hopefully, i have an older installation of qmail and the other tools, as i referred in my first post and i can compile my tcprules there and move them back to the new one (new server)
Reply | Permalink
tcprules problem
Roberto Puzzanghera JonsoF November 16, 2020 15:37
did you recompile your tcprules after last modification?
Reply | Permalink
tcprules problem
JonsoF Roberto Puzzanghera November 16, 2020 16:31
what i do whenever i make changes in /home/vpopmail/etc/tcp.submission
Reply | Permalink
tcprules problem
JonsoF Roberto Puzzanghera November 16, 2020 16:27
i have followed all the instructions of this web site, page by page
did i miss something?
Reply | Permalink
tcprules problem
Roberto Puzzanghera JonsoF November 16, 2020 16:44
how can I know if you missed something :-)
Reply | Permalink
Greetdelay
Marco Varanda February 23, 2020 11:41
Hello Roberto
Thanks for your job, you help many lost people, like me !
Is this line,
disable to all public internet IP, greetdelay effect ?
Is this disable greet delay, because you set to zero seconds ?
Thanks
Marco Varanda
Reply | Permalink
Greetdelay
Roberto Puzzanghera Marco Varanda February 23, 2020 13:12
It disables the greetdelay just for the mentioned IP 0.0.0.0 which is server's IP, because it has 0 value.
Edit: setting GREETDELAY in your tcp rules overwrites the default value in your qmail-smtpd run file
Reply | Permalink
Greetdelay
MARCO ANTONIO VARANDA Roberto Puzzanghera February 23, 2020 13:32
Sorry for insistence,
I think 0.0.0.0 is reference to any public IP.
In other words, if my IP try to send data before greetings, 0.0.0.0 will accept with no delay.
Am I wrong ?
- varanda
Reply | Permalink
Greetdelay
Roberto Puzzanghera MARCO ANTONIO VARANDA February 23, 2020 13:39
no, 0.0.0.0 is the IP of your localhost (if not sure you can google for it)
Reply | Permalink