Adjusting the tcprules files for qmail

January 16, 2013 Roberto Puzzanghera4 comments

This is my tcprules file:

> more /home/vpopmail/etc/tcp.smtp

0.0.0.0:allow,RELAYCLIENT="",SMTPD_GREETDELAY="0"
xxx.xxx.xxx.xxx:allow,RELAYCLIENT="",SMTPD_GREETDELAY="0"
10.0.0.:allow,RELAYCLIENT="",SMTPD_GREETDELAY="0"
127.:allow,RELAYCLIENT="",SMTPD_GREETDELAY="0"
:allow

As you can see, the localhost, the internal subnet 10.0.0., and the external server's IP are allowed to use the MTA as a relay (RELAYCLIENT=""), and do not face a GREETDELAY.

All other clients are allowed to send us emails (:allow), will face a GREETDELAY specified in the qmail-smtpd run script, and are not allowed to use our MTA as a relay.

And since we want to allow ourselves to use our MTA as a remote relay, the tcp.submission rules have to be simply:

> more /home/vpopmail/etc/tcp.submission

:allow

And nobody is allowed to use the submission service (port 587) as an open relay without authentication.

Remember to generate the cdb files each time you make changes to your tcprules file:

> qmailctl cdb

Updated tcp.smtp.cdb.
Updated tcp.submission.cdb.

Comments

Greetdelay

Hello Roberto

Thanks for your job, you help many lost people, like me !

Is this line,

0.0.0.0:allow,RELAYCLIENT="",SMTPD_GREETDELAY="0" 

disable to all public internet IP, greetdelay effect ?

Is this disable greet delay, because you set to zero seconds ?

Thanks

Marco Varanda

Reply | Permalink

Greetdelay

It disables the greetdelay just for the mentioned IP 0.0.0.0 which is server's IP, because it has 0 value.

Edit: setting GREETDELAY in your tcp rules overwrites the default value in your qmail-smtpd run file

Reply | Permalink

Greetdelay

Sorry for insistence,

I think 0.0.0.0 is reference to any public IP.

In other words, if my IP try to send data before greetings, 0.0.0.0 will accept with no delay.

Am I wrong ?

- varanda

Reply | Permalink

Greetdelay

no, 0.0.0.0 is the IP of your localhost (if not sure you can google for it)

Reply | Permalink

Add a comment