Controlling relay in qmail

Hi

i had configured qmail,qmail pop3d ,vpopmail and sqwebmail on a redhat 8.0 linux system,

my problem is even as it mentioned in rcpthosts file that only my virtual domains need to send mails everyone is able to relay mails using it which is a serious security threat.

i didn't used the smtpauth module while configuring the mail server ,

even using telnet on port 25 i can able to send mails

How can i control the relay and supress the
sending mails using the telnet

Thanks in advance
Prashant

OK

This makes no sense at all. If you list only your domains in rcpthosts, then only mail from those domains will be accepted. Exception: the RELAYCLIENT environmental variable set by /etc/tcp.smtp.cdb or another method, will allow certain clients to relay. You haven't provided any information (such as the contents of /etc/tcp.smtp or the output of /var/qmail/bin/qmail-showctl), so it's impossible to tell what you're getting upset about.

To whom can you send mails, and why does this cause you concern?

Without more information about your server configuration and why you're concerned, it's impossible to answer this question.

Summary:

Provide the full, unedited contents of:

/etc/tcp.smtp
/var/qmail/supervise/qmail-smtpd/run


Provide the full, unedited output of:

/var/qmail/bin/qmail-showctl

Hi there my /var/qmail/supervise/qmail-smtpd/run look like this

#!/bin/sh

QMAILDUID=`id -u qmaild`
NOFILESGID=`id -g qmaild`

MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
LOCAL=`head -1 /var/qmail/control/me`

if [ -z "QMAILDUID" -o -z "$NOFILESGID" -o -z $MAXSMTPD" -o -z "$LOCAL" ];
then
echo QMAILDUDID, NOFILESGID, MAXSMTPD, or LOCAL is unset in
echo /var/qmail/supervise/qmail-smtpd/run
exit 1

fi

if [ ! -f /var/qmail/control/rcpthosts ]; then
echo "No /var/qmail/control/rcpthosts! "
echo "Refusing to start SMTP listener because it'll create an open
relay"
exit 1
fi

exec /usr/local/bin/softlimit -m 2000000 \
/usr/local/bin/tcpserver -v -R -l "$LOCAL" -x /etc/tcp.smtp.cdb -c
"$MAXSMTPD" \
-u "QMAILDUID" -g "$NOFILESGID" 0 smtp /var/qmail/bin/qmail-smtpd
2>&1


The output of qmail-showctl is here

./qmail-showctl
qmail home directory: /var/qmail.
user-ext delimiter: -.
paternalism (in decimal): 2.
silent concurrency limit: 120.
subdirectory split: 23.
user ids: 501, 502, 503, 0, 504, 505, 506, 507.
group ids: 501, 502.

badmailfrom: (Default.) Any MAIL FROM is allowed.
bouncefrom: (Default.) Bounce user name is MAILER-DAEMON.
bouncehost: (Default.) Bounce host name is merlin.brilliant-it.com.
concurrencylocal: (Default.) Local concurrency is 10.
concurrencyremote: (Default.) Remote concurrency is 20.
databytes: (Default.) SMTP DATA limit is 0 bytes.
defaultdomain: Default domain name is brilliant-it.com.
defaulthost: (Default.) Default host name is merlin.brilliant-it.com.
doublebouncehost: (Default.) 2B recipient host: merlin.brilliant-it.com.
doublebounceto: (Default.) 2B recipient user: postmaster.
envnoathost: (Default.) Presumed domain name is merlin.brilliant-it.com.
helohost: (Default.) SMTP client HELO host name is merlin.brilliant-it.com.
idhost: (Default.) Message-ID host name is merlin.brilliant-it.com.
localiphost: (Default.) Local IP address becomes merlin.brilliant-it.com.
locals:
Messages for merlin.brilliant-it.com are delivered locally.
me: My name is merlin.brilliant-it.com.
percenthack: (Default.) The percent hack is not allowed.
plusdomain: Plus domain name is brilliant-it.com.
qmqpservers: (Default.) No QMQP servers.
queuelifetime: (Default.) Message lifetime in the queue is 604800 seconds.

rcpthosts:
SMTP clients may send messages to recipients at pra.com.
SMTP clients may send messages to recipients at brilliant-it.com.

morercpthosts: (Default.) No effect.
morercpthosts.cdb: (Default.) No effect.
smtpgreeting: (Default.) SMTP greeting: 220 merlin.brilliant-it.com.
smtproutes: (Default.) No artificial SMTP routes.
timeoutconnect: (Default.) SMTP client connection timeout is 60 seconds.
timeoutremote: (Default.) SMTP client data timeout is 1200 seconds.
timeoutsmtpd: (Default.) SMTP server data timeout is 1200 seconds.
virtualdomains:
Virtual domain: pra.comra.com
Virtual domain: brilliant-it.com:brilliant-it.com

defaultdelivery: I have no idea what this file does.
concurrencyincoming: I have no idea what this file does.
rcpthosts.lock: I have no idea what this file does.
virtualdomains.lock: I have no idea what this file does.
locals.lock: I have no idea what this file does.


/etc/tcp.smtp
127.:allow,RELAYCLIENT=""

/var/qmail/control/rcpthosts
pra.com
brilliant-it.com

Your configuration looks fine. Now, what were you concerned about?