[prev in list] [next in list] [prev in thread] [next in thread] 

List:       qmail-ldap
Subject:    =?utf-8?Q?Re:_AUTHed_smtp_USER+BADRCPTTO=3DDENY=2C_why=3F?=
From:       "Tomas Kuliavas" <tokul () users ! sourceforge ! net>
Date:       2010-09-02 14:19:45
Message-ID: 44357.4e3f1be3.1283437185.nsm () avilys ! eik ! lt
[Download RAW message or body]

2010.09.02 16:00 Gennady G. Marchenko rašė:
>   02.09.2010 13:33, Tomas Kuliavas пишет:
>> 2010.09.02 11:23 Gennady G. Marchenko rašė:
>>>    Hello guys.
>>>
>>> There is a problem with badrcptto file. If I put in it some address,
>>> then user who successfuly did smtp auth can't send mail to it. Why? As
>>> I
>>> know, after user authed over smtp - RELAYCLIENT env will set. Does it?
>> RELAYCLIENT does not bypass badrcptto restrictions. Nothing in
>> qmail-ldap
>> install docs says that it does. This option does not implement all
>> features of qmail's qregex patch.
>>
> Thanks for answer, Tomas
>
> hm... here:
> http://www.mail-archive.com/qmail-ldap@argus.pipeline.ch/msg02803.html
>
>   I found the answer from Claudio Jeker, he said that
>
> "2. if you are sending form a relay client (RELAYCLIENT set) no
> badrcptto check is done."
>
> and the reporter answered that it's true:
>
>
> "Aha, this is it. I have a passthrough sendmail on my firewall that is a
> match for RELAYCLIENT so badrcptto will never work in my setup. "
>
> Claudio said:
>
> "You could disable RELAYCLIENT for the gateway sendmail or patch
> qmail-smtpd.c to always check badrcptto"
>
> So, where was my mistake?

You look at message from 2002 and use patch from 2006. If I understand C
code in qmail-ldap-1.03-20060201.patch.gz correctly, badrcptto checks
don't depend on relay client. In void smtp_rcpt they are done before
if(relayclient). Code was moved between 20011101 and 20020501 patches.
Older qmail-ldap versions allowed relayed client to bypass badrcptto
restrictions although it was never documented in QLDAPINSTALL.

-- 
Tomas

[prev in list] [next in list] [prev in thread] [next in thread]