Regarding Qmail's xinetd configuration on BLFS 1.0

Carl Menezes carleeto at fastmail.fm
Wed Jun 4 16:55:45 PDT 2003


Hi All,

This is what the BLFS 1.0 book says about running qmail under xinetd :

cat >> /etc/xinetd.conf << "EOF"
service smtp
{
    disable = no
    identifier              = smtp-local
    socket_type             = stream
    protocol                = tcp
    wait                    = no
    user                    = qmaild
    server                  = /var/qmail/bin/tcp-env
    server_args             = /var/qmail/bin/qmail-smtpd
    env                     = RELAYCLIENT=
    only_from               = 127.0.0.1
    log_on_failture         += USERID
}
EOF

Now, when I used this, qmail refused to accept connections from outside.
That was when somebody recommended I remove the only_from line, which I did
and it worked perfectly. So at that point, this was my xinetd qmail config:

service smtp
{
    disable = no
    identifier              = smtp-local
    socket_type             = stream
    protocol                = tcp
    wait                    = no
    user                    = qmaild
    server                  = /var/qmail/bin/tcp-env
    server_args             = /var/qmail/bin/qmail-smtpd
    env                     = RELAYCLIENT=
    log_on_failture         += USERID
}

However, what happened was that since the RELAYCLIENT environment variable
was set, qmail was now acting like an open relay and was happily relaying 
messages all over the place. Several open relay test websites also
confirmed it was an open relay.

After a lot of searching and reading up, I removed the env line from my
xinetd.conf :

service smtp
{
    disable = no
    identifier              = smtp-local
    socket_type             = stream
    protocol                = tcp
    wait                    = no
    user                    = qmaild
    server                  = /var/qmail/bin/tcp-env
    server_args             = /var/qmail/bin/qmail-smtpd
    log_on_failture         += USERID
}

On restarting xinetd, qmail no longer relayed mails. Tests from open relay
websites also confirmed that it was no longer an open relay.

So I have this suggestion :

Why not remove the RELAYCLIENT line from the default xinetd qmail section
and instead add a note explaining when it's needed? It would prevent
problems like the one I had and the last thing we need is more open relays
for spam.

Thanks,
Carl
-- 
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe blfs-book' in the subject header of the message



More information about the blfs-book mailing list