Version 3.1.1 of relay-ctrl is now available at: http://untroubled.org/relay-ctrl/ ------------------------------------------------------------------------------ Changes in version 3.1.1 - Fixed the obvious bugs in relay-ctrl-udp (it didn't send an acknowledgement packet, among other things). - Modified relay-ctrl-chdir to dup the opened directory file descriptor to the highest possible slot, to work around programs that close opened file descriptors (ie various Courier programs). Development of this version has been sponsored by FutureQuest, Inc. ossi@FutureQuest.net http://www.FutureQuest.net/ ------------------------------------------------------------------------------- relay-ctrl SMTP Relaying Control for qmail & tcpserver Bruce Guenter Version 3.1.1 2002-04-26 This set of programs controls access to relaying for users that authenticate using either POP3 using the qmail-popup/qmail-pop3d or pop3front servers, or IMAP using Courier IMAP. A mailing list has been set up to discuss this and other packages. To subscribe, send an email to: bgware-subscribe@lists.em.ca A mailing list archive is available at: http://lists.em.ca/?list=bgware Development versions of relay-ctrl are available via anonymous CVS. Set your CVSROOT to ":pserver:cvs@bruce-guenter.dyndns.org:/CVS", login with an empty password, and check out the "relay-ctrl" module. Requirements: - You must be using either qmail-popup/qmail-pop3d or pop3front with either tcpserver or tcp-env to serve POP3 OR - You must be using Courier IMAP to serve IMAP. - You must be using tcpserver with qmail-smtpd or smtpfront to serve SMTP. How to install: - Check the definitions in the conf-* files. - Run "make" - As root, run "./installer" How to configure it for use: - Make sure the configuration defaults are appropriate for your system. See the man pages. - Create the /var/spool/relay-ctrl/allow directory (or wherever you want the files to go). Set the permissions on /var/spool/relay-ctrl to mode 700 (writeable only to root), and /var/spool/relay-ctrl/allow to mode 777 (world writeable) - Create the /etc/relay-ctrl directory (or wherever you want the configuration to go) - Put "/var/spool/relay-ctrl/allow" into the first line of "RELAY_CTRL_DIR" in the above configuration directory. - If you want to have a fixup address (see the qmail FAQ) inserted into the RELAYCLIENT setting, put it into the first line of "RELAY_CTRL_RELAYCLIENT" in the configuration directory: :allow,RELAYCLIENT='@fixup' - Add the following line to a file in /etc/cron.d. This assumes a recent version of vixie cron. Other versions of cron may use different syntax, and you may need to edit root's crontab. * * * * * root envdir /etc/relay-ctrl /usr/sbin/relay-ctrl-age This step is optional, as relay-ctrl-check will delete and ignore old IP files. - Modify your qmail-smtpd run file from: tcpserver ... qmail-smtpd to: envdir /etc/relay-ctrl \ relay-ctrl-chdir \ tcpserver ... relay-ctrl-check qmail-smtpd How to use with qmail-pop3d: - Change your run file from: tcpserver ... qmail-popup hostname checkpassword \ qmail-pop3d to: envdir /etc/relay-ctrl \ relay-ctrl-chdir \ tcpserver ... qmail-popup hostname checkpassword \ relay-ctrl-allow \ qmail-pop3d How to use with pop3front - Change your run file from: tcpserver ... pop3front-auth cvm pop3front-maildir to: envdir /etc/relay-ctrl \ relay-ctrl-chdir \ tcpserver ... pop3front-auth cvm \ relay-ctrl-allow \ pop3front-maildir How to use with Courier IMAP: - Make a symlink in /usr/lib/courier-imap/libexec/authlib to /usr/sbin/relay-ctrl-allow. - Insert the command relay-ctrl-allow at the end of the list of authentication modules (AUTHMODULES) in /usr/lib/courier-imap/etc/imapd. - You also need to modify the run file to execute "envdir /etc/relay-ctrl relay-ctrl-chdir" before starting imaplogin, and I'm unsure where this needs to go. It may also work to put the above command string before couriertcpd instead of before imaplogin, which is slightly more efficient. This program is Copyright(C) 1999-2002 Bruce Guenter, and may be copied according to the GNU GENERAL PUBLIC LICENSE (GPL) Version 2 or a later version. A copy of this license is included with this package. This package comes with no warranty of any kind.