From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.comp.sysutils.supervision.general/1080 Path: news.gmane.org!not-for-mail From: Gerrit Pape Newsgroups: gmane.comp.sysutils.supervision.general,gmane.comp.misc.pape.general Subject: Re: correct tcprules directory? Date: Thu, 16 Mar 2006 10:56:10 +0000 Message-ID: <20060316105610.25594.qmail@b06049115fed98.315fe32.mid.smarden.org> References: NNTP-Posting-Host: main.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: sea.gmane.org 1142506555 18372 80.91.229.2 (16 Mar 2006 10:55:55 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Thu, 16 Mar 2006 10:55:55 +0000 (UTC) Original-X-From: supervision-return-1316-gcsg-supervision=m.gmane.org@list.skarnet.org Thu Mar 16 11:55:54 2006 Return-path: Envelope-to: gcsg-supervision@gmane.org Original-Received: from antah.skarnet.org ([212.85.147.14]) by ciao.gmane.org with smtp (Exim 4.43) id 1FJq8z-0002o7-DG for gcsg-supervision@gmane.org; Thu, 16 Mar 2006 11:55:49 +0100 Original-Received: (qmail 18888 invoked by uid 76); 16 Mar 2006 10:56:11 -0000 Mailing-List: contact supervision-help@list.skarnet.org; run by ezmlm List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Archive: Original-Received: (qmail 18883 invoked from network); 16 Mar 2006 10:56:10 -0000 Original-To: supervision@list.skarnet.org, misc@list.smarden.org Mail-Followup-To: misc@list.smarden.org Content-Disposition: inline In-Reply-To: Xref: news.gmane.org gmane.comp.sysutils.supervision.general:1080 gmane.comp.misc.pape.general:1083 Archived-At: On Tue, Mar 07, 2006 at 10:41:46AM -0500, Dean Hall wrote: > I just want to confirm that I'm using ipsvd-cdb correctly to run qmail, b/c > it's acting like an open relay when it shouldn't. > > I have a directory called qmail-smtpd. In it are two files: > > - 127.0.0.1 > - 192.168.1 > > The contents of both of them is identical: > > +RELAYCLIENT= > > I built the cdb file from the parent directory like this: > > # ipsvd-cdb qmail-smtpd.cdb qmail-smtpd.cdb.tmp qmail-smtpd > > I'm running qmail-smtpd like this: > > exec \ > env - PATH="$PATH" \ > envuidgid "$USER" \ > tcpsvd -p \ > -l "$HOSTNAME" \ > -x "$TCPCDB" \ > -c "$CONCURRENCY" \ > "$IP" "$PORT" \ > recordio \ > qmail-smtpd > > And $TCPCDB is set to the path of the .cdb file I created above. > > Does this look correct? If so, any ideas why qmail-smtpd is acting like an > open relay? Pristine qmail-smtpd doesn't look at the UID and GID environment variables. Unless you patched it, you probably want the -u switch to tcpsvd instead of envuidgid. Looks fine to me otherwise, try to make tcpsvd more verbose using -vv, it'll then show in the logs which instructions are applied to each connection. HTH, Gerrit.