This method only applies to the User IP address fixed situation, such as a unit has its own C-class address, and has its own local area network, the mail server is only provided to the LAN users to send and receive e-mail.
The easiest way to set your own server to be a non-open relay is to include all the domain names of your mail server (if the MX record of DNS is pointing to the machine). For example, your machine has three domain name mail.linxuaid.com.cn, mail1.linuxaid.com.cn, and linuxaid.com.cn mx points to mail.linuxaid.com.cn, then QMail rcphosts should include mail.linuxaid.com.cn, Mail1.linuxaid.com.cn and linuxaid.com.cn). This will only allow customers to connect to the server before they can send e-mail messages, instead of allowing users to forward messages over the server via MUA, and to support customers using MUA to send messages, you must allow customers to use the server to forward messages. QMAIL-SMTPD supports a selective method of ignoring rcpthosts files: If the QMAIL-SMTPD environment variable relayclient is set, the Rcpthost file will be ignored and relay will be allowed. But how do you identify a mail sender as a customer? is to determine the source IP address of the sender, if the IP address belongs to the local network, then consider the sender as their own customers.
Here you will use the UCSPI-TCP software package's TCPServer program, which functions like inetd-listening to incoming connection requests, setting various environment variables for the service to be started, and then starting the specified service. The TCPServer configuration file is/etc/tcp.smtp, which defines whether to set up relayclient environment variables for a network. For example, if the local network is a C-class address with an address of 192.168.10.0/24, the contents of the TCP.SMTP should be set as follows:
The meaning of these rules is that if the connection comes from 127.0.0.1 and 192.168.10, it allows and sets the environment variable relayclient, otherwise the connection is allowed, but the relayclient environment variable is not set. This will allow 25th connections from other places to be local, but the connection will be rejected by QMAIL-SMPTD because the environment variable is not set.
However, Tcopserver does not use/ETC/TCP.SMTP files directly, but instead needs to convert the file into a CBD file:
You should then include the following in the run file in the/SERVICE/QMAIL-SMTPD directory:
/usr/local/bin/tcpserver-v-p-x/etc/tcp.smtp.cdb
As you can see, TCPServer utilizes the/ETC/SMTP.CBD file. If you have more than one network locally, you need these networks to appear in the/etc/tcp.smtp file.
This enables local customers to relay mail and prevent relay from being abused.
Three. Methods to prevent mail relay from being abused the second method is sufficient for LAN applications, but this is not a good solution for e-mail systems like 263 or 163, because the users of these messaging systems are all over the world, So the user may send a letter from any IP connection, so it is necessary to look for other ways to limit the relay function of the messaging system to misuse.
If you use Vpopmail in a qmail system, you can use Vpopmail's specific configuration options for roaming users to prevent misuse of the relay functionality of the messaging system.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
