# Qmail and SMTP-AUTH

## venom

Hi everyone,

I'm trying to set up a mailing system on qmail,vpopmail and popa3d. Everything works ok - I can send and receive mails, but I've got problems with smtp authentication.

I read article from gentoo documentation about qmail (http://www.gentoo.org/doc/en/qmail-howto.xml) and if I understand everything as I should, with following /var/qmail/control/conf-smtpd file I must have in my mail client (in my case sylpheed-claws) SMTP-AUTH (login+passwd) enabled to send e-mails:

 *Quote:*   

> 
> 
> TCPSERVER_OPTS="${TCPSERVER_OPTS} -R"
> 
> QMAIL_SMTP_CHECKPASSWORD=/var/vpopmail/bin/vchkpw
> ...

 

- only this lines I have without a comment (#) in conf-smtpd file.

But... it doesn't work. I can send e-mails without smtp autentication... :/

So how to turn it on? I read posts on this forum, but solutions doesn't seem to be proper ;|

[Sorry for my English, I hope so, that you understand everything, what I wrote here  :Smile: ]

----------

## mobiusproject

 *venom wrote:*   

> Hi everyone,
> 
> I'm trying to set up a mailing system on qmail,vpopmail and popa3d. Everything works ok - I can send and receive mails, but I've got problems with smtp authentication.
> 
> I read article from gentoo documentation about qmail (http://www.gentoo.org/doc/en/qmail-howto.xml) and if I understand everything as I should, with following /var/qmail/control/conf-smtpd file I must have in my mail client (in my case sylpheed-claws) SMTP-AUTH (login+passwd) enabled to send e-mails:
> ...

 

Your /var/qmail/control/conf-smtpd as of r16 should actually look like:

```
TCPSERVER_OPTS="${TCPSERVER_OPTS} -R"

QMAIL_SMTP_CHECKPASSWORD="/var/vpopmail/bin/vchkpw"

[[ -n "${QMAIL_SMTP_CHECKPASSWORD}" ]] && {

        [[ -z "${QMAIL_SMTP_POST}" ]] && QMAIL_SMTP_POST=/bin/true

        QMAIL_SMTP_POST="${QMAIL_SMTP_CHECKPASSWORD} ${QMAIL_SMTP_POST}"

}
```

Your /etc/tcprules.d/tcp.qmail-smtp should look like:

```
127.0.0.1:allow,RELAYCLIENT="",RBLSMTPD="",QMAILQUEUE="/var/qmail/bin/qmail-queue"

:allow,QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue"
```

If you can send e-mail without authentication from machines other than the machine that the actual mailserver is on you probably have a line that is just ":allow" in your tcp.qmail-smtp file.  This sets up an open relay which is a very bad thing because then anyone can send e-mail through your box.

I would also really look at HOWTO: qmail vpopmail courier-imap qmail-scanner (09/2005) and post there if you are still having this problem.  Thats where most of the questions about qmail are.

----------

## fidel

Hi there!

I can't find a difference in the config file /var/qmail/control/conf-smtpd of mobiusproject and venom... 

I ran into the exact same problem! The thing is, you need to make clear who is connecting to the smtp server. I got smtp-auth (with login) working on my box with the following entry in the configuration file /var/qmail/control/conf-smtpd:

```

QMAIL_SMTP_AUTHHOST=$(<${QMAIL_CONTROLDIR}/me)

QMAIL_SMTP_CHECKPASSWORD="/var/vpopmail/bin/vchkpw"

QMAIL_SMTP_POST="${QMAIL_SMTP_AUTHHOST} ${QMAIL_SMTP_CHECKPASSWORD} ${QMAIL_SMTP_POST}"

[[ -n "${QMAIL_SMTP_CHECKPASSWORD}" ]] && {

        [[ -z "${QMAIL_SMTP_POST}" ]] && QMAIL_SMTP_POST=/bin/true

        QMAIL_SMTP_POST="${QMAIL_SMTP_CHECKPASSWORD} ${QMAIL_SMTP_POST}"

}
```

Again, the lines below are the same as in your configs as I can see, just have a look at the top three ones 

 *mobiusproject wrote:*   

> If you can send e-mail without authentication from machines other than the machine that the actual mailserver is on you probably have a line that is just ":allow" in your tcp.qmail-smtp file. This sets up an open relay which is a very bad thing because then anyone can send e-mail through your box.

 

Oh daddy, really make sure you don't provide an open relay to the net! But as far as I know (this isn't much though, please correct me if I am wrong!), for making it possible to relay it needs to be specified, a single line ":allow" at the end doesn't make your server an open relay. Herefore you'd need entries like:

```
127.0.0.1:allow,RELAYCLIENT="",RBLSMTPD="",QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue"
```

In that case all mails from localhost are scanned by qmail-scanner, rbl checks though are not done (doesn't make much sense from localhost  :Wink:  ) and there is no authentification, just simple relaying --> RELAYCLIENT=""

Actually, a single line like:

```
:allow,QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue"
```

at the end of that file (would be a catchall rule) makes your server "secure", anybody not listed above is allowed to make connections to your smtp server (authentificated ones) and everything would be scanned through qmail-scanner.

So in any case, only provide this entry (RELAYCLIENT="") to the IP Adresses you really know of, that they are allowed to relay! If you need relaying at all, you can make your mail client authentificate against the server with ease, you'd only need to enter your password once, afterwards it gets saved...

Hope that helps.

Greets

fidel

----------

## mobiusproject

 *fidel wrote:*   

> I can't find a difference in the config file /var/qmail/control/conf-smtpd of mobiusproject and venom...

 

Hahaha, thats absolutely right.  When I first looked at venom's conf-smtpd it looked like my memory of r15's config file though it is the same as mine.  Shows that I should probably look closer before I try to help people.  Well, it happens...  Thanks for pointing that out to me fidel.

----------

## fidel

Hrhr, can happen!  :Wink: 

I forgot to mention, in order to get smtp-auth running, the clients need TLS enabled (for sending). I'm curious if venom got it running that way...

greets

fidel

----------

