# [qmail] smtp auth - rcpthosts - relaying.. help please

## asph

I have been using gentoo on my workstation for almost two years now, but i never ran a server myself.

Now i have to admin a dedicated server with gentoo, and i need to give mail service to my local users. I have a domain name pointing to my dedicated server.

Let's say it is example.com, and one of my users is test.

The email of this user would be test@example.com

For this simple purpose, i tought that the best way to go would be emerging qmail, which integrates pop and smtp in a simple way (i want a simple service, just pop and smtp.

I installed qmail-1.03-r13, read the qmail howto, and also life with qmail. But i can't make it work as it should.

Now my pop seems to work, the user test can connect to the pop server, identify himself and retrieve mail. He can also send emails to local users.

The problem is when he wants to send an email to a foregin email, like for example mike@hotmail.com. I get the typical "domain isn't in my list of allowed rcpthosts" (yes, i added the domain example.com to the rcpthosts file) so i thought, lets accept relaying from anyone, and set the smtp auth so only known users can connect to it, which seems a good solution to me.

But when i turn on the smtp auth nothing happens, it does not ask for any auth (i uncommented the last 4 lines of the /var/qmail/conf-smtpd file). Do i need to apply some smtp-auth patch i read about?

i have been trying to run this for 4 days now, i would really appreciate any help you can provide to help me with the smtp server. Also when i want to give email to some user i will create a local account for him, will this be enough? does smtp auth read /etc/passwd / /etc/shadow?

thanks

----------

## asph

i updated to qmail-1.03-r16 but the problem is still there.. 

i compiled with -noauthcram -notlsbeforeauth (-selinux) -ssl use flags, but i dont really understand what the two first use variables mean, could this be the problem? i connect to the smtp and it does not ask for any passwd (pop3 does correctly!)

----------

## deboeck

Hi,

in your setup, qmail will only accept e-mails when they are destined to someone@example.com. If you want your users to be able to send mail to anyone, you have to change the configuration of tcpserver.

In /etc, create a file called tcp.smtp with the following contents:

```
127.:allow,RELAYCLIENT=""

10.5.5.:allow,RELAYCLIENT=""

:allow
```

This means: the localhost (the server itself) and PC's with an IP adres in the 10.5.5. subnet are allowed to send mail to everywhere. Change the subnet to whatever you're using.

Convert the text file to cdb format:

```
# tcprules /etc/tcp.smtp.cdb /etc/tcp.smtp.tmp < /etc/tcp.smtp
```

Now make sure that tcpserver uses the cdb file (which should be the case for a default qmail install on Gentoo):

```
# ps auxww | grep tcpserver

qmaild    9691  0.0  0.1   2420   536 ?        S    Jan26   0:00 /usr/bin/tcpserver -p -v -R -x /etc/tcp.smtp.cdb -c 40 -u 201 -g 200 127.0.0.1 2525 /var/qmail/bin/qmail-smtpd
```

That should do it, you don't even need SMTP auth. If not, there's one more thing that might be causing problems. You have to make sure that ucspi-tcp is NOT compiled with ipv6 support. For some mysterious reason, the relaying doesn't work then.

To check if ucspi-tcp was compiled with ipv6 support:

```
# emerge pv ucspi-tcp

These are the packages that I would merge, in order:

Calculating dependencies ...done!

[ebuild   R   ] sys-apps/ucspi-tcp-0.88-r9  -ipv6 (-selinux) +ssl 0 kB

Total size of downloads: 0 kB
```

Hope it helps,

Steven

----------

## wschalk

Hi,

as I said in my own postings two or three days ago I am having exactly the same problems. I do have those lines in /etc/tcp.smtp and it still doesn't work. How can I enable SMTP-after-POP? Anyone able and willing to help? How do your config files look like?

Thanks a lot.

Cheers,

Werner.

----------

## deboeck

 *wschalk wrote:*   

> Hi,
> 
> as I said in my own postings two or three days ago I am having exactly the same problems. I do have those lines in /etc/tcp.smtp and it still doesn't work. How can I enable SMTP-after-POP? Anyone able and willing to help? How do your config files look like?
> 
> Thanks a lot.
> ...

 

Have you checked if ucspi-tcp was compiled with ipv6 support ? If it was, recompile it without ipv6. Regarding SMTP-after-POP, I use fetchmail for that. My /etc/fetchmailrc looks like this:

```
poll my.pop.server proto pop3 no envelope

user myusername with password mypassword is * here

forcecr
```

Replace my.pop.server with the FQDN of the mail server you're querying, myusername with your username and mypassword with your password.

If /etc/conf.d/fetchmail, you can use specify how often the POP server should be polled. Then simply:

```
# /etc/init.d/fetchmail start
```

----------

## wschalk

Hi,

well I have compiled ucspi-tcp without IPv6 support, I do know about this issue. Fetchmail is NOT a solution for me as I want to give my customers the ability to send emails after they authenticated via POP3 before...

Bye and thanks,

Werner.

----------

## asph

about the ucspi-tcp, i compiled it without ipv6:

```
sys-apps/ucspi-tcp-0.88-r9  -ipv6 (-selinux) -ssl
```

about the tcpserver, it seems to be ok, i made the changes to allow 127.0.0.1 and the lan ip and then recompiled the cdb without luck (note that qmail-1.03-r16 stores that files in /etc/tcprules.d/):

```
sp2330 ~ # ps auxww | grep tcpserver

root      6870  0.0  0.1   1416   464 ?        S    18:50   0:00 /usr/bin/tcpserver -p -v -x /etc/tcprules.d/tcp.qmail-pop3.cdb -c 40 0.0.0.0 pop3 /var/qmail/bin/qmail-popup machine1 /bin/checkpassword /var/qmail/bin/qmail-pop3d .maildir

qmaild    6881  0.0  0.1   1416   476 ?        S    18:50   0:00 /usr/bin/tcpserver -p -v -R -x /etc/tcprules.d/tcp.qmail-smtp.cdb -c 40 -u 201 -g 200 0.0.0.0 smtp /var/qmail/bin/qmail-smtpd machine1 /bin/cmd5checkpw /bin/true
```

This is why I chosed to allow everyone to relay, but i can only do that if the smtp auth works, or my server would become an open relay  :Sad: 

should i use fetchmail? i just want pop/smtp, nothing more.

I think that i just need the qmail package (and it's dependencies), right?

----------

## asph

i just found this site:

http://www.cybershade.us/freebsd/qmail/

it seems like i could use checkpasswd as the pop instead of cmd5checkpw, has anyone tried this? can i validate the password directly with the user accounts as the pop instead of using /etc/poppasswd? or this file is not even being used? thanks

*edit* i just did a little test whith telnet, and if i connect to the smtp and type "EHLO" i get this:

```
250-machine1

250-PIPELINING

250-8BITMINE

250-AUTH LOGIN PLAIN CRAM-MD5

250 SIZE 2048
```

but i can send emails without auth..

----------

## asph

after reading some more docs, i realised that the auth is like on, but its not mandatory.. how can i make the login auth not optional but mandatory in order to send emails??

i tried to remove the :allow in the /etc/tcprules.d/tcp.qmail-smtp file but it does not work, it still allows to a unidentified user to send emails. argh!

also I noticed that:

```
machine1 ~ # ps aux |grep tcpserver

root     18762  0.0  0.1   1416   464 ?        S    12:49   0:00 /usr/bin/tcpserver -p -v -x /etc/tcprules.d/tcp.qmail-pop3.cdb -c 40 0.0.0.0 pop3 /var/qmail/bin/qmail-popup machine1 /bin/checkpassword /var/qmail/bin/qmail-pop3d .maildir

qmaild   18773  0.0  0.1   1416   476 ?        S    12:49   0:00 /usr/bin/tcpserver -p -v -R -x /etc/tcprules.d/tcp.qmail-smtp.cdb -c 40 -u 201 -g 200 0.0.0.0 smtp /var/qmail/bin/qmail-smtpd machine1 /bin/cmd5checkpw /bin/true
```

is it ok that it listens in 0.0.0.0 or should i change TCPSERVER_HOST in /var/qmail/control/conf-common ? (i would say no, since pop works correctly)

anyone please?

----------

## asph

solved by installing exim, IT WORKS

----------

