Version 3.2 of relay-ctrl is now available at: http://untroubled.org/relay-ctrl/ ------------------------------------------------------------------------------ Changes in version 3.2 - Updated for bglibs v2. - Fixed the authenticated test when used with Courier IMAP. - Tweaked relay-ctrl-allow to only try to save a handle to the current working directory if it's going to execute another command later. - Added support for logging environment settings in relay-ctrl-check. Development of this version has been sponsored by FutureQuest, Inc. ossi@FutureQuest.net http://www.FutureQuest.net/ ------------------------------------------------------------------------------- relay-ctrl SMTP Relaying Control for qmail & tcpserver Bruce Guenter Version 3.2 2015-05-12 This set of programs controls access to relaying for users that authenticate using either POP3 using the qmail-popup/qmail-pop3d or pop3front servers, or IMAP using Courier IMAP. A mailing list has been set up to discuss this and other packages. To subscribe, send an email to: bgware-subscribe@lists.untroubled.org A mailing list archive is available at: http://lists.untroubled.org/?list=bgware Development versions of relay-ctrl are available at: https://github.com/bruceg/relay-ctrl Requirements: - This package depends on bglibs version 2.0 or later. - You must be using either qmail-popup/qmail-pop3d or pop3front with either tcpserver or tcp-env to serve POP3 OR - You must be using Courier IMAP to serve IMAP. - You must be using tcpserver with qmail-smtpd or smtpfront to serve SMTP. How to install: - Check the definitions in the conf-* files. - Run "make" - As root, run "make install" How to configure it for use: - Make sure the configuration defaults are appropriate for your system. See the man pages. - Create the /var/spool/relay-ctrl/allow directory (or wherever you want the files to go). Set the permissions on /var/spool/relay-ctrl to mode 700 (writeable only to root), and /var/spool/relay-ctrl/allow to mode 777 (world writeable) - Create the /etc/relay-ctrl directory (or wherever you want the configuration to go) - Put "/var/spool/relay-ctrl/allow" into the first line of "RELAY_CTRL_DIR" in the above configuration directory. - If you want to have a fixup address (see the qmail FAQ) inserted into the RELAYCLIENT setting, put it into the first line of "RELAY_CTRL_RELAYCLIENT" in the configuration directory: :allow,RELAYCLIENT='@fixup' - Add the following line to a file in /etc/cron.d. This assumes a recent version of vixie cron. Other versions of cron may use different syntax, and you may need to edit root's crontab. * * * * * root envdir /etc/relay-ctrl /usr/sbin/relay-ctrl-age This step is optional, as relay-ctrl-check will delete and ignore old IP files. - Modify your qmail-smtpd run file from: tcpserver ... qmail-smtpd to: envdir /etc/relay-ctrl \ relay-ctrl-chdir \ tcpserver ... relay-ctrl-check qmail-smtpd How to use with qmail-pop3d: - Change your run file from: tcpserver ... qmail-popup hostname checkpassword \ qmail-pop3d to: envdir /etc/relay-ctrl \ relay-ctrl-chdir \ tcpserver ... qmail-popup hostname checkpassword \ relay-ctrl-allow \ qmail-pop3d How to use with pop3front - Change your run file from: tcpserver ... pop3front-auth cvm pop3front-maildir to: envdir /etc/relay-ctrl \ relay-ctrl-chdir \ tcpserver ... pop3front-auth cvm \ relay-ctrl-allow \ pop3front-maildir How to use with Courier IMAP: - Make a symlink in /usr/lib/courier-imap/libexec/authlib to /usr/sbin/relay-ctrl-allow. - Insert the command relay-ctrl-allow at the end of the list of authentication modules (AUTHMODULES) in /usr/lib/courier-imap/etc/imapd. - You also need to modify the run file to execute "envdir /etc/relay-ctrl relay-ctrl-chdir" before starting imaplogin, and I'm unsure where this needs to go. It may also work to put the above command string before couriertcpd instead of before imaplogin, which is slightly more efficient. This program is Copyright(C) 1999-2015 Bruce Guenter, and may be copied according to the GNU GENERAL PUBLIC LICENSE (GPL) Version 2 or a later version. A copy of this license is included with this package. This package comes with no warranty of any kind.