[nos-bbs] relaying denied

Maiko Langelaar maiko at pcs.mb.ca
Sat Mar 31 12:56:41 EDT 2018


Michael was asking about deny relay (SDRE), not the smtp
gateway stuff (SWG_EXCEPTIONS), although there is shared
code.

Probably somewhere in there I used the 'wrong function', I
will look at some point.

Maiko

On Sat, 31 Mar 2018, Gustavo Ponza wrote:

> Hi Maiko,
>
> actually this matter, as per my knowledge was almost
> well documented in the past as per the following note:
> have you changed something?
>
> 9) New SMTP gateway options, the old way just didn't work for alot of people,
>   it would first try to deliver direct to a host, then to MX if enabled, and
>   finally to an smtp gateway (as a last resort) if you have one configured.
>
>   COMPILE : Make sure '#define SGW_EXCEPTIONS' exists in your config.h file.
>
>   Two (2) new subcommands have been added to the smtp gateway syntax :
>
>       smtp ga mode [original|force|first|last]
>
>        smtp ga exception add ip mask
>        smtp ga exception delete ip mask
>        smtp ga exception  (to list)
>
>   The original way to define the gateway has not changed :
>
>       smtp ga [A.B.C.D | none]
>
>   If mode is not configured, then JNOS will function the old way.
>
>    The 'force' mode sends ALL smtp requests direct to the gateway,
>    nothing is sent direct to a host, and no MX records are tried.
>
>    The 'first' mode does the same, but allows for exceptions, of
>    which are configured using the 'smtp ga exception' subcommand.
>
>    Exceptions basically follow the old way, BUT the gateway will
>    not be attempted as a last resort if all else fails.
>
>    Why have a 'force' ? Perhaps you are running 'first' with a
>    list of exceptions, and for some reason you need to force all
>    traffic to a gateway without having to reconfigure everything.
>
>    The 'last' option does not do anything, and 'original' simply
>    switches back to old way - I doubt anyone will use those two.
>
>   Example (this is what I am currently running on my system) :
>
>    smtp ga A.B.C.D
>
>    smtp t4 60          # 1 minute timeout
>
>    smtp ga mode first
>
>     # send everything to gateway except 44 stations, they go direct
>     smtp ga exception add 44.0.0.0 0xff000000
>
>     # other exceptions (examples) - you can have as many as you want
>     smtp ga exception add E.F.G.0  0xffffff00
>     smtp ga exception add X.Y.Z.Z  0xffffffff
>
>    Alot of this functionality actually comes from the 'SMTP Deny Relay
>    Exceptions' code (SDRE), which I wrote some time ago. I was able to
>    use the same code for this enhancement (with some restructing).
>
>
> 73 and ciao, gus i0ojj/ir0aab
>
> On 03/30/2018 11:39 PM, Maiko Langelaar wrote:
>>
>>  Oh dear, it would seem that I did not document this at all, it was written
>>  originally because I got tired of not being able to reply to my emails
>>  using
>>  email clients outside my JNOS subnet, from this little note in smtpserv.c
>>  :
>>
>>    * 17Sep2008, Maiko (VE4KLM), By default we will deny SMTP relay, however
>>    * there may be outside subnets that we want to allow for. For example, I
>>    * use my Thunderbird email client at work to check my JNOS system for
>>   new
>>    * mail. It would be nice if I could reply to those systems outside my
>>  JNOS
>>    * box, but the existing SMTP_DENY_RELAY code prevents that. So, this new
>>    * code allows me to create an SDR exception list (ip/netmask) to allow.
>>
>>  I will need to make sure it's documented, here it is 'now' (very sorry) :
>>
>>      #define SMTP_DENY_RELAY
>>      #define SDR_EXCEPTION
>>
>>     rm smtpserv.o smtpcli.o version.o ; make
>>
>>  here are a couple of examples to put into autoexec.nos :
>>
>>    smtp relay add 1.2.3.4 0xffffffff
>>
>>    smtp relay add 192.168.100.0 0xffffff00
>>
>>  IF you have a box outside of your JNOS subnet, and you want to be able
>>  to send mail via JNOS then you need to add entries similar to the above,
>>  for instance from work, I wanted to be able to read and send to my JNOS
>>  using thunderbird, completely different network. The top one obviously
>>  is an entry for a single IP (netmask 255.255.255.255), the one below is
>>  for any IP on 192.168.100 (old class C I guess) subnet.
>>
>>  Reminds me, years ago I could have sworn the syntax was 255.255.255.0,
>>  but I find I've had to use hexidecimal instead (maybe I switched to an
>>  incorrect function parsing this, don't remember), 0xffffff00 instead.
>>
>>  On Tue, 27 Mar 2018, Michael Fox - N6MEF wrote:
>> 
>> >  I’m getting “relaying denied” when I send to any address in the cc: 
>> >  list.
>>
>>  Maiko
> _______________________________________________
> nos-bbs mailing list
> nos-bbs at tapr.org
> http://www.tapr.org/mailman/listinfo/nos-bbs
>
>


More information about the nos-bbs mailing list