The default configuration of IndiMail configures the SMTP as a closed system. Hence to be able to send mails to external domains, you need to setup mechanisms for relaying.
There are many methods. Choose any of the below after studying them. I prefer 3 or 4 for security reasons.
- Have Sender's IP addresses in tcp.smtp file
- Use control file relayclients for IP addresses of clients allowed to relay mail through this host.
- Configure IndiMail to use MySQL relay table (good security). This is implemented on POP3/IMAP before SMTP
- Use authenticated SMTP (good security)
- For allowing relay to specific domains use control file relaydomains
- For allowing specific users (native addresses) use control file relaymailfrom
- NOTE: you should use 1 & 2 only if if the host having the sender's IP is under your control and you have good security policies for the host (however what is a good security can be very subjective)
Your startup script for the qmail smtp server must use the tcpserver -x file option similar to this startup line.
env - PATH="/var/indimail/bin" tcpserver -H -R -x /var/indimail/etc/tcp.smtp.cdb \
-c 20 -u 555 -g 555 0 smtp /var/indimail/bin/qmail-smtpd 2>&1
IndiMail uses -x option to tcpserver and hence you need not bother about the above line. You however need to edit /var/indimail/etc/tcp.smtp and put in lines for all static IP's that you will always want to relay access to.
The above lines will cause RELAYCLIENT environment variable to be set for localhost and all machines on the 10.1.1 class and hence allow to relay through. Remember that any user on hosts on 10.1.1 class will be able to relay mails. You many not want this. The line having 127.0.0. will allow any client on the IndiMail host to use SMTP and relay mails.
If you add any IP to tcp.smtp, you have to rebuild a cdb database tcp.smtp.cdb. You can run the following command
% sudo /var/indimail/bin/qmailctl cdb
NOTE: Remember that you are exposed to unrestricted relaying from any of the IP addresses listed in tcp.smtp
Using control file relayclients
IP addresses of clients allowed to relay mail through this host. Each address should be followed by a colon and an (optional) string that should be appended to each incoming recipient address, just as with the RELAYCLIENT environment variable. Nearly always, the optional string should be null. The filename can be overriden by the environment variable RELAYCLIENTS.
Addresses in relayclients may be wildcarded (2nd line in the example below):
Using MySQL relay table
Run the command /var/indimail/bin/clearopensmtp in the cron every 30 Minutes
By default every time who uses IndiMail's POP3 or IMAP service and authenticates, the following happens:
- On successful authentication, IMAP/POP3 daemon inserts entry into relay table, inserting email, IP address and timestamp.
- If CHECKRELAY environment variable is enabled, SMTP checks the relay table for a entry within minutes specified by the RELAY_CLEAR_MINUTES environment variable. If the entry is there, RELAYCLIENT environment variable is set, which allows relaying. At this point, the SMTP server will allow that IP to relay for 60 Mins (default)
Set up Authenticated SMTP
IndiMail also provides you authenticated SMTP providing AUTH PLAIN, AUTH LOGIN and AUTH CRAM-MD5 methods. Whenever a user successfully authenticates through SMTP, the RELAYCLIENT environment variable gets set. qmail-smtpd uses the RELAYCLIENT environment variable to allow relaying.
Unlike relaydomains native addresses should be entered. A line in relay mailfrom may be of the form @host, meaning every address at host. relaymailfrom can also be in cdb format. If relaymailfrom.cdb is present, it will be searched first.