Monday, September 12, 2011

Understanding qmail smtp relay


Environment: datacenter network 10.0.100.0/24, qmail server ip address: 10.0.100.16
Objective: how to configure smtp relay from other ips, including those from the same network segment  and another network segment ip 10.0.104.4

How qmail smtp relay works:

1.  check configuration files /var/qmail/control/rcpthosts and /var/qmail/control/smtproutes and /etc/tcp.smtp(actually useful file is /etc/tcp.smtp.cdb, you need to generate this cdb file after changing tcp.smtp and also make sure /etc/tcp.smtp.cdb file is world readable, very important, otherwise, qmail will ignore this file and refuse relay from any other hosts except for localhost )

Important: any changes to rcpthosts, smtproutes and tcp.smtp(thereafter, run the following tcprules command to generate tcp.smtp.cdb), no need to restart qmail to take effect, qmail will read them on the fly. 

The command is :
# cd /etc/
# tcprules tcp.smtp.cdb tcp.smtp.temp < tcp.smtp
# chmod go+r tcp.smtp.cdb
2. under the following cases, qmail allows the smtp relay from other hosts:
a. the host appears in the /etc/tcp.smtp file and generated the coresponding /etc/tcp.smtp.cdb file.
for example:
127.:allow,RELAYCLIENT=""
10.0.100.:allow,TCPREMOTEHOST="",TCPREMOTEIP="",RELAYCLIENT=""
10.0.104.4:allow,TCPREMOTEHOST="",TCPREMOTEIP="",RELAYCLIENT=""
:allow
note: this will allow 10.0.100.0/24 segment and 10.0.104.4 ip to be able to relay email 
through this qmail server
b. if the smtp client ip does not appear in above tcp.smtp file, then alternative way is 
to add the recipient domain in the /var/qmail/control/rcpthosts.
for example: the following is the content of the file /var/qmail/control/rcpthosts
 
domain1.com
domain2.com

note: when you add any domain to above file, qmail will be using the new configuration on the fly. Although the smtp client ip is not inside the database file /etc/tcp.smtp.cdb, as long as the recipient email domain part appears in above rcpthosts file, the smtp relay is allowed.

c.  only after the smtp relay is allowed, you can decide which email gateway will be forwarded to for the specified domain, this can be configured in /var/qmail/control/smtproutes.

for example:

:10.0.100.1
domain1.com:10.0.100.14
domain2.com:10.0.100.15

note:  for different domain, the email will be sent to the different ip, for any other domains, will be sent to 10.0.100.1.


How to stop/start qmail:

You can vi /etc/inittab to comment out the svscanboot line, then run 'init q' to take effect, after that, vi /etc/inittab to uncomment it then run 'init q' again.