From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-14) on finch.gentoo.org X-Spam-Level: X-Spam-Status: No, score=0.3 required=5.0 tests=DMARC_MISSING, MAILING_LIST_MULTI,RDNS_NONE autolearn=no autolearn_force=no version=4.0.0 Received: from emma.intrigue.com (unknown [205.178.22.187]) by chiba.3jane.net (Postfix) with SMTP id F038FABD54 for ; Mon, 10 Jun 2002 19:19:50 -0500 (CDT) Received: (qmail 30802 invoked by uid 1003); 11 Jun 2002 00:19:17 -0000 To: gentoo-dev From: Robert Coie Date: Mon, 10 Jun 2002 17:19:17 -0700 Message-ID: <848z5mmzui.fsf@emma.intrigue.com> User-Agent: Gnus/5.090006 (Oort Gnus v0.06) XEmacs/21.4 (Honest Recruiter, i686-pc-linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: [gentoo-dev] Split tcpserver rules for qmail SMTP/POP? Sender: gentoo-dev-admin@gentoo.org Errors-To: gentoo-dev-admin@gentoo.org X-BeenThere: gentoo-dev@gentoo.org X-Mailman-Version: 2.0.6 Precedence: bulk Reply-To: gentoo-dev@gentoo.org List-Help: List-Post: List-Subscribe: , List-Id: Gentoo Linux developer list List-Unsubscribe: , List-Archive: X-Archives-Salt: c09334c9-1c76-47d5-a014-e76d4d2a4092 X-Archives-Hash: 639581ba54ec16bff42f7cdabd0dc008 I am wondering if my situation is common enough to warrant making the default qmail installation process more complicated internally. I want incoming SMTP connections to be allowed from anywhere, but users should only be able to read mail via POP from within a smaller subset of hosts. As it is, it seems to me that the stock qmail package is using /etc/tcp.smtp.cdb for running both qmail-smtpd and qmail-pop3d. It would help me if this were split into two separate files, say /etc/tcp.smtp.cdb and /etc/tcp.pop3.cdb. The default installation could have identical contents in each, but it would then be easy for users in my situation to lock the POP daemon down without affecting the SMTP daemon as well. Of course, it's always possible to just use iptables instead of tcpserver, but it would be nice to be able to use the tcpserver functionality as well. I would be willing to make a tentative patch to the ebuild if there is sufficient interest and agreement that this would be a net positive. I have not filed a bugzilla bug, because it's a bit hard for me to call this a bug with a straight face. -- Robert Coie Implementor, Apropos Ltd.