Understanding smtproutes

John Simpsons qmail patch includes Tom Clegg's qmail-remote-auth.patch that allows qmail-remote to use AUTH when connecting to certain remote mail servers. The userids and passwords are set in the "smtproutes" file, after the IP[:PORT] value, separated by spaces. Here are a few examples:

domain.xxx:1.2.3.4
domain2.xxx:2.3.4.5 myusername secret
domain3.xyz:9.9.9.1:27

Basically in the first example the first domain domain.xxx is passing all mail to 1.2.3.4 without using any authentication. This is useful if your ISP blocks port 25 AND doesn't require auth.

In the second example, the domain domain2.xxx is passing mail to 2.3.4.5 and using myusername and secret for the username and password. This is useful for remote servers that require auth for sending mail.

In the last example, the domain domain3.xyz is passing mail to 9.9.9.1 on port 27. This example is good for servers not needing auth on a different port.

John has also added a security check to prevent qmail-remote from sending authentication credentials across the internet in plain text. By default (with Johns version of this patch) qmail-remote will only send the AUTH command if the STARTTLS command has already been sent in the same session. If the connection between your server and the remote server is known to be secure (i.e. through an encrypted VPN, or within a closed network) or if you care so little for security that you don't mind sending your userid and password across the internet in what amounts to plain text, you can bypass this security check by adding a "-" to the beginning of the userid in your smtproutes file (the "-" will be removed if present.)

This file should reside in /var/qmail/control and be called smtproutes. This file DOES NOT exist by default and is typically created by the user.