[Solved: IPv4 needed] FBSD 14.0's qmail gives "sorry, that domain isn't in my list of allowed rcpthosts"

[pfster]

On roundcube, I can send mails internally, but when I try to send to an external .com, qmail tells roundcube
SMTP Error (553): Failed to add recipient "person@comcast.com" (sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)).

(I have replaced the recipient with "person".)

I have configured qmail to matches my prior, function setup (on Linux, from which I am migrating for various reasons).
ls /etc/tcp*
/etc/tcp.smtp /etc/tcp.smtp.cdb

cat /etc/tcp.smtp
127.:allow,RELAYCLIENT=""
192.168.1.:allow,RELAYCLIENT=""

netstat -na | grep 25 | head -n 1
tcp46 0 0 *.25 *.* LISTEN

ps ax | grep qmail
30872 v0- I 0:00.01 qmail-send
31310 v0- I 0:00.00 splogger qmail
31376 v0- I 0:00.00 qmail-lspawn ./Maildir/
31894 v0- I 0:00.00 qmail-rspawn
32210 v0- I 0:00.00 qmail-clean
71716 v0- I 0:00.00 /usr/local/bin/tcpserver -x /etc/tcp.smtp.cdb -R -H -u 82 -g 81 0 smtp /var/qmail/bin/qmail-smtpd

As you can see, qmail-smtpd is, or at least should be, reading /etc/tcp.smtp.cdb.

After grabbing tarpit.patch (which is missing from FBSD's distfiles directory) via
cd /usr/ports/distfiles/qmail/
wget https://notes.sagredo.eu/files/qmail/patches/tarpit.patch

I installed qmail via ports:
cd /usr/local/ports/mail
make install
My selected options follow.
┌───────────────────────────── netqmail-1.06_6 ────────────────────────────────┐
│ ┌──────────────────────────────────────────────────────────────────────────┐ │
│ │ [ ] BIG_CONCURRENCY_PATCH Use a concurrency greater than 240 │ │
│ │ [ ] BIG_TODO_PATCH Enable big_todo qmail patch │ │
│ │ [x] BLOCKEXEC_PATCH Block many windows viruses/worms │ │
│ │ [x] DISCBOUNCES_PATCH Discard double-bounces │ │
│ │ [x] DNS_CNAME Request CNAME (vs ANY for BIND 4 bug) │ │
│ │ [x] DOCS Build and/or install documentation │ │
│ │ [ ] EXTTODO_PATCH Extern high-perform. todo processing │ │
│ │ [x] LOCALTIME_PATCH Emit dates in the local timezone │ │
│ │ [ ] MAILDIRQUOTA_PATCH Maildir++ support │ │
│ │ [ ] OUTGOINGIP_PATCH Set the IP address to send messages │ │
│ │ [ ] QEXTRA Enable QUEUE_EXTRA copy feature │ │
│ │ [ ] QMTPC_PATCH Send email using qmtp protocol │ │
│ │ [x] RCDLINK Create rc.d/qmail symlink │ │
│ │ [ ] SMTP_AUTH_PATCH Provide SMTP Authentication │ │
│ │ [x] SPF_PATCH Implement SPF checker │ │
│ │ [x] TARPIT_PATCH Implement TARPIT functions │ │
│ └──────────────────────────────────────────────────────────────────────────┘ │
├──────────────────────────────────────────────────────────────────────────────┤
│ < OK > <Cancel> │
└──────────────────────────────────────────────────────────────────────────────┘

How may I have qmail-smtpd follow my rules in /etc/tcp.smtp.cdb?

 

[VladiBG]

The host (IP address) where the roundcube (email client) is located need to be allowed as RELAYCLIENT in /etc/tcp.smtp OR the user must be authenticated to be able to send to outside domain. If you want to trust the relayclient in /etc/tcp.smtp after modifiy the file you need to generate the tcp.smtp.cdb database which is the actual file used by qmail. This can be done with qmailctl cdb. Also check the file permissions of /etc/tcp.smtp.cdb (chmod 644 /etc/tcp.smtp.cdb)

Here's example for tcp.smtp:

Setting the tcprules files for qmail

notes.sagredo.eu - Linux notes - by Roberto Puzzanghera

notes.sagredo.eu

Relaying with qmail

 

[pfster]

I appreciate your quick reply. It helped me immediately.

Thanks to your statement of what I already knew (i.e. reinforcing my knowledge that what I had done is correct), I reckoned the issue was not what it seemed.
That is, it lay neither with tcp.smtp.cdb nor qmail-smtpd.

The problem turned out to be localhost resolving to IPv6 in roundcube.
When I changed
$config['smtp_host'] = 'localhost:25';
to
$config['smtp_host'] = '127.0.0.1:25';
The email sent.

My original, two lines of rules is sufficient.

I am familiar with the first link; the second, not. (I have used jms1.net's other page(s) in the distant past, though).
It seems to have some potentially useful information:
210.:deny
=:allow
:allow,RBLSMTPD="-We do not accept mail from IP addresses without reverse DNS."
Clients whose IP address starts with 210 will be denied. If they try to connect, the machine will accept their connection and then immediately close the connection without sending or receiving any data.
Clients whose IP addresses have PTR records (i.e. "reverse DNS") will be allowed to connect. No additional environment variables are set. Note that the mechanics of this check are modified by the "-p" and "-P" flags to tcpserver, see the tcpserver documentation for more information.
Other clients (i.e. those without reverse DNS) will be allowed to connect, and a variable called RBLSMTPD will be created with the value shown before the service program is started.
and
The choice of which environment variables you want to add will depend on what service program or programs you are running. For example, the RBLSMTPD variable is only useful if the rblsmtpd program is in the command line before qmail-smtpd.

I had not applied
rblsmtpd - https://cr.yp.to/ucspi-tcp/rblsmtpd.html
I will study it.

Thanks!