Hi Eric
Fritz bounced this to me as the originator of listenport2.
The original theory was to connect the link to an auth-only port already
supported by the MTA eg 587/tcp aka submit, and of course the disconnect
code would be built in to the MTA... Such an MTA behaves by responding
530 5.7.0 Authentication required
to MAIL FROM before AUTH, so this is where to intercept. We also want to
do it immediatly without possibly changing the state of the system
otherwise, so that the whole system behaves respectiong our rejection of
the Mail From command, and ASSP does not need to abort the link, as it will
all happen within the protocol.
NB Fritz, the patch you've put in already 1.2.6(39/40) is unlikely to
behave correctly in this regard
Inline (also attached):
--- assp.opl 2006-11-25 16:14:31.905045580 +0000
+++ assp.pl 2006-11-25 16:55:21.859237262 +0000
@@ -2972,8 +2972,13 @@
$this->{rcvd}=headerWrap($this->{rcvd}); # wrap long lines
} elsif($l=~/mail from:\s*<?([EMAIL PROTECTED]|\s*)>?/io) {
my $fr=$1;
+ stateReset($fh); # reset everything
+ if($this->{localport} == $listenPort2 && $smtpAuthServer ne '' &&
!($this->{relayok}) ) {
+ sendque($fh,"530 5.7.0 Authentication required\r\n");
+ mlog($fh,"$fr submit without AUTH");
+ return;
+ }
- stateReset($fh); # reset everything
$this->{mailfrom}=$fr;
my $mf =lc $this->{mailfrom};
The logic about modifing for smtpAuthServerAuthConnectionsOnly is confusing
-- that test should
A not exist as described, and
B if it does, it only applies to prevent attempts to AUTH on port 25 (which
we're not currently trapping --- we only look for the 235 response code
from the server) I think the description is complex, and the functionality
you mean is
[EnforceAuth,"Enforce AUTH before MAIL FROM when connecting to second SMTP
port",0,checkbox,0,'(.*)',undef,
'Handle AUTH before MAIL From on the submit port for MTAs which fail to
enforce the requirement. Requires "Another Listen Port" and "SMTP Auth
Destination". Otherwise does nothing.'],
You still need an MTA that's going to reply 235 to your AUTH request though
Andrew
Eric wrote:
Actually, after playing around with it some more, I realized I was looking
in the wrong place.
Fritz - can you determine if something like this would be okay? I
inserted
the following at line 3190 in 1.2.6 build 38 to read the following:
if( ($this->{localport} == $listenPort2 && $smtpAuthServer ne '' ) &&
!($this->{relayok}) ) {
sendque($fh, "You must be authenticated to send mail via this
port.\r\n");
mlog($fh,"must first be authenticated to send email via this port
$listenPort2.");
return;
}
to disable sending mail via listenPort2 without being authenticated. I
guess one could also add statistics, etc, but I was just trying to get
something quick up and running.
The next step would be to add a user parameter to enable/disable this. So
I
added the following to line 106:
[smtpAuthServerAuthConnectionsOnly,'Allow AUTH connections to SMTP Auth
Destination ONLY',0,checkbox,0,'(.*)',undef,
'Only allows authenticated connections to send mail through the SMTP Auth
Destination. Requires "Another Listen Port" and "SMTP Auth Destination".
Otherwise does nothing.'],
Finally, the new if statement gets modified to take use
smtpAuthServerAuthConnectionsOnly. Ex: if(
$smtpAuthServerAuthConnectionsOnly && .... )
Does that sound reasonable / okay?
Thanks!
Eric
--
Andrew Macpherson,
OA5.com Ltd. The Red Lion #5. Much Hadham. Herts SG10 6DD. GB
Phone +44 1279 843147 GSM +44 78999 61797 Fax +44 7092 052800
http://www.oa5.com/ OA5 is a member of ISPA-UK
--- assp.opl 2006-11-25 16:14:31.905045580 +0000
+++ assp.pl 2006-11-25 16:55:21.859237262 +0000
@@ -2972,8 +2972,13 @@
$this->{rcvd}=headerWrap($this->{rcvd}); # wrap long lines
} elsif($l=~/mail from:\s*<?([EMAIL PROTECTED]|\s*)>?/io) {
my $fr=$1;
+ stateReset($fh); # reset everything
+ if($this->{localport} == $listenPort2 && $smtpAuthServer ne '' &&
!($this->{relayok}) ) {
+ sendque($fh,"530 5.7.0 Authentication required\r\n");
+ mlog($fh,"$fr submit without AUTH");
+ return;
+ }
- stateReset($fh); # reset everything
$this->{mailfrom}=$fr;
my $mf =lc $this->{mailfrom};
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Assp-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-user
