Lindsay Haisley writes:
On Fri, 2007-08-24 at 17:58 -0400, Sam Varshavchik wrote:> I'd also like to have the option to drop SMTP connections outside of the > LAN for which the IP address of the connecting host has no PTR record > and won't reverse resolve to a name. Is there any way to do this in > Courier?No, not directly. The only thing you can do is to take the qmail approach, and have couriertcpd invoke your wrapper, that checks TCPREMOTEIP and TCPREMOTEHOST, and the invokes courieresmtpd itself.In Gentoo's build of courier, the stock invocation of courieresmtpdlooks like this./usr/sbin/couriertcpd [logger, pid and other options] [block options] -access=/etc/courier/smtpaccess.dat -address=0 465 /usr/bin/couriertls -server -tcpd /usr/sbin/courieresmtpd Do I need to insert a wrapper of some sort in here? Are there any instructions, examples or prototypes available?
There are no specific examples, but it works just like similar qmail-based setups. After parsing couriertcpd's options, the remaining arguments form the command courietcpd runs after establishing a connection, specifically: "/usr/bin/couriertls -server -tcpd /usr/sbin/courieresmtpd". When couriertls starts, after parsing its options the remaining argument forms the command couriertls runs, specifically "/usr/sbin/courieresmtpd".
You would want to replace the last argument with your own wrapper: /usr/local/sbin/esmtpdwrapper, an executable shell script, that might do something like this:
#! /bin/sh
if test "$TCPREMOTEHOST" = ""
then
exit 0
fi
exec /usr/sbin/courieresmtpd
So, connections without a hostname in TCPREMOTEHOST get dropped right away,
everyone else runs courieresmtpd, as usual. Read "ENVIRONMENT VARIABLES" in
couriertcpd's man page for a list of environment variables you can use. Your
wrapper inherits the environment all the way from couriertcpd. You said you
don't want to require valid reverse DNS from some IP address ranges, so
you'll need to tweak this logic.
pgp4VfSjUBd4E.pgp
Description: PGP signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
