On Wed, Dec 07, 2005 at 11:31:52AM +0100, Mikkel Kruse Johnsen wrote:
> On Wed, 2005-12-07 at 11:25 +0100, Jose Javier Sianes Ruiz wrote:
>
> > El mié, 07-12-2005 a las 08:47 +0100, Claudio Jeker escribió:
> > > On Tue, Dec 06, 2005 at 09:07:22PM -0500, johnny yu wrote:
> > > >
> > > > Hi,
> > > >
> > > > I have been using Netqmail 1.05 in my DMZ for a long time. I use it as
> > > > a
> > > > smarthost in my DMZ for all incoming and outgoing email. My primary
> > > > reason
> > > > this is not waiting to expose the Microsoft SMTP service on my Exchange
> > > > server to the world due to secutiry concerns. For this purpose Qmail
> > > > has
> > > > been great, and I have added a lot of add ons to it like Qmail Scanner
> > > > and
> > > > rblsmtpd.
> > > >
> > > > However, I would like add the ability to Qmail to have it check to see
> > > > if a
> > > > user exists before accepting mail and sending it to Excahgne. It
> > > > seemed
> > > > like Qmail LDAP would do this. I set up a test system and installed
> > > > Qmail
> > > > 1.03 and patched it with the latest Qmail LDAP patch. I got
> > > > communication
> > > > working between my Qmail test system and the directory, but from my
> > > > testing
> > > > it seems Qmail LDAP is more ment to deliver mail locally and just use
> > > > LDAP
> > > > to store information about the users. I guess the only functionality I
> > > > want out of Qmail LDAP is for it to query AD when recieving a message
> > > > to
> > > > make sure the recipient in the message is valid. Is there some way to
> > > > make
> > > > Qmail LDAP work in this manner?
> > > >
> > > > I have also looked at qmail-activedir, but it doesn't appear to do what
> > > > I
> > > > want either.
> > > >
> > >
> > > The trick is to use only part of qmail-ldap. So using qmail-smtpd and
> > > qmail-verify but not the backend part. Anotherthing that needs some
> > > consideration is to make qmail-smtpd parse a different locals file.
> > > Currently I think it would be possible by using some sort of chroot hack.
> > >
> > > I'll probably add a way to have additional domains checked by
> > > qmail-verify.
> >
> > This function could be very interesting. I have a server that works like
> > a secondary SMTP for several domains. It has no local delivery, in
> > rcpthosts file are configured all domains managed by primary SMTP. This
> > way, when a mail comes to secondary one, is spam and virus checked, but
> > recipient is not verified because is not a local deliver. Is there any
> > way to make this work? My secondary server receives a lot of spam mails,
> > and may of them could be deferred with a LDAP recipient verification.
> >
> >
>
> Hi
>
> I would think it was easy, just change "qmail-smtpd.c" from line 1113.
> To:
>
> --------------
> /* check if recipient exists in ldap */
> if (rcptcheck) {
> if (!goodmailaddr()) {
> logline(4,"recipient verify, recipient not in goodmailaddr");
> // if (addrlocals()) {
> char *s;
> logline(4,"recipient verify, recipient is local");
> switch (ldaplookup(addr.s, &s)) {
> case 1: /* valid */
> logline(4,"recipient verify OK");
> break;
> case 0: /* invalid */
> logline(3,"message denied because of recipient verify");
> err_554msg(s);
> if (errdisconnect) err_quit();
> return;
> case -1:
> default: /* other error, treat as soft 4xx */
> if (ldapsoftok)
> break;
> logline(3,"recipient verify soft error");
> err_ldapsoft();
> if (errdisconnect) err_quit();
> return;
> }
> // } /* else this is relaying, don't do anything */
> }
> }
> ---------
>
> See that I have commented out the check for local delivery.
>
> I have not tested this and not sure it works, but I would think so.
>
This will break relaying and forwarding of non local mails.
It may work for special purpose mail gateways but use it with care!!!
--
:wq Claudio
