Nuno Pais Fernandes wrote:
Hi,
I'm in the process of testing :)
Two remarks
1 - If user is authenticated via SMTP, GREYLIST should be disabled.
Check qmail-smtp.c
if (flagauthok==1) env_unset("GREYLIST");
Hello Nuno,
Thanks for the input and i hope that all the testing goes well :)
About the first remark you made, you haven't tested it yet since the
only server i'm using the solution ATM doesn't allow relaying from the
internet. Never the less, i've experimented setting the GREYLIST var on
an already allowed relay source, and what happens is that if RELAYCLIENT
is set, the greylisting feature is disregarded. Also from the
qmail-smtpd.c code, i read the following;
/* check if we are authenticated, if yes enable relaying */
if (flagauthok && relayclient == 0) {
relayclient = "";
if (!env_put("RELAYCLIENT=")) die_nomem();
}
So the relay authorization, after successfull authentication, is
obtained by setting the RELAYCLIENT var. All points that this is enough
to also disable greylisting, working as a side effect, but like i said i
haven't tested it yet so i couldn't tell right now.
2 - Mysql host, user and password should come from Makefile and not hardcoded
in
dbdef.sql
greylist-cleanup.pl
greylist-whitelist.pl
local_scan.c
True ... i'll look into it for the next release .. or maybe someone
wants to do it and share? ;)
One other thing i've been thinking of is having a greeting delay
feature. The solutions i've seen for qmail are really bad and all they
do is introduce a delay and hope that the spammer will quit. No only
that's not enough, but sounds to me that'd consume too much server
resources.
My thought was to implement a routine that on the existence of the
GREETDELAY="seconds" env var, would introduce "seconds" delay to the 220
smtpgreeting message. In the case that the client would not honor the
rfc and start sending data before the greeting is sent, the server would
send a temporary/permanent (?) failure message and would abort the
connection. If the client honored the rfc, the smtp conversation would
proceed normally.
Another nice feature would be an HELO check for known invalid hostnames,
such as the name server itself, the domain list that the server accepts
mails to, localhost, etc...
any thoughts on these ones?
regards,
Hugo Monteiro.
--
ci.fct.unl.pt:~# cat .signature
Hugo Monteiro
Email : [EMAIL PROTECTED]
Telefone : +351 212948300 Ext.15307
Centro de Informática
Faculdade de Ciências e Tecnologia da
Universidade Nova de Lisboa
Quinta da Torre 2829-516 Caparica Portugal
Telefone: +351 212948596 Fax: +351 212948548
www.ci.fct.unl.pt [EMAIL PROTECTED]
ci.fct.unl.pt:~# _
