Re: [vchkpw] [vpopmail] handle 'postmaster' as non existing user (reject mails)
Ken Jones wrote: Lars Uhlmann wrote: We only need this mailbox for »qmailadmin« to log in. Is it possible to treat this account as non existing? I've tried a domain-global '.qmail-postmaster' (... bounce-no-mailbox) and a '.qmail' (same content) inside the folder 'postmaster' but nothing worked. Create a .qmail-postmaster file with the same permissions and ownership and in the same directory as the .qmail-default file. Then put a single # character in the file. qmail-local treats a single # charater as delete the email. It is probably the most efficent way, since vdelivermail does not need to be envoked. I've been thinking of setting up all new domains with this way. Nobody really reads postmaster email. Well this is pretty horrifying considering the source. I don't know where you hang out, but this sort of thing is frowned upon by the community of mail server operators, and will get you blacklisted both privately and publicly if discovered. http://rfc-ignorant.org/rfcs/rfc2821.php - Ron
Re: [vchkpw] vdelivermail qmail-queue ALPHA patch - take 3
On May 9, 2006, at 12:57 PM, Jeremy Kitchen wrote:
the problem is that vpopmail is using qmail-inject to forward
messages.
qmail-inject does not tolerate malformed messages.
it's that simple.
Any volunteers to review the code in vdelivermail.c and modify it to
use qmail-queue instead of qmail-inject?
OK, here's a quick stab at a basic patch - I modified qmail_inject_open
to
open qmail-queue appropriately (no args), and changed deliver_mail to
talk
to it. I THINK :)
There's no bounds checking and so forth in here, there are a few places
where there really needs to be some extra code to make sure that the
data
acquired is valid, but it's designed to be proof-of-concept. It
compiles,
but that's all I can guarantee.
Use at your own risk, yada yada... Feel free to modify it as needed, I
have no ego attached to this code :)
OK, so I can't stand writing sloppy code :) Here's an updated version of
the patch that handles things a little better (albeit in a slightly more
complicated manner), and cleans up a couple remaining stragglers of the
changeover.
And here's another update. I realized as I was driving home last night
that I'd made a mistake (that's what I get for coding while tired :)) and
was printing double NULLs in the envelope. This fixes it (and simplifies
the code a little too).
Josh
--
Joshua Megerman
SJGames MIB #5273 - OGRE AI Testing Division
You can't win; You can't break even; You can't even quit the game.
- Layman's translation of the Laws of Thermodynamics
--- vdelivermail.c.orig 2006-05-09 17:35:00.0 -0400
+++ vdelivermail.c 2006-05-10 09:09:19.0 -0400
@@ -72,6 +72,7 @@
#define BUFF_SIZE 300
int fdm;
+int fde;
#define EXIT_BOUNCE 100
#define EXIT_DEFER 111
@@ -304,33 +305,41 @@
}
#endif
-/* Forks off qmail-inject. Returns PID of child, or 0 for failure. */
-pid_t qmail_inject_open(char *address)
+/* Forks off qmail-queue. Returns PID of child, or 0 for failure. */
+pid_t qmail_queue_open()
{
int pim[2];
+ int pie[2];
+
pid_t pid;
- static char *binqqargs[4];
+ static char *binqqargs[2];
if ( pipe(pim) == -1) return 0;
+if ( pipe(pie) == -1) return 0;
switch(pid=vfork()){
case -1:
close(pim[0]);
close(pim[1]);
+close(pie[0]);
+close(pie[1]);
printf (Unable to fork: %d., errno);
return 0;
case 0:
close(pim[1]);
+close(pie[1]);
if (vfd_move(0,pim[0]) == -1 ) _exit(-1);
+if (vfd_move(1,pie[0]) == -1 ) _exit(-1);
binqqargs[0] = QMAILINJECT;
-binqqargs[1] = --;
-binqqargs[2] = (*address == '' ? address[1] : address[0]);
+binqqargs[1] = 0;
execv(*binqqargs, binqqargs);
-printf (Unable to launch qmail-inject.);
+printf (Unable to launch qmail-queue.);
exit (EXIT_DEFER);/* child's exit caught later */
}
fdm = pim[1];
+fde = pie[1];
close(pim[0]);
+close(pie[0]);
return(pid);
}
@@ -628,10 +637,18 @@
char *dtline;
char *atpos;
int dtlen;
+ char *sender = 0;
+ char keychar[2] = { 'F', 'T' };
+ char *envptrs[4] = { keychar, sender, keychar+1, address };
+ int envlens[4] = { 1, 0, 1, 0 }; // sender and address get initialized later
+ int writestr;
if (*address=='') ++address; /* will this case ever happen? */
- inject_pid = qmail_inject_open(address);
- if (inject_pid == 0) vexiterr (EXIT_DEFER, system error, can't open qmail-inject);
+ envptrs[3] = address;
+ envlens[3] = strlen(address) + 1;
+
+ inject_pid = qmail_queue_open();
+ if (inject_pid == 0) vexiterr (EXIT_DEFER, system error, can't open qmail-queue);
/* use the DTLINE variable, but skip past the dash in
* [EMAIL PROTECTED]
@@ -665,13 +682,33 @@
}
if (fdcopy (fdm, 0, DeliveredTo, strlen(DeliveredTo)) != 0) {
- printf (write to qmail-inject failed: %d\n, errno);
+ printf (write to qmail-queue failed: %d\n, errno);
close(fdm);
+ close(fde);
waitpid(inject_pid,child,0);
vexiterr (EXIT_DEFER, system error);
}
+ if (!(sender = getenv(SENDER))) {
+ printf (unable to acquire SENDER from environment\n);
+ close(fdm);
+ close(fde);
+ vexiterr (EXIT_DEFER, system error);
+ }
+ envptrs[1] = sender;
+ envlens[1] = strlen(sender) + 1;
+
+ for (writestr = 0; writestr 4; writestr++) {
+if ((write(fde, (void *)envptrs[writestr], envlens[writestr])) != envlens[writestr]) {
+printf (write to qmail-queue failed: %d\n, errno);
+close(fdm);
+close(fde);
+vexiterr (EXIT_DEFER, system error);
+}
+ }
+
close(fdm);
+ close(fde);
waitpid(inject_pid,child,0);
if (wait_exitcode(child) == 0) return;
vexiterr (EXIT_DEFER,
Re: [vchkpw] Vpopmail With Only One Domain and POP Logins
~vpopmail/etc/defaultdomain Place the domain in question in that file. Thanks everyone. That is exactly what I needed. -ken
[vchkpw] qmailmrtg7 simscan patch update.
An update on the qmailmrtg7 simscan patch.Remove the following (line 280) } else if ((tmpstr1 = strstr(TmpBuf, ":RELAYCLIENT:"))!=NULL) { // just log message ++tclean;as this is logging outgoing messages and hence making the numbers look lower than they are.The new patch should first check for rejection, then for tagging, otherwise for clean, since spam scanning doesn't run when relayclient is set.-M
[vchkpw] Patch - don't update tcp.smtp for users already covered by static rules
Here is an improved version of a patch that I posted once previously. I
recently submitted it to Tom and he pointed out that it didn't necessarily
do what it should have since it was based on certain assumptions. I've
updated it so that it doesn't just ignore IPs that have any rule in the
tcp.smtp file, but only those that are explicitly allowed to relay.
It takes the remote IP and compares it to the rules in tcp.smtp. It
aborts open_smtp_relay early if there is a rule in tcp.smtp that meets the
following conditions:
1. It covers the remote IP (obviously)
2. It specifies allow (currently it only recognizes all lower case,
since that's the form I've always seen and is what vpopmail uses. If it
needs to support upper as well, that's easy).
3. It specifies 'RELAYCLIENT='
Under those conditions, it assumes that the remote client is covered by a
static tcprules mapping and doesn't update tcp.smtp. Otherwise it will do
the update as normal.
The reason I originally wrote this is that under high-volumes, there is no
good reason to continuously update the tcp.smtp file to allow relaying by
addresses that are already allowed to relay. This also coveres things
like webmail servers, which are constantly logging into the IMAP server
unless you have an IMAP proxy, and can yield many tcprules updates under
load.
Please take a look and see what you think, as it is something I think
would be a valuable addition to the main vpopmail tree.
Thanks,
Josh
--
Joshua Megerman
SJGames MIB #5273 - OGRE AI Testing Division
You can't win; You can't break even; You can't even quit the game.
- Layman's translation of the Laws of Thermodynamics
[EMAIL PROTECTED]
diff -urN ../clean/vpopmail-5.4.16/vpopmail.c vpopmail-5.4.16/vpopmail.c
--- ../clean/vpopmail-5.4.16/vpopmail.c 2006-01-17 14:30:52.0 -0500
+++ vpopmail-5.4.16/vpopmail.c 2006-05-10 15:31:40.0 -0400
@@ -2903,6 +2903,9 @@
*/
int open_smtp_relay()
{
+ if (check_static_relay()) {
+return(0);
+ }
#ifdef USE_SQL
int result;
@@ -3095,6 +3098,83 @@
//
+#ifdef POP_AUTH_OPEN_RELAY
+/* check_static_relay() looks to see if the remote IP address is in the
+ * TCP_RULES file, and if so returns true. Used to not update the relay
+ * table with IP addresses that are already covered by another rule.
+ */
+
+int check_static_relay()
+{
+ FILE *fs;
+ char tmpbuf1[MAX_BUFF], tmpbuf2[MAX_BUFF];
+ int found = 0, ipfound = 0, i = 1, x, y, z;
+ char *ipaddr, *p, *q, *r, *ip[4];
+
+ /* get the remote IP address as a string */
+ ipaddr = get_remote_ip();
+ strcpy(tmpbuf2, ipaddr);
+
+ q = strtok(tmpbuf2, .);
+ ip[0] = q;
+ while ((i 4) q) {
+q = strtok(NULL, .);
+ip[i] = q;
+i++;
+ }
+
+ /* open the tcp.smtp file and read in the static rules - these addresses
+ * are handled by tcprules and not the relay table */
+ fs = fopen(TCP_FILE, r);
+ if ( fs != NULL ) {
+/* read each entry and compare it to the remote IP address */
+while (( fgets(tmpbuf1, sizeof(tmpbuf1), fs ) != NULL ) (!found)){
+ if ( p = strchr(tmpbuf1, ':') ) {
+*p = '\0';
+ if ( !(strncmp(ipaddr, tmpbuf1, strlen(tmpbuf1))) ) {
+ ipfound = 1;
+} else if (q = strchr(tmpbuf1, '-')) {
+ ipfound = 1;
+ q = strtok(tmpbuf1, .);
+ if ( strcmp(ip[0], q) ) {
+ipfound = 0;
+ }
+ i = 1;
+ while ((i 4) q ipfound) {
+q = strtok(NULL, .);
+if ( strcmp(ip[i], q) ) {
+ ipfound = 0;
+} else {
+ i++;
+}
+ }
+ if (r = strchr(q, '-')) {
+x = atoi(ip[i]);
+y = atoi(q);
+z = atoi(r+1);
+if ((x = y) (x = z)) {
+ ipfound = 1;
+}
+ }
+}
+if (ipfound) {
+ if (q = strstr(p+1, allow)) {
+if (q = strstr(p+1, RELAYCLIENT=\\)) {
+ found = 1;
+}
+ }
+}
+ }
+}
+fclose(fs);
+ }
+
+ return(found);
+}
+#endif /* POP_AUTH_OPEN_RELAY */
+
+//
+
int vfd_copy(int to, int from)
{
if (to == from) return 0;
