Re: [vchkpw] [vpopmail] handle 'postmaster' as non existing user (reject mails)
Ken Jones wrote: Lars Uhlmann wrote: We only need this mailbox for »qmailadmin« to log in. Is it possible to treat this account as non existing? I've tried a domain-global '.qmail-postmaster' (... bounce-no-mailbox) and a '.qmail' (same content) inside the folder 'postmaster' but nothing worked. Create a .qmail-postmaster file with the same permissions and ownership and in the same directory as the .qmail-default file. Then put a single # character in the file. qmail-local treats a single # charater as delete the email. It is probably the most efficent way, since vdelivermail does not need to be envoked. I've been thinking of setting up all new domains with this way. Nobody really reads postmaster email. Well this is pretty horrifying considering the source. I don't know where you hang out, but this sort of thing is frowned upon by the community of mail server operators, and will get you blacklisted both privately and publicly if discovered. http://rfc-ignorant.org/rfcs/rfc2821.php - Ron
Re: [vchkpw] vdelivermail qmail-queue ALPHA patch - take 3
On May 9, 2006, at 12:57 PM, Jeremy Kitchen wrote: the problem is that vpopmail is using qmail-inject to forward messages. qmail-inject does not tolerate malformed messages. it's that simple. Any volunteers to review the code in vdelivermail.c and modify it to use qmail-queue instead of qmail-inject? OK, here's a quick stab at a basic patch - I modified qmail_inject_open to open qmail-queue appropriately (no args), and changed deliver_mail to talk to it. I THINK :) There's no bounds checking and so forth in here, there are a few places where there really needs to be some extra code to make sure that the data acquired is valid, but it's designed to be proof-of-concept. It compiles, but that's all I can guarantee. Use at your own risk, yada yada... Feel free to modify it as needed, I have no ego attached to this code :) OK, so I can't stand writing sloppy code :) Here's an updated version of the patch that handles things a little better (albeit in a slightly more complicated manner), and cleans up a couple remaining stragglers of the changeover. And here's another update. I realized as I was driving home last night that I'd made a mistake (that's what I get for coding while tired :)) and was printing double NULLs in the envelope. This fixes it (and simplifies the code a little too). Josh -- Joshua Megerman SJGames MIB #5273 - OGRE AI Testing Division You can't win; You can't break even; You can't even quit the game. - Layman's translation of the Laws of Thermodynamics --- vdelivermail.c.orig 2006-05-09 17:35:00.0 -0400 +++ vdelivermail.c 2006-05-10 09:09:19.0 -0400 @@ -72,6 +72,7 @@ #define BUFF_SIZE 300 int fdm; +int fde; #define EXIT_BOUNCE 100 #define EXIT_DEFER 111 @@ -304,33 +305,41 @@ } #endif -/* Forks off qmail-inject. Returns PID of child, or 0 for failure. */ -pid_t qmail_inject_open(char *address) +/* Forks off qmail-queue. Returns PID of child, or 0 for failure. */ +pid_t qmail_queue_open() { int pim[2]; + int pie[2]; + pid_t pid; - static char *binqqargs[4]; + static char *binqqargs[2]; if ( pipe(pim) == -1) return 0; +if ( pipe(pie) == -1) return 0; switch(pid=vfork()){ case -1: close(pim[0]); close(pim[1]); +close(pie[0]); +close(pie[1]); printf (Unable to fork: %d., errno); return 0; case 0: close(pim[1]); +close(pie[1]); if (vfd_move(0,pim[0]) == -1 ) _exit(-1); +if (vfd_move(1,pie[0]) == -1 ) _exit(-1); binqqargs[0] = QMAILINJECT; -binqqargs[1] = --; -binqqargs[2] = (*address == '' ? address[1] : address[0]); +binqqargs[1] = 0; execv(*binqqargs, binqqargs); -printf (Unable to launch qmail-inject.); +printf (Unable to launch qmail-queue.); exit (EXIT_DEFER);/* child's exit caught later */ } fdm = pim[1]; +fde = pie[1]; close(pim[0]); +close(pie[0]); return(pid); } @@ -628,10 +637,18 @@ char *dtline; char *atpos; int dtlen; + char *sender = 0; + char keychar[2] = { 'F', 'T' }; + char *envptrs[4] = { keychar, sender, keychar+1, address }; + int envlens[4] = { 1, 0, 1, 0 }; // sender and address get initialized later + int writestr; if (*address=='') ++address; /* will this case ever happen? */ - inject_pid = qmail_inject_open(address); - if (inject_pid == 0) vexiterr (EXIT_DEFER, system error, can't open qmail-inject); + envptrs[3] = address; + envlens[3] = strlen(address) + 1; + + inject_pid = qmail_queue_open(); + if (inject_pid == 0) vexiterr (EXIT_DEFER, system error, can't open qmail-queue); /* use the DTLINE variable, but skip past the dash in * [EMAIL PROTECTED] @@ -665,13 +682,33 @@ } if (fdcopy (fdm, 0, DeliveredTo, strlen(DeliveredTo)) != 0) { - printf (write to qmail-inject failed: %d\n, errno); + printf (write to qmail-queue failed: %d\n, errno); close(fdm); + close(fde); waitpid(inject_pid,child,0); vexiterr (EXIT_DEFER, system error); } + if (!(sender = getenv(SENDER))) { + printf (unable to acquire SENDER from environment\n); + close(fdm); + close(fde); + vexiterr (EXIT_DEFER, system error); + } + envptrs[1] = sender; + envlens[1] = strlen(sender) + 1; + + for (writestr = 0; writestr 4; writestr++) { +if ((write(fde, (void *)envptrs[writestr], envlens[writestr])) != envlens[writestr]) { +printf (write to qmail-queue failed: %d\n, errno); +close(fdm); +close(fde); +vexiterr (EXIT_DEFER, system error); +} + } + close(fdm); + close(fde); waitpid(inject_pid,child,0); if (wait_exitcode(child) == 0) return; vexiterr (EXIT_DEFER,
Re: [vchkpw] Vpopmail With Only One Domain and POP Logins
~vpopmail/etc/defaultdomain Place the domain in question in that file. Thanks everyone. That is exactly what I needed. -ken
[vchkpw] qmailmrtg7 simscan patch update.
An update on the qmailmrtg7 simscan patch.Remove the following (line 280) } else if ((tmpstr1 = strstr(TmpBuf, ":RELAYCLIENT:"))!=NULL) { // just log message ++tclean;as this is logging outgoing messages and hence making the numbers look lower than they are.The new patch should first check for rejection, then for tagging, otherwise for clean, since spam scanning doesn't run when relayclient is set.-M
[vchkpw] Patch - don't update tcp.smtp for users already covered by static rules
Here is an improved version of a patch that I posted once previously. I recently submitted it to Tom and he pointed out that it didn't necessarily do what it should have since it was based on certain assumptions. I've updated it so that it doesn't just ignore IPs that have any rule in the tcp.smtp file, but only those that are explicitly allowed to relay. It takes the remote IP and compares it to the rules in tcp.smtp. It aborts open_smtp_relay early if there is a rule in tcp.smtp that meets the following conditions: 1. It covers the remote IP (obviously) 2. It specifies allow (currently it only recognizes all lower case, since that's the form I've always seen and is what vpopmail uses. If it needs to support upper as well, that's easy). 3. It specifies 'RELAYCLIENT=' Under those conditions, it assumes that the remote client is covered by a static tcprules mapping and doesn't update tcp.smtp. Otherwise it will do the update as normal. The reason I originally wrote this is that under high-volumes, there is no good reason to continuously update the tcp.smtp file to allow relaying by addresses that are already allowed to relay. This also coveres things like webmail servers, which are constantly logging into the IMAP server unless you have an IMAP proxy, and can yield many tcprules updates under load. Please take a look and see what you think, as it is something I think would be a valuable addition to the main vpopmail tree. Thanks, Josh -- Joshua Megerman SJGames MIB #5273 - OGRE AI Testing Division You can't win; You can't break even; You can't even quit the game. - Layman's translation of the Laws of Thermodynamics [EMAIL PROTECTED] diff -urN ../clean/vpopmail-5.4.16/vpopmail.c vpopmail-5.4.16/vpopmail.c --- ../clean/vpopmail-5.4.16/vpopmail.c 2006-01-17 14:30:52.0 -0500 +++ vpopmail-5.4.16/vpopmail.c 2006-05-10 15:31:40.0 -0400 @@ -2903,6 +2903,9 @@ */ int open_smtp_relay() { + if (check_static_relay()) { +return(0); + } #ifdef USE_SQL int result; @@ -3095,6 +3098,83 @@ // +#ifdef POP_AUTH_OPEN_RELAY +/* check_static_relay() looks to see if the remote IP address is in the + * TCP_RULES file, and if so returns true. Used to not update the relay + * table with IP addresses that are already covered by another rule. + */ + +int check_static_relay() +{ + FILE *fs; + char tmpbuf1[MAX_BUFF], tmpbuf2[MAX_BUFF]; + int found = 0, ipfound = 0, i = 1, x, y, z; + char *ipaddr, *p, *q, *r, *ip[4]; + + /* get the remote IP address as a string */ + ipaddr = get_remote_ip(); + strcpy(tmpbuf2, ipaddr); + + q = strtok(tmpbuf2, .); + ip[0] = q; + while ((i 4) q) { +q = strtok(NULL, .); +ip[i] = q; +i++; + } + + /* open the tcp.smtp file and read in the static rules - these addresses + * are handled by tcprules and not the relay table */ + fs = fopen(TCP_FILE, r); + if ( fs != NULL ) { +/* read each entry and compare it to the remote IP address */ +while (( fgets(tmpbuf1, sizeof(tmpbuf1), fs ) != NULL ) (!found)){ + if ( p = strchr(tmpbuf1, ':') ) { +*p = '\0'; + if ( !(strncmp(ipaddr, tmpbuf1, strlen(tmpbuf1))) ) { + ipfound = 1; +} else if (q = strchr(tmpbuf1, '-')) { + ipfound = 1; + q = strtok(tmpbuf1, .); + if ( strcmp(ip[0], q) ) { +ipfound = 0; + } + i = 1; + while ((i 4) q ipfound) { +q = strtok(NULL, .); +if ( strcmp(ip[i], q) ) { + ipfound = 0; +} else { + i++; +} + } + if (r = strchr(q, '-')) { +x = atoi(ip[i]); +y = atoi(q); +z = atoi(r+1); +if ((x = y) (x = z)) { + ipfound = 1; +} + } +} +if (ipfound) { + if (q = strstr(p+1, allow)) { +if (q = strstr(p+1, RELAYCLIENT=\\)) { + found = 1; +} + } +} + } +} +fclose(fs); + } + + return(found); +} +#endif /* POP_AUTH_OPEN_RELAY */ + +// + int vfd_copy(int to, int from) { if (to == from) return 0;