Re: [vchkpw] vdelivermail patch in order to handle maildrop filtering capabilities
John Simpson a écrit : what if there happens to be a mailbox with the name mailfilter? (yes, it's a rather contrived example, but you see some really weird stuff when you run an ISP... as an example, we had one user who ran one of the local post offices and wanted postmaster as his userid, the tech support guy who took the signup told him he could have it, and i was the one who got to call him back and explain why he couldn't have it... i ended up telling him it was already used, and that was that. of course for the next three weeks i got a series of who are you? emails to the postmaster mailbox from this guy...) instead of using mailfilter, you should probably use .mailfilter as the filename. names starting with a letter or number should really be reserved for mailbox names. Yes your remark is good, just have to sed mailfilter by .mailfilter ... in the patch file. also, what if a user (i.e. the owner of one specific mailbox) wants to create their own .mailfilter file, either directly or using some kind of web interface which gives them a set of options and writes a .mailfilter file based on their choices? i would search for /home/vpopmail/domains/.mailfilter-userid before the file names you're already checking for. This case is not implemented in the patch, and therefore because it is not simple to handle .qmail-* style for maildrop. But it should be very easy to do this in maildrop style in the main or referal .mailfilter file. For the web interface, i agree ... it would be very nice. But there is lot of job to do before :))) Jérôme MOLLIER-PIERRET
Re: [vchkpw] vdelivermail patch in order to handle maildrop filtering capabilities
On Oct 25, 2006, at 8:52 AM, Jérôme MOLLIER-PIERRET wrote: You'll find our patch below, if it can help someone ... I'll put it in my personal patch queue for inclusion in a future release of vpopmail, but since I don't use maildrop, I may not include it unless others tell me it's worth adding. Let us know, but if you add this to future realease it would be nice to include IFDEF header to activate or not this feature in the configure... Please upload it to SourceForge http://vpopmail.sf.net/ so there's a permanent record of it out there, and someone searching for that functionality can use your patch until it's added to the release versions of vpopmail. I'll post it today. Regards, Jérôme.
[vchkpw] OT: tcpserver and rblsmtpd clones
Sorry for the off topic. Does anyone know about good clones/substitutes of tcpserver and rblsmtpd? I'ld like they to have a more open licensing, so developing and deployment of new integrated features could be more easy. Thanks, Tonino
Re: [vchkpw] Re: [toaster] filtering outgoing emails
On 2006-10-25, at 1756, Howard Jones wrote: I've just started using qpsmtpd to do SMTP AUTH against my vpopmail users with vchkpw, to avoid running a patched qmail-smtpd[1]... [1] actually, it's to avoid having to reconcile SMTP AUTH patches with chkuser, which I already use, and couldn't live without. I run qmail-smtpd with chkuser for the 'public' MX SMTP service, and qpsmtpd for my local user's relay SMTP server, with auth and SSL. you are aware that there are other patches out there which do the same thing that chkuser does, which do work with AUTH, TLS, and SSL, and which don't rely specifically on vpopmail (i.e. when you upgrade vpopmail you don't have to re-compile qmail)? i mention this because i wrote such a patch- instead of looking directly at vpopmail's files (or mysql database, or however you have vpopmail configured) it reads a single cdb file where the keys are email addresses, and the values (for now) are ignored. it also handles -default addresses in the expected manner (i.e. if the validrcptto.cdb file contains [EMAIL PROTECTED], qmail-smtpd will accept [EMAIL PROTECTED].) i also have a combined patch which includes this one, plus all of the other standard things people seem to look for when patching qmail- TLS (both inbound and outbound), AUTH (both inbound and outbound), SPF with logging, my AUTH_SET patch (which allows you to add, change, or delete environment variables when a successful AUTH command is sent, and have those changes take effect where appropriate), badmailfrom/badrcptto with regular expressions, the ext_todo patch (which breaks qmail-send into two programs so that classifications and deliveries don't hold each other up, the so-called silly qmail syndrome), a patch which i've written but not yet documented which handles the AUTH command using a cdb file rather than calling an external program, and more. my server has been very happily using this combined patch for several months, rejecting messages sent to non-existent mailboxes while still supporting STARTTLS and AUTH. i have an entire web site devoted to this stuff, here are two pages to start with: http://qmail.jms1.net/patches/validrcptto.cdb.shtml http://qmail.jms1.net/patches/combined.shtml you may have other reasons for wanting to stick with chkuser, but you should at least look at other options (if you haven't already done so.) -- | John M. Simpson - KG4ZOW - Programmer At Large | | http://www.jms1.net/ [EMAIL PROTECTED] | -- | Mac OS X proves that it's easier to make UNIX | | pretty than it is to make Windows secure. | -- PGP.sig Description: This is a digitally signed message part
Re: [vchkpw] vdelivermail patch in order to handle maildrop filtering capabilities
On 2006-10-26, at 0359, Jérôme MOLLIER-PIERRET wrote: John Simpson a écrit : also, what if a user (i.e. the owner of one specific mailbox) wants to create their own .mailfilter file, either directly or using some kind of web interface which gives them a set of options and writes a .mailfilter file based on their choices? i would search for /home/vpopmail/domains/.mailfilter-userid before the file names you're already checking for. This case is not implemented in the patch, and therefore because it is not simple to handle .qmail-* style for maildrop. But it should be very easy to do this in maildrop style in the main or referal .mailfilter file. For the web interface, i agree ... it would be very nice. But there is lot of job to do before :))) that's what i was thinking- at some point in the future, somebody (maybe myself, if i ever get some free time) (yeah, right) will want to write a web interface which gives individual mailbox owners the ability to either edit their own .mailfilter file, or choose from a list of options which will cause the web back-end to create or modify a per-mailbox .mailfilter file, maybe using some kind of templates to support each available option. i just don't like seeing patches which lock out future possibilities. flexibility is a good thing. other than that, your patch looks like a good idea. -- | John M. Simpson - KG4ZOW - Programmer At Large | | http://www.jms1.net/ [EMAIL PROTECTED] | -- | Mac OS X proves that it's easier to make UNIX | | pretty than it is to make Windows secure. | -- PGP.sig Description: This is a digitally signed message part
[vchkpw] Re: [toaster] filtering outgoing emails
John Simpson wrote: you are aware that there are other patches out there which do the same thing that chkuser does, which do work with AUTH, TLS, and SSL, and which don't rely specifically on vpopmail (i.e. when you upgrade vpopmail you don't have to re-compile qmail)? i mention this because i wrote such a patch- instead of looking directly at vpopmail's files (or mysql database, or however you have vpopmail configured) it reads a single cdb file where the keys are email addresses, and the values (for now) are ignored. it also handles -default addresses in the expected manner (i.e. if the validrcptto.cdb file contains [EMAIL PROTECTED], qmail-smtpd will accept [EMAIL PROTECTED].) I can vouch for this. I'm happily using John's scripts to generate the CDB. I even wrote an auth plugin for qpsmtpd that uses it. It works great. R.
Re: [vchkpw] OT: tcpserver and rblsmtpd clones
On 2006-10-26, at 0441, tonix (Antonio Nati) wrote: Does anyone know about good clones/substitutes of tcpserver and rblsmtpd? I'ld like they to have a more open licensing, so developing and deployment of new integrated features could be more easy. (sorry for going even further off topic) i don't see anything in the ucspi-tcp source package, or on djb's web site, which indicates the kind of license under which the ucspi-tcp package is distributed. i know we've probably all seen http://cr.yp.to/qmail/dist.html but that only applies to qmail. i've heard it said that all of djb's other software is essentially public domain, but now i'm curious and would like know for sure. has anybody heard or seen any kind of statement from djb about this, and if so where can i find a copy of it? -- | John M. Simpson - KG4ZOW - Programmer At Large | | http://www.jms1.net/ [EMAIL PROTECTED] | -- | Mac OS X proves that it's easier to make UNIX | | pretty than it is to make Windows secure. | -- PGP.sig Description: This is a digitally signed message part
Re: [vchkpw] Re: [toaster] filtering outgoing emails
John Simpson wrote: you may have other reasons for wanting to stick with chkuser, but you should at least look at other options (if you haven't already done so.) I haven't bothered before now, but now that's two (different?) patchsets to try out for TLS+AUTH+chkuser+etc+etc :-) The last time I looked around, the only chkuser-equivalents I could find depended on reading vpopmail's mysql databases directly, which wasn't much help for our cdb-based installation. Thanks for the pointer - SPF is another thing I've been meaning to look into, so I guess it's time to build a test machine. Cheers, Howie
Re: [vchkpw] OT: tcpserver and rblsmtpd clones
John Simpson wrote: i've heard it said that all of djb's other software is essentially public domain, but now i'm curious and would like know for sure. has anybody heard or seen any kind of statement from djb about this, and if so where can i find a copy of it? Most of his software is not public domain. (Several of his math and crypto libraries are, but to my knowledge none of the networking software is). First, there's a copyright statement in the README file of each package. Second: http://cr.yp.to/distributors.html Daemontools is explicitly mentioned here-- he licenses the current version to be distributed (in package form, with a specific MD5 checksum) until the beginning of 2007. Third: http://cr.yp.to/softwarelaw.html In other words, DJB has the right to control distribution of his software and he specifically asserts that right. David
Re: [vchkpw] OT: tcpserver and rblsmtpd clones
On 2006-10-26, at 1454, David Chaplin-Loebell wrote: John Simpson wrote: i've heard it said that all of djb's other software is essentially public domain, but now i'm curious and would like know for sure. has anybody heard or seen any kind of statement from djb about this, and if so where can i find a copy of it? Most of his software is not public domain. (Several of his math and crypto libraries are, but to my knowledge none of the networking software is). First, there's a copyright statement in the README file of each package. Second: http://cr.yp.to/distributors.html Daemontools is explicitly mentioned here-- he licenses the current version to be distributed (in package form, with a specific MD5 checksum) until the beginning of 2007. ah. i had only seen the qmail-specific version of this page, http:// cr.yp.to/qmail/dist.html ... you have answered my question, thank you. next question, and this may be better directed to djb himself (hence the CC to him.) i build servers for my clients, and i carry around a USB memory stick which contains, among other things, the source code packages for daemontools and ucspi-tcp. does this mean that starting in january i'm going to have to manually download the packages from his server instead of copying them from my USB stick when i build a client's machine? i don't really mind either way, but i'd like to know what his policy is, just to be sure. before you pointed out this page this i was not aware of 2007-01-01 having any significance (other than new years day, obviously.) -- | John M. Simpson - KG4ZOW - Programmer At Large | | http://www.jms1.net/ [EMAIL PROTECTED] | -- | Mac OS X proves that it's easier to make UNIX | | pretty than it is to make Windows secure. | -- PGP.sig Description: This is a digitally signed message part
Re: [vchkpw] vdelivermail patch in order to handle maildrop filtering capabilities
On 2006-10-26, at 1251, Rick Romero wrote: I don't know what everyone else is doing, but my .qmail-default looks like this: |maildrop /home/vpopmail/domains/havokmon.com/mailfilter | /usr/home/vpopmail/bin/vdelivermail '' /usr/home/vpopmail/domains/havokmon.com/rick And my mailfiler is essentially: ... # Delete messages with a score of 10 or higher, filter all other # spam messages into a spam folder /^X-Spam-Status: yes, (hits|score)=![:digit:]+\.[:digit:]+!.*/ if ( $MATCH2 = 10.0 ) { exception { EXITCODE = 99 to /dev/null it's been my experience that this line is not necessary, just setting EXITCODE=99 and then exit is enough to cause the message to NOT be delivered anywhere. I forget exactly what option does it - it's either the EXITCODE with exit, and or the exception{} blocks, but my .qmail-default is processeed entirely. setting EXITCODE to 99 tells qmail-local (which is what actually reads the .qmail file) that the delivery is done, it was successful, and it should stop processing the .qmail file (i.e. don't go on to the next line.) the exit codes are documented in man qmail- command. -- | John M. Simpson - KG4ZOW - Programmer At Large | | http://www.jms1.net/ [EMAIL PROTECTED] | -- | Mac OS X proves that it's easier to make UNIX | | pretty than it is to make Windows secure. | -- PGP.sig Description: This is a digitally signed message part
Re: [vchkpw] OT: tcpserver and rblsmtpd clones
John Simpson wrote: i don't really mind either way, but i'd like to know what his policy is, just to be sure. before you pointed out this page this i was not aware of 2007-01-01 having any significance (other than new years day, obviously.) He periodically updates those dates. I think the point is that he doesn't want prerelease versions of his software distributed forever-- but if you check out http://web.archive.org/web/*/http://cr.yp.to/distributors.html you'll see that those dates have been pushed forward several times. David
Re: [vchkpw] OT: tcpserver and rblsmtpd clones
On 2006-10-26, at 1737, David Chaplin-Loebell wrote: John Simpson wrote: i don't really mind either way, but i'd like to know what his policy is, just to be sure. before you pointed out this page this i was not aware of 2007-01-01 having any significance (other than new years day, obviously.) He periodically updates those dates. I think the point is that he doesn't want prerelease versions of his software distributed forever-- but if you check out http://web.archive.org/web/*/http:// cr.yp.to/distributors.html you'll see that those dates have been pushed forward several times. okay. thanks again. -- | John M. Simpson - KG4ZOW - Programmer At Large | | http://www.jms1.net/ [EMAIL PROTECTED] | -- | Mac OS X proves that it's easier to make UNIX | | pretty than it is to make Windows secure. | -- PGP.sig Description: This is a digitally signed message part
Re: [vchkpw] vdelivermail patch in order to handle maildrop filtering capabilities
that's what i was thinking- at some point in the future, somebody (maybe myself, if i ever get some free time) (yeah, right) will want to write a web interface which gives individual mailbox owners the ability to either edit their own .mailfilter file, or choose from a list of options which will cause the web back-end to create or modify a per-mailbox .mailfilter file, maybe using some kind of templates to support each available option. sqwebmail provides some ability to generate .mailfilter files although the interface isn't the greatest. There is also a module for squirrelmail too that generates .mailfilter files. However I had to make some changes before it would work properly.