[vchkpw] vdelivermail patch in order to handle maildrop filtering capabilities
Dear list, We were looking over internet for someone who patched vdelivermail in order to call maildrop in the delivery process for filtering purpose. This kind of implementation using maildrop for filtering seems to be the cleanest way for us in our mind, because we do not have to change .qmail-default behavior in many ways (ie because of other qmail tools like qmailadmin…). And therefore, using vdelivermail make us sure to do many more check regarding vpopmail, like for sample ‘bouncing over-quota mails over full mailboxes’ and reading dot qmail files. We founded a patch located here : http://katastrophos.net/andre/blog/2006/10/03/vpopmail-maildrop-sqwebmail-mailfilter-patch/ but after many check and test this was not as clean as we wanted. So we rewritted a patch from scratch, witch is working fine in ours tests … in synthesis : This patch keep the behavior of vdelivermail on all delivering cases (like bouncing, deferals …). This is particularly important on the way that vdelivermail handle quota, and the users notifications. It also has the granularity of a using a mailfilter configuration file for domains (ie /home/vpopmail/domains/onedomain/mailfilter), all domains (ie /home/vpopmail/domains/mailfilter) … and indeed a default one in /etc/mailfilter. If no mailfilter file is present, vdelivermail act as it does naturally. You'll find our patch below, if it can help someone ... Any feedback would be cool :) Regards, --- vpopmail-5.4.17/vdelivermail.c 2006-06-29 21:36:43.0 +0200 +++ vpopmail-5.4.17.patchmaildrop_actinux/vdelivermail.c 2006-10-25 16:59:17.0 +0200 @@ -22,6 +22,13 @@ * */ +/* Patch insertion for using maildrop delivery program October 2006 + * by Actinux Team + * Jerome MOLLIER-PIERRET [EMAIL PROTECTED], + * Brian PASSANTE [EMAIL PROTECTED] + * + */ + /* include files */ #include unistd.h #include stdlib.h @@ -81,6 +88,9 @@ /* from qmail's wait.h for run_command() */ #define wait_exitcode(w) ((w) 8) +/* Maildrop binary path */ +#define MAILDROP /usr/local/bin/maildrop + /* Forward declarations */ int process_valias(void); void get_arguments(int argc, char **argv); @@ -93,6 +103,7 @@ void usernotfound(void); int is_loop_match( const char *dt, const char *address); int deliver_quota_warning(const char *dir, const char *q); +int launchmaildrop(void); /* print an error string and then exit @@ -610,7 +621,7 @@ maildir_to_email(address)); } -switch (deliver_to_maildir (address, DeliveredTo, 0, message_size)) { +switch (launchmaildrop()) { case -1: vexiterr (EXIT_OVERQUOTA, user is over quota); break; @@ -620,6 +631,22 @@ case -3: vexiterr (EXIT_BOUNCE, mail is looping); break; +case -200: + /*start the old launch */ + printf (trying_normal_delivery: ); + switch (deliver_to_maildir (address, DeliveredTo, 0, message_size)) { +case -1: + vexiterr (EXIT_OVERQUOTA, user is over quota); + break; + case -2: + vexiterr (EXIT_DEFER, system error); + break; + case -3: + vexiterr (EXIT_BOUNCE, mail is looping); + break; + default: + return; + } default: return; } @@ -1042,6 +1069,7 @@ maildir_to_email(newdir), date_header()); } + err = deliver_to_maildir (dir, DeliveredTo, read_fd, sb.st_size); close (read_fd); @@ -1063,3 +1091,67 @@ return (strcasecmp (compare, (dt+14)) == 0); } + +int launchmaildrop(void) +{ + char *prog; + int child; + char *(args[4]); + int wstat; + char mailfilter_file[256]; + FILE *fs; + + printf(trying_through_maildrop: ); + + sprintf(mailfilter_file, %s/mailfilter,TheDomainDir); + if ( (fs=fopen(mailfilter_file, r)) == NULL ) { + /* if no mailfilter in domain then check in vpopmail dir */ + sprintf(mailfilter_file, %s/%s/mailfilter,VPOPMAILDIR,DOMAINS_DIR); + if ( (fs=fopen(mailfilter_file, r)) == NULL ) { + /* if no mailfilter in vpopmail dir check in /etc/ */ + sprintf(mailfilter_file, /etc/mailfilter); + if ( (fs=fopen(mailfilter_file, r)) == NULL ) { + /* no mailfilter file present */ + printf(Ouups,_no_mailfilter_file: ); + return -200; + } + } + } + +snprintf(prog, AUTH_SIZE, | /usr/bin/env HOME=%s VDOMAINDIR=%s VUSERDIR=%s VUSER=%s VDOMAIN=%s preline \%s\ %s, TheDomainDir, TheDomainDir, vpw-pw_dir, TheUser, TheDomain, MAILDROP, mailfilter_file); + +/*to put maildrop in debug mode uncomment theses line +snprintf(prog, AUTH_SIZE, | /usr/bin/env HOME=%s VDOMAINDIR=%s VUSERDIR=%s VUSER=%s VDOMAIN=%s
Re: [vchkpw] vdelivermail patch in order to handle maildrop filtering capabilities
On Oct 25, 2006, at 8:52 AM, Jérôme MOLLIER-PIERRET wrote: You'll find our patch below, if it can help someone ... I'll put it in my personal patch queue for inclusion in a future release of vpopmail, but since I don't use maildrop, I may not include it unless others tell me it's worth adding. Please upload it to SourceForge http://vpopmail.sf.net/ so there's a permanent record of it out there, and someone searching for that functionality can use your patch until it's added to the release versions of vpopmail. -- Tom Collins - [EMAIL PROTECTED] Vpopmail - virtual domains for qmail: http://vpopmail.sf.net/ QmailAdmin - web interface for Vpopmail: http://qmailadmin.sf.net/
Re: [vchkpw] vdelivermail patch in order to handle maildrop filtering capabilities
On 2006-10-25, at 1152, Jérôme MOLLIER-PIERRET wrote: It also has the granularity of a using a mailfilter configuration file for domains (ie /home/vpopmail/domains/onedomain/mailfilter), all domains (ie /home/vpopmail/domains/mailfilter) … and indeed a default one in /etc/mailfilter. what if there happens to be a mailbox with the name mailfilter? (yes, it's a rather contrived example, but you see some really weird stuff when you run an ISP... as an example, we had one user who ran one of the local post offices and wanted postmaster as his userid, the tech support guy who took the signup told him he could have it, and i was the one who got to call him back and explain why he couldn't have it... i ended up telling him it was already used, and that was that. of course for the next three weeks i got a series of who are you? emails to the postmaster mailbox from this guy...) instead of using mailfilter, you should probably use .mailfilter as the filename. names starting with a letter or number should really be reserved for mailbox names. also, what if a user (i.e. the owner of one specific mailbox) wants to create their own .mailfilter file, either directly or using some kind of web interface which gives them a set of options and writes a .mailfilter file based on their choices? i would search for /home/ vpopmail/domains/.mailfilter-userid before the file names you're already checking for. -- | John M. Simpson - KG4ZOW - Programmer At Large | | http://www.jms1.net/ [EMAIL PROTECTED] | -- | Mac OS X proves that it's easier to make UNIX | | pretty than it is to make Windows secure. | -- PGP.sig Description: This is a digitally signed message part
[vchkpw] Re: [toaster] filtering outgoing emails
Title: Ingo Claro Jeff: i'm also interested in this feature. Have you found how to filter outgoing messages? for incoming messages I use maildrop regards, Ingo Claro F. Gerente de Operaciones [EMAIL PROTECTED] (+56-2) 43 00 155 Certificado ISO 9001:2000 Jeff Koch escribi: Hi We are getting demands from large ISP's - Comcast, AOL, ATT - that we spam filter all outgoing email. We're using simscan to filter incoming email but I think that misses email generated by our customers and autoresponders. Can it be accomplished by modifying /home/vpopmail/etc/tcp.smtp ? How are other qmail users handling this? Thanks in advance. Jeff Koch
Re: [vchkpw] Re: [toaster] filtering outgoing emails
On 2006-10-25, at 1614, Ingo Claro wrote: Jeff Koch escribió: We are getting demands from large ISP's - Comcast, AOL, ATT - that we spam filter all outgoing email. We're using simscan to filter incoming email but I think that misses email generated by our customers and autoresponders. Can it be accomplished by modifying /home/vpopmail/etc/tcp.smtp ? How are other qmail users handling this? i'm also interested in this feature. Have you found how to filter outgoing messages? for incoming messages I use maildrop you can still use simscan. the trick is to make your customers send their mail through simscan. i always did this by blocking outbound traffic to port 25/tcp at the router, unless the source IP was one of my mail servers. this leaves the users no choice but to use your mail server- and if all of your servers' SMTP services run the messages through simscan, all of your users' outgoing mail will be scanned while coming into your server, and your server will only send the clean mail out to the internet. some users will grumble about it, but once they figure out how to change their settings, most of them will never have to mess with it again. you will find two types of people who need special handling: - some users may be required to use a specific mail server at their office for outbound mail. these users should talk to their company's IT department about how to use an SMTP service on a port number other than 25- preferably one which requires AUTH, and is encrypted. if this is not available, make an exception in your filter which allows outbound traffic to port 25 on that company's SMTP server so that these employees can do their jobs, but you are still blocking outbound traffic to port 25 everywhere else in the world. - spammers who can no longer send mail directly out... these users should die a slow painful death. forcing them to send their outbound mail through your server also allows you to easily track how much mail they're sending- and if your company charges a fee for cleaning up after a spammer (i always charged 10 cents per message) it makes it very easy to document how much spam they sent and know how much to charge them for your time dealing with other ISPs' complaints and getting your servers' IP addresses removed from the blacklists. and yes, the cleanup fee does work, especially if you have a credit card number on file for a customer. we had a user who actually sent almost 3,500 messages out before i locked him out- we charged his credit card $349 and change, and when he tried to challenge it with his bank, we sent the bank a copy of our agreement and a list of the messages he sent- the bank ended up confirming the charge and we did get the money. (this was in florida, usa, the laws may be different where you are.) -- | John M. Simpson - KG4ZOW - Programmer At Large | | http://www.jms1.net/ [EMAIL PROTECTED] | -- | Mac OS X proves that it's easier to make UNIX | | pretty than it is to make Windows secure. | -- PGP.sig Description: This is a digitally signed message part
Re: [vchkpw] Re: [toaster] filtering outgoing emails
John Simpson wrote: On 2006-10-25, at 1614, Ingo Claro wrote: Jeff Koch escribió: We are getting demands from large ISP's - Comcast, AOL, ATT - that we spam filter all outgoing email. We're using simscan to filter incoming email but I think that misses email generated by our customers and autoresponders. Can it be accomplished by modifying /home/vpopmail/etc/tcp.smtp ? How are other qmail users handling this? i'm also interested in this feature. Have you found how to filter outgoing messages? for incoming messages I use maildrop you can still use simscan. the trick is to make your customers send their mail through simscan. [snip] I'm not sure that spam-filtering outgoing mail is a good idea-- I've never run into an implementation that doesn't annoy legitimate customers sending legitimate mail-- and simscan is, as far as I know, specifically designed not to allow it. If RELAYCLIENT is set, simscan checks for viruses but it doesn't run SpamAssassin. Am I missing something? David
Re: [vchkpw] Re: [toaster] filtering outgoing emails
On Wed, 2006-10-25 at 17:21 -0400, David Chaplin-Loebell wrote: John Simpson wrote: On 2006-10-25, at 1614, Ingo Claro wrote: Jeff Koch escribió: We are getting demands from large ISP's - Comcast, AOL, ATT - that we spam filter all outgoing email. We're using simscan to filter incoming email but I think that misses email generated by our customers and autoresponders. Can it be accomplished by modifying /home/vpopmail/etc/tcp.smtp ? How are other qmail users handling this? i'm also interested in this feature. Have you found how to filter outgoing messages? for incoming messages I use maildrop you can still use simscan. the trick is to make your customers send their mail through simscan. [snip] I'm not sure that spam-filtering outgoing mail is a good idea-- I've never run into an implementation that doesn't annoy legitimate customers sending legitimate mail-- and simscan is, as far as I know, specifically designed not to allow it. If RELAYCLIENT is set, simscan checks for viruses but it doesn't run SpamAssassin. Am I missing something? Yeah, Free ISPs who have spammers sign up. I've been fighting with this for quite a while. I've ended up having multiple qmail installs to do this. One to receive the email, one to spam scan it and relay it out. This seems to work well, I check the queues and clear out those emails and users - block those sending IP's if necessaary. My big problem is - how do I convert a single email with 50 TO: addresses into ONE email to be spam scanned? I think I need to run a different email server for the intital queue - but this then brings up questions like, how do I use SMTP AUTH with, say, Exim, and vpopmail? The whole spam/antivirus requirements have turned a nice 'email server' into a multiple install/multiple queue hell - and I only have about 2k regular users. Rick
Re: [vchkpw] Re: [toaster] filtering outgoing emails
Rick Romero wrote: I think I need to run a different email server for the intital queue - but this then brings up questions like, how do I use SMTP AUTH with, say, Exim, and vpopmail? I've just started using qpsmtpd to do SMTP AUTH against my vpopmail users with vchkpw, to avoid running a patched qmail-smtpd[1]. qpsmtpd has many spam-filtering plugins, and several queueing plugins, including one for qmail and one for any SMTP server (effectively as a proxy). It's fairly easy to extend too, if you know perl. I added a check module to allow our backup MX to only accept mail for a list of known accounts with an afternoon's work. Seperating your SMTP services into relay, inbound, and backup MX makes life a lot easier for enforcing mail policies, IMHO. It's worth a look, perhaps. Howie. [1] actually, it's to avoid having to reconcile SMTP AUTH patches with chkuser, which I already use, and couldn't live without. I run qmail-smtpd with chkuser for the 'public' MX SMTP service, and qpsmtpd for my local user's relay SMTP server, with auth and SSL.
Re: [vchkpw] Re: [toaster] filtering outgoing emails
Howard Jones wrote: Howie. [1] actually, it's to avoid having to reconcile SMTP AUTH patches with chkuser, which I already use, and couldn't live without. I run qmail-smtpd with chkuser for the 'public' MX SMTP service, and qpsmtpd for my local user's relay SMTP server, with auth and SSL. Hi, You should look at Bill's Toaster then, it has all of the above plus badmailfrom/to regex, qmail-pop3d maildir++ support, TLS support etc all built into one clean patch. http://www.shupp.org Regards, Rick