Re: [vchkpw] chkuser + smtp auth, disable CHKUSER_RCPTLIMIT when correct smt auth. how??

[Ibiltari]

Hi back,
I tested the code and works as spected no problems for the moment.
thank you very much!

pd: i have also added simscan to my conf and whit a little bit of
effort they work well together also whit the CHKUSER_DISABLE_VARIABLE
modification

On 2/11/06, tonix (Antonio Nati) [EMAIL PROTECTED] wrote:
  At 12.06 11/02/2006, you wrote:



 I'll publish this feature in next chkuser version (and rewrite the code in
 order to make it more easy and powerful - i.e. to make
 CHKUSER_EXCLUDE_VARIABLE indipendent from other variables).

  And mainly I'll take care to call it CHKUSER_DISABLE_VARIABLE anywhere !!

  Tonino

Re: [vchkpw] chkuser + smtp auth, disable CHKUSER_RCPTLIMIT when correct smt auth. how??

[Ibiltari]

Thank you for the solution!! i was out these days and not reading mail
but today i will try the code and lest see how it works...

On 2/11/06, tonix (Antonio Nati) [EMAIL PROTECTED] wrote:
  At 12.06 11/02/2006, you wrote:



 I'll publish this feature in next chkuser version (and rewrite the code in
 order to make it more easy and powerful - i.e. to make
 CHKUSER_EXCLUDE_VARIABLE indipendent from other variables).

  And mainly I'll take care to call it CHKUSER_DISABLE_VARIABLE anywhere !!

  Tonino

Re: [vchkpw] chkuser + smtp auth, disable CHKUSER_RCPTLIMIT when correct smt auth. how??

[tonix (Antonio Nati)]

At 18.36 06/02/2006, you wrote:
Hi, i have a working qmail
installation from netqmail and recently
included chkuser (very nice!).
I want to use the CHKUSER_RCPTLIMIT and CHKUSER_WRONGRCPTLIMIT
variables to block spam because they work very nice in my system,
but
the problem is that i don't want to apply these limits to the
authenticated clients, so they can send mail with lot of recipients
and even whit wrong recipient so they receive a bounced message. (if
they get an error when sending they just think, o! the server is not
working, lets call the provider). So, i tried whit #define
CHKUSER_SENDER_NOCHECK_VARIABLE RELAYCLIENT but it doesn't
works. It
only disables sender checking or also the limits? how i can disable
the limits only for authenticated clients? any idea?

Trying to give a practical answer, this what I suggest.
Add in chkuser_settings.h this define

#define CHKUSER_DISABLE_VARIABLE RELAYCLIENT
Then, in chkuser.c, add this code within first_time_init() after the
following lines:

#if !defined CHKUSER_ALWAYS_ON  defined
CHKUSER_STARTING_VARIABLE
 starting_string = env_get
(CHKUSER_STARTING_VARIABLE);
 if (starting_string) {


if (strcasecmp(starting_string, ALWAYS) == 0) {


starting_value = 1;


} else if (strcasecmp(starting_string, DOMAIN) == 0) {


starting_value = 0;


}
 } else {


starting_string = ;
 }
#endif

+#if defined CHKUSER_EXCLUDE_VARIABLE
+ if (env_get
(CHKUSER_EXCLUDE_VARIABLE)) {

+
starting_value = -1;
+ }
+#endif
Note that in order to make CHKUSER_EXCLUDE_VARIABLE working:

CHKUSER_ALWAYS_ON must be commented
CHKUSER_STARTING_VARIABLE must be enabled (ALWAYS or
DOMAIN, as you like)
I've not tested this code, as I don't have here shortly a test
environment, but it should work.
Please test it if you can.
I'll publish this feature in next chkuser version (and rewrite the code
in order to make it more easy and powerful - i.e. to make
CHKUSER_EXCLUDE_VARIABLE indipendent from other variables).
Tonino
Thanks in advance
Ion

Re: [vchkpw] chkuser + smtp auth, disable CHKUSER_RCPTLIMIT when correct smt auth. how??

[tonix (Antonio Nati)]

At 12.06 11/02/2006, you wrote:


I'll publish this feature in
next chkuser version (and rewrite the code in order to make it more easy
and powerful - i.e. to make CHKUSER_EXCLUDE_VARIABLE indipendent from
other variables).

And mainly I'll take care to call it CHKUSER_DISABLE_VARIABLE
anywhere !!
Tonino

Re: [vchkpw] chkuser + smtp auth, disable CHKUSER_RCPTLIMIT when correct smt auth. how??

[Tonix]

 On Monday 06 February 2006 11:57, tonix (Antonio Nati) wrote:
 At 20.31 06/02/2006, you wrote:
 Thanks for your answer Tonino, i take that solution in account but i
 would prefer another solution if possible, that smtp server is being
 already used by lots of clients so running another server for them
 would imply that they have to change their mail server (its a little
 change, i know, but they are lots and the average user would need
 assistance for doing that simple change) so i would try to another
 solution first if someone has another idea.. or i get illuminated in
 between hehe

 Simplest solution is to put another VARIABLE disabling this check. Let
 me see how add something like what you ask.
 I'm just wondering if other checks could be excluded for
 authenticathed users.

 I would say the simplest solution would be to skip these checks when
 RELAYCLIENT is set.  That way it works without modification with
 existing  SMTP AUTH patches, as well as manually setting RELAYCLIENT in
 your tcprules  file.

 or perhaps make the variable checked configurable, and default it to
 RELAYCLIENT.


I agree. I'll study how to simplify this check, trying to keep it as
simple as possible.

In this moment, my main problem is the choice between:

- a VARIABLE excluding chkuser when SET (it may default to RELAYCLIENT)
- a VARIABLE excluding intrusion checks (as before it may default to
RELAYCLIENT).

At first look, I feel excluding chkuser may be more useful, as in an
authenticated relaying system chkuser may be excluded.

Tonino

 -Jeremy

 --
 Jeremy Kitchen ++ [EMAIL PROTECTED]

 In the beginning was The Word and The Word was Content-type: text/plain
   -- The Word of Bob.



-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
 La tua posta elettronica senza virus su UfficioPostale.IT
   Your virus free electronic mail on UfficioPostale.IT

Re: [vchkpw] chkuser + smtp auth, disable CHKUSER_RCPTLIMIT when correct smt auth. how??

[Tonix]

 On Monday 06 February 2006 09:36, Ibiltari wrote:
 Hi, i have a working qmail installation from netqmail and recently
 included chkuser (very nice!).
 I want to use the CHKUSER_RCPTLIMIT and CHKUSER_WRONGRCPTLIMIT
 variables to block spam because they work very nice in my system, but
 the problem is that i don't want to apply these limits to the
 authenticated clients, so they can send mail with lot of recipients
 and even whit wrong recipient so they receive a bounced message. (if
 they get an error when sending they just think, o! the server is not
 working, lets call the provider). So, i tried whit #define
 CHKUSER_SENDER_NOCHECK_VARIABLE RELAYCLIENT but it doesn't works. It
 only disables sender checking or also the limits? how i can disable
 the limits only for authenticated clients? any idea?

 just a guess (since I haven't looked at chkuser code in ages):
 try removing the quotes from RELAYCLIENT  your define will look like
 this: #define CHKUSER_SENDER_NOCHECK_VARIABLE RELAYCLIENT

This DEFINE will simple avoid any kind of controls (formal, DNS, etc) on
sender. Will not have any effect on rcpt controls.

Tonino


 if that won't work, it shouldn't compile, so you'll know immediately ;)

 -Jeremy

 --
 Jeremy Kitchen ++ [EMAIL PROTECTED]

 In the beginning was The Word and The Word was Content-type: text/plain
   -- The Word of Bob.





-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
 La tua posta elettronica senza virus su UfficioPostale.IT
   Your virus free electronic mail on UfficioPostale.IT

Re: [vchkpw] chkuser + smtp auth, disable CHKUSER_RCPTLIMIT when correct smt auth. how??

[Tonix]

 mmm but is not harder to mantain a server whit 2 smtp server runing
 together? i think i would prefer the other method anyway. And by the
 way, it could be a nice feature to add to chkuser? somthing like
 CHKUSER_NOCHECKS_VARIABLE RELAYCLIENT

I think this is besides chkuser.

Consider with two different qmail-servers you have more possibilities to
simplify your management and give completely different behaviours to your
servers.

No SPAM control, no RBL, better error messages, no additional checks on
relaying server, full controls on MX server.

Tonino


 On 2/6/06, tonix (Antonio Nati) [EMAIL PROTECTED] wrote:
 At 20.57 06/02/2006, you wrote:
 Ibiltari wrote:
 Thanks for your answer Tonino, i take that solution in account but i
 would prefer another solution if possible, that smtp server is being
 already used by lots of clients so running another server for them
 would imply that they have to change their mail server (its a little
 change, i know, but they are lots and the average user would need
 assistance for doing that simple change) so i would try to another
 solution first if someone has another idea.. or i get illuminated in
 between hehe
 
 Change the MX record to a new ip and add an alias IP on the server.
 Current users still use mail.example.com but all outside mail comes
 in on mx.example.com.

 Much better than changing chkuser code :-) !!!

 Tonino

 Regards,
 
 Rick



-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
 La tua posta elettronica senza virus su UfficioPostale.IT
   Your virus free electronic mail on UfficioPostale.IT

Re: [vchkpw] chkuser + smtp auth, disable CHKUSER_RCPTLIMIT when correct smt auth. how??

[Ibiltari]

On 2/7/06, Tonix [EMAIL PROTECTED] wrote:
  On Monday 06 February 2006 11:57, tonix (Antonio Nati) wrote:
  At 20.31 06/02/2006, you wrote:
  Thanks for your answer Tonino, i take that solution in account but i
  would prefer another solution if possible, that smtp server is being
  already used by lots of clients so running another server for them
  would imply that they have to change their mail server (its a little
  change, i know, but they are lots and the average user would need
  assistance for doing that simple change) so i would try to another
  solution first if someone has another idea.. or i get illuminated in
  between hehe
 
  Simplest solution is to put another VARIABLE disabling this check. Let
  me see how add something like what you ask.
  I'm just wondering if other checks could be excluded for
  authenticathed users.
 
  I would say the simplest solution would be to skip these checks when
  RELAYCLIENT is set.  That way it works without modification with
  existing  SMTP AUTH patches, as well as manually setting RELAYCLIENT in
  your tcprules  file.
 
  or perhaps make the variable checked configurable, and default it to
  RELAYCLIENT.
 

 I agree. I'll study how to simplify this check, trying to keep it as
 simple as possible.

 In this moment, my main problem is the choice between:

 - a VARIABLE excluding chkuser when SET (it may default to RELAYCLIENT)
 - a VARIABLE excluding intrusion checks (as before it may default to
 RELAYCLIENT).

 At first look, I feel excluding chkuser may be more useful, as in an
 authenticated relaying system chkuser may be excluded.

I agree whit that,  since for authenticated clients its better a
bounced message than a short smpt error that lots of email clients
dont even show up. chkuser could be diseabled for them.
 Tonino

  -Jeremy
 
  --
  Jeremy Kitchen ++ [EMAIL PROTECTED]
 
  In the beginning was The Word and The Word was Content-type: text/plain
-- The Word of Bob.



 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
  La tua posta elettronica senza virus su UfficioPostale.IT
Your virus free electronic mail on UfficioPostale.IT

Re: [vchkpw] chkuser + smtp auth, disable CHKUSER_RCPTLIMIT when correct smt auth. how??

[Rick Macdougall]

Ibiltari wrote:

Thanks for your answer Tonino, i take that solution in account but i
would prefer another solution if possible, that smtp server is being
already used by lots of clients so running another server for them
would imply that they have to change their mail server (its a little
change, i know, but they are lots and the average user would need
assistance for doing that simple change) so i would try to another
solution first if someone has another idea.. or i get illuminated in
between hehe


Change the MX record to a new ip and add an alias IP on the server. 
Current users still use mail.example.com but all outside mail comes in 
on mx.example.com.


Regards,

Rick

Re: [vchkpw] chkuser + smtp auth, disable CHKUSER_RCPTLIMIT when correct smt auth. how??

[tonix (Antonio Nati)]

At 20.31 06/02/2006, you wrote:

Thanks for your answer Tonino, i take that solution in account but i
would prefer another solution if possible, that smtp server is being
already used by lots of clients so running another server for them
would imply that they have to change their mail server (its a little
change, i know, but they are lots and the average user would need
assistance for doing that simple change) so i would try to another
solution first if someone has another idea.. or i get illuminated in
between hehe


Simplest solution is to put another VARIABLE disabling this check.
Let me see how add something like what you ask.
I'm just wondering if other checks could be excluded for authenticathed users.

Any comment is welcome.

Tonino


On 2/6/06, tonix (Antonio Nati) [EMAIL PROTECTED] wrote:
 At 18.36 06/02/2006, you wrote:
 Hi, i have a working qmail installation from netqmail and recently
 included chkuser (very nice!).
 I want to use the CHKUSER_RCPTLIMIT and CHKUSER_WRONGRCPTLIMIT
 variables to block spam because they work very nice in my system, but
 the problem is that i don't want to apply these limits to the
 authenticated clients, so they can send mail with lot of recipients
 and even whit wrong recipient so they receive a bounced message. (if
 they get an error when sending they just think, o! the server is not
 working, lets call the provider). So, i tried whit #define
 CHKUSER_SENDER_NOCHECK_VARIABLE RELAYCLIENT but it doesn't works. It
 only disables sender checking or also the limits? how i can disable
 the limits only for authenticated clients? any idea?

 Actually I'm using a separate qmail-smtpd server for authenticated
 users (i.e. relay.mydomain.com), on a dedicated IP address.

 This solves the most of my problems, as in this way I can make the
 deepest customization I can, and I keep separated normal MX traffic
 and relaying traffic.

 In this dedicated server for authenticated users I think it could be
 even better not to enable CHKUSER, so normal users with Outlook will
 receive normal error messages instead of short SMTP responses.

 Tonino

 Thanks in advance
 Ion

Re: [vchkpw] chkuser + smtp auth, disable CHKUSER_RCPTLIMIT when correct smt auth. how??

[tonix (Antonio Nati)]

At 20.57 06/02/2006, you wrote:

Ibiltari wrote:

Thanks for your answer Tonino, i take that solution in account but i
would prefer another solution if possible, that smtp server is being
already used by lots of clients so running another server for them
would imply that they have to change their mail server (its a little
change, i know, but they are lots and the average user would need
assistance for doing that simple change) so i would try to another
solution first if someone has another idea.. or i get illuminated in
between hehe


Change the MX record to a new ip and add an alias IP on the server. 
Current users still use mail.example.com but all outside mail comes 
in on mx.example.com.


Much better than changing chkuser code :-) !!!

Tonino


Regards,

Rick

Re: [vchkpw] chkuser + smtp auth, disable CHKUSER_RCPTLIMIT when correct smt auth. how??

[Ibiltari]

mmm but is not harder to mantain a server whit 2 smtp server runing
together? i think i would prefer the other method anyway. And by the
way, it could be a nice feature to add to chkuser? somthing like
CHKUSER_NOCHECKS_VARIABLE RELAYCLIENT

On 2/6/06, tonix (Antonio Nati) [EMAIL PROTECTED] wrote:
 At 20.57 06/02/2006, you wrote:
 Ibiltari wrote:
 Thanks for your answer Tonino, i take that solution in account but i
 would prefer another solution if possible, that smtp server is being
 already used by lots of clients so running another server for them
 would imply that they have to change their mail server (its a little
 change, i know, but they are lots and the average user would need
 assistance for doing that simple change) so i would try to another
 solution first if someone has another idea.. or i get illuminated in
 between hehe
 
 Change the MX record to a new ip and add an alias IP on the server.
 Current users still use mail.example.com but all outside mail comes
 in on mx.example.com.

 Much better than changing chkuser code :-) !!!

 Tonino

 Regards,
 
 Rick

Re: [vchkpw] chkuser + smtp auth, disable CHKUSER_RCPTLIMIT when correct smt auth. how??

[Jeremy Kitchen]

On Monday 06 February 2006 09:36, Ibiltari wrote:
 Hi, i have a working qmail installation from netqmail and recently
 included chkuser (very nice!).
 I want to use the CHKUSER_RCPTLIMIT and CHKUSER_WRONGRCPTLIMIT
 variables to block spam because they work very nice in my system, but
 the problem is that i don't want to apply these limits to the
 authenticated clients, so they can send mail with lot of recipients
 and even whit wrong recipient so they receive a bounced message. (if
 they get an error when sending they just think, o! the server is not
 working, lets call the provider). So, i tried whit #define
 CHKUSER_SENDER_NOCHECK_VARIABLE RELAYCLIENT but it doesn't works. It
 only disables sender checking or also the limits? how i can disable
 the limits only for authenticated clients? any idea?

just a guess (since I haven't looked at chkuser code in ages):
try removing the quotes from RELAYCLIENT  your define will look like this:
#define CHKUSER_SENDER_NOCHECK_VARIABLE RELAYCLIENT

if that won't work, it shouldn't compile, so you'll know immediately ;)

-Jeremy

-- 
Jeremy Kitchen ++ [EMAIL PROTECTED]

In the beginning was The Word and The Word was Content-type: text/plain
  -- The Word of Bob.


pgp2sm1AOK9Ro.pgp
Description: PGP signature

Re: [vchkpw] chkuser + smtp auth, disable CHKUSER_RCPTLIMIT when correct smt auth. how??

[Jeremy Kitchen]

On Monday 06 February 2006 11:57, tonix (Antonio Nati) wrote:
 At 20.31 06/02/2006, you wrote:
 Thanks for your answer Tonino, i take that solution in account but i
 would prefer another solution if possible, that smtp server is being
 already used by lots of clients so running another server for them
 would imply that they have to change their mail server (its a little
 change, i know, but they are lots and the average user would need
 assistance for doing that simple change) so i would try to another
 solution first if someone has another idea.. or i get illuminated in
 between hehe

 Simplest solution is to put another VARIABLE disabling this check.
 Let me see how add something like what you ask.
 I'm just wondering if other checks could be excluded for authenticathed
 users.

I would say the simplest solution would be to skip these checks when 
RELAYCLIENT is set.  That way it works without modification with existing 
SMTP AUTH patches, as well as manually setting RELAYCLIENT in your tcprules 
file.

or perhaps make the variable checked configurable, and default it to 
RELAYCLIENT.

-Jeremy

-- 
Jeremy Kitchen ++ [EMAIL PROTECTED]

In the beginning was The Word and The Word was Content-type: text/plain
  -- The Word of Bob.


pgpTmOjhkVPCp.pgp
Description: PGP signature