[vchkpw] tcp.smtp / open-smtp rule precedence

Fri, 16 Jan 2004 10:13:14 -0800 

Hi folks.  We're experiencing a weird issue related to the open-smtp /
roaming users feature of vpopmail.

We have a line in our ~vpopmail/etc/tcp.smtp file that looks like this:

12.161.105.140:allow,MFCHECK="0",RBLSMTPD="",QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"

The notable part for my question is that we want to accept mail from this
server and run it through qmail-scanner.  qmail-scanner.pl will process
the message as long as RELAYCLIENT is not set for the connecting host,
which, as you can see above, it is not.

BUT, we have a meddlesome user on 12.161.105.140 who is popping into
vpopmail, which has the allow roaming users flag set.  As soon as this
user does that, an entry is created in the tcp.smtp database for that
user, as reflected in the open-smtp file:

12.161.105.140:allow,RELAYCLIENT="",RBLSMTPD=""  1074272408

The result is that the users pop / roaming action is disabling
qmail-scanner for all mail from that server.  In general, the issue is
that a user popping in from an IP that has a line in the main
~vpopmail/etc/tcp.smtp can override the rule for that IP.

I realize this could be discussed on any number of lists (tcpserver,
qmail-scanner, etc.), but I *think* this is just a matter of precedence in
the way tcprules is run to incorporate the ~vpopmail/etc/tcp.smtp file AND
the roaming user entry that's added by vpopmail.  So I'm hoping it might
be worth exploring here since other vpopmail users may want to override
tcpserver environment variables with the main tcp.smtp file.

This seems to be the relevant part of vpopmail.c:

                strncpy(bin0, TCPRULES_PROG, BUFF_SIZE);
                strncpy( bin1, TCP_FILE, BUFF_SIZE);
                strncat( bin1, ".cdb", BUFF_SIZE);
                strncpy( bin2, TCP_FILE, BUFF_SIZE);
                strncat( bin2, relay_template, BUFF_SIZE);
                binqqargs[0] = bin0;
                binqqargs[1] = bin1;
                binqqargs[2] = bin2;
                binqqargs[3] = 0;
                execv(*binqqargs,binqqargs);

But I'm not quite clear on how tcprules is processing / ordering the
ruleset when a roaming user triggers this action.

I scanned the archives and couldn't find a reference to this
problem, but apologizes if it's been discussed under a different set of
keywords.

Any thoughts?

Thanks,
Chris

Reply via email to