On 2006-12-30, at 0537, Rick Widmer wrote:

I've decided to take the easy way out and pull the localrelay patch from 5.4.18. 5.4.19 isn't too far away, and there are a number of bug fixes that need to get out.

i didn't recognize what "localrelay" was, so i searched back in my inbox and found a message from may 10th which describes what it supposedly does. again with keeping statically defined IPs from getting dynamic entries. why don't people just use AUTH like the rest of us? i haven't used relay-after-pop3 in about four years now...


here's a totally different approach:

- the process which writes out the new smtpd access control file would have a second step- it would read the list of static "tcp.smtp" entries. if it finds any lines which match ':allow.*,RELAYCLIENT=', it would write that line's IP (or whatever is to the left of ":allow") followed by ':allow,RELAYCLIENT=""' to a new file... which is then piped through tcprules to provide- get this- an access control list for the POP3 and/or IMAP servers.

you could even compare the timestamps on the two files and only rebuild the POP3/IMAP access control list if the smtpd static list has been changed.

the idea is that if somebody connects from an IP which has static RELAYCLIENT permission on the smtpd server, the tcpserver which fires off the POP3/IMAP service would also add a RELAYCLIENT variable.

- the code in (vchkpw.c?) which starts the whole "add a dynamic IP to the access control list" function would search for a RELAYCLIENT variable. if it exists, it would bypass the entire process of generating new cdb files.

the variable which is used to flag static entries for the patch doesn't have to be RELAYCLIENT... it could be something as simple as STATIC=""... but the idea is to give the tcpserver which fires the POP3/IMAP services an access control file, and teach THAT access control file about your static entries.

it seems to me there would be a lot less patching, and what little there is would be based on environment variables, which are easy to check for, and which are easy to set using tcpserver's access control files.

| John M. Simpson    ---   KG4ZOW   ---    Programmer At Large |
| http://www.jms1.net/                         <[EMAIL PROTECTED]> |
| http://video.google.com/videoplay?docid=-4312730277175242198 |

Attachment: PGP.sig
Description: This is a digitally signed message part

Reply via email to