In case anybody needs it, here's how to run the TMDA challenge-response and mail filtering system under XMail. This assumes Unix where users have home directories of their own, with different privileges. TMDA doesn't work on Windows. Home page: http://www.tmda.net/
1. Get and configure TMDA. For outgoing mail you use "smtp" because the
sendmail interface doesn't (yet) work (it needs to send from <> which uses a
separate argument). You must also set the CONFIRM_ADDRESS, USERNAME and
HOSTNAME to refer to your full address if they are different in XMail than your
local system. Use "sendmail" as MAIL_TRANSFER_AGENT and set the delimiter to
'-'.
2. Call, using mailproc.tab from your user's directory, the script pasted
below. You need Dan Bernstein's daemontools for the setuidgid program, or
modify it to use something else. Modify the script to refer to yourself
instead of "sgucukoglu" my local username for my email account. The script is
written in Tcl, so get and install it. This parses the spool file format for
the raw message, then calls TMDA with sender set to the first argument,
recipient the second, the spool file the third, extension separated by a hyphen
and parsed out of the recipient, and your home directory. Mailproc.tab uses
the external command to pass $(FROM), $(RCPT) and $(FILE).
3. If you want to use POP3 with XMail's built-in server you will create a
symlink inside your XMail home directory that refers to the Maildir you
configure TMDA to deliver to. (Hint: if you use IMAP you can browse your
pending queue with it, because TMDA can store pending mail in a Maildir also.)
4. Use aliases.tab to make local-* at your domain an alias for local. Local
is the part before the @ in your email address that XMail accepts mail for.
5. You may want to clear ErrorsAdmin and TempErrorsAdmin in server.tab, so as
to avoid a ton of copied bounces sent by XMail to the addresses for deliveries
made by TMDA (MAIL FROM:<>). You want to avoid spam, so you don't really want
to know when mail goes nowhere. Besides, you'll have to whitelist such
messages, and TMDA provides better support using tmda-ofmipd and "Dated"
addresses for your own bounces. It makes sense also not to whitelist yourself,
or <>, as some spammers have worked that out.
6. Set up other countermeasures. TMDA sends pretend bounces, which may well
go to innocent sites. You absolutely must do everything else to prevent
accepting bad mail, virus checks, SPF, etc, as befits your policy. If you
don't want mail from IP addresses or email addresses, use XMail's features, not
TMDA.
I enjoyed doing this, but it took some trial and error and a bit of lost mail.
I think the documentation in particular on mailproc.tab needs to explicitly say
that spool files are used for local deliveries rather than as done to the
Maildir dropbox. And we already know about the sendmail wrapper.
Cheers,
Sabahattin
Here is the script, tmda-proc:
#!/usr/bin/tclsh
set user "sgucukoglu"
set first [string first "-" [lindex $argv 1]]
if {$first!=-1} {
incr first
set last [string last "@" [lindex $argv 1]]
if {$last==-1} {
set env(EXT) [string range [lindex $argv 1] $first end]
} else {
incr last -1
set env(EXT) [string range [lindex $argv 1] $first $last]
}
} else {
set env(EXT) ""
}
set env(HOME) "/home/$user"
set env(SENDER) [lindex $argv 0]
set env(RECIPIENT) [lindex $argv 1]
set infile [open [lindex $argv 2]]
fconfigure $infile -encoding binary -translation crlf
while {[gets $infile] ne "<<MAIL-DATA>>"} continue
set msg [read $infile]
close $infile
set outpipe [open "|/usr/bin/setuidgid $user /usr/local/bin/tmda-filter" w]
fconfigure $outpipe -encoding binary -translation crlf -buffering none
puts $outpipe "Return-Path: <[lindex $argv 0]>"
puts -nonewline $outpipe $msg
close $outpipe
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ xmail mailing list xmail@xmailserver.org http://xmailserver.org/mailman/listinfo/xmail
