[milters] Archive

Lists Index Date Thread Search

Article: 1043
From: Jim Galley
Date: 2006-07-18 11:17:12 -0400
Subject: Re: milter-gris and Popauth.db

Removal...........: milters-request@milter.info?subject=remove
More information..: http://www.milter.info/#Support
--------------------------------------------------------

Mike,

Thanks for the insight - i installed poprelay 1.5
(http://poprelay.sourceforge.net) w/o modifications and I can send w/o
problems. It has a slightly different SLocal_check_rcpt strategy
(everything is in sendmail.mc).

Per your warning, i did not mess with the R$* code, but i did notice
that there isn't a storage or {popauth_info} variable.  Perhaps
milter-gris and poprelay are ships passing in the night, unaware of each
others presence.  But at least both work and don't collide / conflict
with each other. :)

lines added to sendmail.mc
==========================================================
# We probably want the access_db feature enabled.
FEATURE(`access_db',`hash -T<TMPF> -o /etc/mail/access.db')dnl

# List of IP addresses we allow relaying from.
Klocalip hash -a<MATCH> /etc/mail/access
Kpopip hash  -a<MATCH> /etc/mail/popip


LOCAL_RULESETS


SLocal_check_rcpt
# Put the address into cannonical form (even if it doesn't resolve to an
MX).
R$*            $: $>Parse0 $>3 $1
R$* < $* > $*        $: $1 < $2 . > $3                Pretend it's
canonical.
R$* < $* . . > $*    $1 < $2 . > $3                    Remove extra dots.

# Allow relaying if the connected host is a local IP address.
R$*            $: < $&{client_addr} >            Get client IP address.
R<>            $#OK                    Local is ok.
R< $* . $- > $*        $(localip $1.$2 $: < $1 > . $2 $)    Check last
three octets.
R$* < MATCH >        $#OK
R< $- > $*        $: $(localip $1 $: < > $1 $2 $)        Check first octet.
R$* < MATCH >        $#OK

# Allow relaying if the connected host has recently POP3 authenticated.
R$*            $: < $&{client_addr} >            Get client IP address.
R< $* >         $(popip $1 $)                Check full address.
R$* < MATCH >        $#OK

# IP address didn't match.
==========================================================


Michael Elliott wrote:
> Removal...........: milters-request@milter.info?subject=remove
> More information..: http://www.milter.info/#Support
> --------------------------------------------------------
>
>   
>> Has anyone else have this POP_B4_SMTP_TAG in use, or have been
>> successful in getting a pop before smtp solution working with milter-gris?
>>
>> TIA,
>>
>> Jim
>>     
>
> I am the one that Anthony put the --enable-popauth in for.  The first 
> version of it I gave to him did a read of the database.  It slowed
> things down, so I went to a version that looked at the variable sendmail
> was setting after it did its database reading.
>
> The sendmail macros I am using are extinct on the net now, but I 
> carry them forward because of their usefulness for an ISP class
> machine.  They have also been highly customized over time. 
> But, the key factors in mine that you need to get close to the same 
> in your implementation are:
>
> sendmail.cf near the top:
>    # ================== DATABASE =================================
>    # database definitions
>    # =============================================================
>    # definition of popauth
>    Kpopauth btree /usr/local/etc/dracd
>
> The type of database doesn't matter.  Just that there is one, and 
> sendmail is reading it to compare the connecting IP against.
>    
>    # ================== ENVELOPE =================================
>    # macro for header field X-Popauth-Info
>    H?${popauth_info}?X-Popauth-Info: ${popauth_info}
>
> This simply added a header line if the {popauth_info} storage 
> variable contained data.  That was part of the original extinct
> package.
>
>    SLocal_check_rcpt
>    # check the client_addr against the popauth-database
>    R$*			$: $1 $| <$&{client_addr}>
>    R$* $| <$+>		$: $1 $| <$(popauth $2 $: ? $)> <$2>
>    R$* $| <?> $*	$: $1
>    # add the RHS of the popauth.db to the header-field X-Popauth-Info
>    R$* $| <@NOINFO> $*	$: $1 $| <>
>    R$* $| <$+> $*	$: $1 $| <$(storage {popauth_info} $@ $2 $)>
>    R$* $| <$*> $*	$#OK
>    R$* $| $*		$: $1
>
> In most stock sendmail configs, SLocal_check_rcpt is an empty function,
> Adding the previous function is what does the major work for me.
>
> The key factor is that after the database lookup, the storage command
> puts the value of the lookup into the {popauth_info} variable.  That is 
> how it is read by all of Anthony's milters.  Since you are using a 
> completely different package I haven't seen before, I don't have a quick
> drop in answer for you.  Whatever variable used to mark your headers
> with an H? line is what you need to copy into a {popauth_info} and then 
> expose to the milters as Anthony showed in his reply. 
>
> Hope that helps.  But, unless you are completely comfortable with writing 
> R$* code, *!*don't try this*!*.  R$* is the fastest way to a disaster 
> possible in coding.  Guessing is not an option.  Modifying your package 
> to do this is going to be very tricky.  You have been warned.
>
> -Mike Elliott
>
>   

Lists Index Date Thread Search