[milters] Archive

Lists Index Date Thread Search

Article: 1046
From: Jim Galley
Date: 2006-07-18 13:37:34 -0400
Subject: Re: milter-gris and Popauth.db

Removal...........: milters-request@milter.info?subject=remove
More information..: http://www.milter.info/#Support
--------------------------------------------------------

Andrew,

Hmm - made the following changes - now sending doesn't work.

Did I misinterpret something?

FEATURE(`access_db',`hash -T<TMPF> -o /etc/mail/access.db')dnl
dnl #
dnl # added in from poprelayd
# We probably want the access_db feature enabled.
# List of IP addresses we allow relaying from.
Klocalip hash -a<MATCH> /etc/mail/access
Kpopip hash  -a<MATCH> /etc/mail/popip
Kassign macro

LOCAL_RULESETS


SLocal_check_rcpt
# Put the address into cannonical form (even if it doesn't resolve to an
MX).
R$*            $: $>Parse0 $>3 $1
R$* < $* > $*        $: $1 < $2 . > $3                Pretend it's
canonical.
R$* < $* . . > $*    $1 < $2 . > $3                    Remove extra dots.

# Allow relaying if the connected host is a local IP address.
R$*            $: < $&{client_addr} >            Get client IP address.
R<>            $#OK                    Local is ok.
R< $* . $- > $*        $(localip $1.$2 $: < $1 > . $2 $)    Check last
three octets.
R$* < MATCH >        $#OK
R< $- > $*        $: $(localip $1 $: < > $1 $2 $)        Check first octet.
R$* < MATCH >        $#OK

# Allow relaying if the connected host has recently POP3 authenticated.
R$*            $: < $&{client_addr} >            Get client IP address.
R< $* >         $(popip $1 $)                Check full address.
R$+ < MATCH >        $: $(assign {popauth_info} $@ $1 @ $&{client_addr} $)
R$* < MATCH >        $#OK

jim

Anthony Howe wrote:
> Removal...........: milters-request@milter.info?subject=remove
> More information..: http://www.milter.info/#Support
> --------------------------------------------------------
>
> Jim Galley wrote:
>> Per your warning, i did not mess with the R$* code, but i did notice
>> that there isn't a storage or {popauth_info} variable.  Perhaps
>
> It would be easy to change this ruleset to set {popauth_info} in order
> to pass to the Snert milters.
>
>> # List of IP addresses we allow relaying from.
>> Klocalip hash -a<MATCH> /etc/mail/access
>> Kpopip hash  -a<MATCH> /etc/mail/popip
>
> Insert
>
> Kassign macro
>
>> R< $* >         $(popip $1 $)                Check full address.
>
> Insert, replace TAB with one or more real tab characters.
>
> R$+ <MATCH> TAB    $: $(assign {popauth_info} $@ $1 @ $&{client_addr} $)
>
>> R$* < MATCH >        $#OK
>
> This is of course untested, but it should work. I'm guessing the
> popip.db use an IP address as the key and saves the username as the
> value. So on a successful lookup, you should have in the pattern buffer:
>
>     username<MATCH>
>
> This matches the inserted rule, which simply saves the username and IP
> in the {popauth_info} macro before ending the ruleset in the following
> line. The format of the {popauth_info} macro set here is:
>
>     username@ip
>
> Now if the {popauth_info} is set (not NULL), the Snert milters should
> act on it, assuming that {popauth_info} is in the list of macros to be
> passed (see previous article on this) from sendmail to the milters.
>

Lists Index Date Thread Search