[milters] Archive

Lists Index Date Thread Search

Article: 1071
From: Jim Galley
Date: 2006-07-22 08:51:36 -0400
Subject: Re: milter-gris and Popauth.db

Removal...........: milters-request@milter.info?subject=remove
More information..: http://www.milter.info/#Support
--------------------------------------------------------

Update: With a little (who am I kidding, a lot) of help from
Anthony, everything is working properly.

Here's what I did (Anthony, correct if I get something wrong):

1) d/l poprelay 1.5 from http://poprelay.sourceforge.net/
2) install with default configuration
3) build and install libsnert with configure --enable-pop-auth

    cd com/snert/src/lib
    ./configure --enable-popauth

4) Rebuild milters with the new libsnert

    cd ../milter-gris
    make clean build

5) re INSTALL snertsoft milters

    sudo make install

6) add the following into your sendmail.mc
  (Reference:
  http://poprelay.sourceforge.net/poprelay.mc
   http://poprelay.sourceforge.net/poprelay.html
   anthony howe / Mike Elliott's readme)

============================================================
dnl #
dnl # macro definition for sendmail/milter passing of popauth_info value
define(`confMILTER_MACROS_ENVRCPT', confMILTER_MACROS_ENVRCPT`,
{popauth_info}')dnl
dnl #
dnl # poprelayd entries
dnl#
# We probably want the access_db feature enabled.
FEATURE(`access_db',`hash -T<TMPF> -o /etc/mail/access.db')dnl
# List of IP addresses we allow relaying from.
Klocalip hash -a<MATCH> /etc/mail/access
Kpopip hash  -a<MATCH> /etc/mail/popip
Kassign macro

LOCAL_RULESETS

Sset_client_addr
R$*            $: $( assign {client_addr} $@ $1 $)

SLocal_check_rcpt
# Put the address into canonical form (even if it doesn't resolve to an MX).
R$*``TAB''``TAB''``TAB''     $: $>Parse0 $>3 $1
R$* < $* > $*``TAB''``TAB''$: $1 < $2 . > $3``TAB''``TAB''``TAB''Pretend
it's canonical.
R$* < $* . . > $*``TAB'' $1 < $2 . > $3``TAB''``TAB''``TAB''Remove extra
dots.

# Allow relaying if the connected host is a local IP address.
R$*``TAB''``TAB''``TAB''     $: < $&{client_addr} >``TAB''``TAB''``TAB''
Get client IP address.
R<>``TAB''``TAB''``TAB''    
$#OK``TAB''``TAB''``TAB''``TAB''``TAB''``TAB''    Local is ok.
R< $* . $- > $*``TAB''   $(localip $1.$2 $: < $1 > . $2 $)``TAB''Check
last three octets.
R$* < MATCH >``TAB''``TAB''$#OK
R< $- > $*``TAB''``TAB''   $: $(localip $1 $: < > $1 $2 $)``TAB''  Check
first octet.
R$* < MATCH >``TAB''``TAB''$#OK

# Allow relaying if the connected host has recently POP3 authenticated.
R$*``TAB''``TAB''``TAB''     $: < $&{client_addr}
>``TAB''``TAB''``TAB''Get client IP address.
R< $* >``TAB''``TAB''``TAB'' $(popip $1 $)``TAB''``TAB''``TAB''``TAB''
   Check full address.
R$+ < MATCH >``TAB''``TAB''$: $(assign {popauth_info} $@ $1 @
$&{client_addr} $) $1 < MATCH >
R$* < MATCH >``TAB''``TAB''$#OK

When publishing sendmail ruleset, because tabs between left and right
sides are significant in R lines, best to replace the tabs with ``TAB''
and explain that TAB should be replaced by an ascii tab when inserted.

# IP address didn't match.
============================================================

NOTE: Remember to replace all those ``TAB'' entries with a real ascii
tab character - tabs between left and right sides are signifcant in R lines.


7) make sendmail & restart.

make sendmail.cf
pkill -HUP sendmail

8) restart all snertsoft milters

milter-gris -restart

9) bask in the glory of a working pop-before-smtp / milter-gris
installation!

Hope this helps.

Lists Index Date Thread Search