Qmail Support Forum Forum Index Qmail Support Forum
Qmail Email Server Support Forums
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

relayclients control file patch advice

 
Post new topic   Reply to topic    Qmail Support Forum Forum Index -> Qmail Solutions
View previous topic :: View next topic  
Author Message
admin
Site Admin


Joined: 21 Jun 2005
Posts: 209
PostPosted: Mon Jul 24, 2006 7:04 am    Post subject: relayclients control file patch advice Reply with quote
Hi,

I'm about to embark on writing a small patch for qmail so that it will
check a relayclient control file for the TCPREMOTEIP environment
variable (if the RELAYCLIENT environment variable is not already set),
and thought I'd seek any advice the list may have first.

We'd like our xDSL customers to be able to send through some of our
servers unauthenticated but the problem we have is that as we have many
small blocks of IPs (128-256 in each), adding all the IP ranges to
tcp.stmp will become cumbersome; especially when more IPs are allocated
to us through RIPE. It would also make it harder to block single IPs
from sending through the servers if they have virally infected machines
that are pumping out spam/viruses etc, for instance.

I don't anticipate that writing the patch itself will be a problem, but
wanted to know of any shortcomings/problems that using such a method may
incur.

I have searched for an existing patch that will do this but haven't
found anything as of yet, as well as searching previous posts on this list.

Any advice would be greatly appreciated.



Kind regards,
Tim O'Donovan
Back to top
View user's profile Send private message Send e-mail
admin
Site Admin


Joined: 21 Jun 2005
Posts: 209
PostPosted: Mon Jul 24, 2006 7:07 am    Post subject: Reply with quote
On Wed, Jul 19, 2006 at 02:11:47PM +0100, Tim O'Donovan wrote:
> We'd like our xDSL customers to be able to send through some of our
> servers unauthenticated but the problem we have is that as we have many
> small blocks of IPs (128-256 in each), adding all the IP ranges to
> tcp.stmp will become cumbersome;

Why? I think this should not be a problem.. tcp.smtp will contain 100 lines?
I don't think it's too much.. especially when more IPs are allocated
And how do you think to manage your control file? Do you think to a more compact
way to aggregate ip addresses? Maybe I don't understand how your control file
can be smaller than the tcp.smtp.. please explain Smile

> to us through RIPE. It would also make it harder to block single IPs
> from sending through the servers if they have virally infected machines
> that are pumping out spam/viruses etc, for instance.

you can just put it in the tcp.smtp file with a deny rule, and check with
tcprulescheck if it matches the ip address instead of the more generic one.

> I don't anticipate that writing the patch itself will be a problem, but
> wanted to know of any shortcomings/problems that using such a method may
> incur.

Uhm, as I can understand your idea, it's not much more than a clone of the
tcp.smtp file, but maybe I need more information about which are the benefits
of your patch. By the way, I'm not saying that your patch will be useless,
just show us more Smile

> I have searched for an existing patch that will do this but haven't
> found anything as of yet, as well as searching previous posts on this list.

Uhm, if you need more flexibility in the tcp.smtp file, why don't you write
this patch for tcpserver instead of qmail? For example to support network
masks in address definition (now it's done on a dotted decimal mask only).

Don't misunderstand this answer, just try to convince us it's cool! Smile

Fabio
Back to top
View user's profile Send private message Send e-mail
admin
Site Admin


Joined: 21 Jun 2005
Posts: 209
PostPosted: Mon Jul 24, 2006 7:10 am    Post subject: Reply with quote
> We'd like our xDSL customers to be able to send through some of our
> servers unauthenticated but the problem we have is that as we have many
> small blocks of IPs (128-256 in each), adding all the IP ranges to
> tcp.stmp will become cumbersome; especially when more IPs are allocated
> to us through RIPE.

There are better solutions. For instance, you can keep track of your
allocated blocks in some other fashion and generate the tcprules data file
automatically.

> I don't anticipate that writing the patch itself will be a problem, but
> wanted to know of any shortcomings/problems that using such a method may
> incur.

If you absolutely want to do it this way, you don't actually need a patch.
Write a tiny program that gets the IP to look up from TCPREMOTEIP, does the
lookup in whatever fashion you want (from your data file, etc) and
conditionally sets RELAYCLIENT, then execs the balance of its commandline
(just like rblsmtpd, for example). Then insert this custom program in your
SMTP service script between tcpserver and qmail-smtpd.

> I have searched for an existing patch that will do this but haven't
> found anything as of yet

That's because what you're asking can be done purely with tcpserver, or with
no patch if you don't want tcpserver to do it.
Back to top
View user's profile Send private message Send e-mail
Display posts from previous:   
Post new topic   Reply to topic    Qmail Support Forum Forum Index -> Qmail Solutions All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © phpBB Group. Hosted by phpBB.BizHat.com


For Support - http://forums.BizHat.com

Free Web Hosting | Free Forum Hosting | FlashWebHost.com | Image Hosting | Photo Gallery | FreeMarriage.com

Powered by PhpBBweb.com, setup your forum now!