qmail-spp-general Mailing List for qmail-spp - qmail SMTP plugin patch
Brought to you by:
pavcio
You can subscribe to this list here.
2004 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(1) |
Aug
(9) |
Sep
(5) |
Oct
(6) |
Nov
(12) |
Dec
(2) |
---|---|---|---|---|---|---|---|---|---|---|---|---|
2005 |
Jan
(3) |
Feb
|
Mar
|
Apr
|
May
|
Jun
(1) |
Jul
(3) |
Aug
(1) |
Sep
(25) |
Oct
|
Nov
|
Dec
|
2006 |
Jan
|
Feb
(1) |
Mar
(4) |
Apr
(3) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(2) |
Dec
(3) |
2007 |
Jan
(19) |
Feb
(4) |
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(4) |
Nov
(5) |
Dec
(1) |
2008 |
Jan
(8) |
Feb
(3) |
Mar
(4) |
Apr
|
May
|
Jun
(2) |
Jul
|
Aug
|
Sep
|
Oct
(1) |
Nov
(5) |
Dec
|
2009 |
Jan
|
Feb
(5) |
Mar
|
Apr
|
May
(2) |
Jun
(1) |
Jul
|
Aug
|
Sep
|
Oct
(1) |
Nov
(1) |
Dec
|
2010 |
Jan
|
Feb
|
Mar
|
Apr
(3) |
May
|
Jun
|
Jul
|
Aug
|
Sep
(3) |
Oct
|
Nov
|
Dec
|
2012 |
Jan
|
Feb
(3) |
Mar
(1) |
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
2015 |
Jan
(2) |
Feb
|
Mar
|
Apr
(2) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
From: Janine I. <put...@vo...> - 2015-04-15 16:27:14
|
Morning, ==================== CLEAR CHANNEL 7 R Des Brunelleries Ecotole Angou Loire 21 49080 Bouchemaine Bouchemaine FRANCE +33 241 55 57 85 |
From: Sylvie P. <co...@co...> - 2015-01-21 19:50:04
|
Railroad pass. The country south of the new boundary line is not of much consequence to us: it belongs to Mexico. The country north of the Mexican boundary is the most marvelous in the United States. After many years |
From: Sebastian W. <seb...@na...> - 2012-03-13 20:34:50
|
Hello dear list, I have a simple script which will do some rcpt checks. It is written in perl and access SMTPRCPTTO via: $ENV{SMTPRCPTTO} But the variable is empty. If I just test it with a simple MAIL FROM ... RCPT TO ... RSET directly to qmail, $ENV{SMTPRCPTTO} is empty. I checked with other variables: SMTPRCPTCOUNTALL, SMTPRCPTHOSTSOK which work quite well (variables are defined and not empty). My versions are (Gentoo distribution): genqmail-20080406 netqmail-1.06 qmail-spp-0.42 Can you help me and explain why SMTPRCPTTO is empty? Thanks and regards, Sebastian 'kickino' Wieseler -- ,= ,-_-. =. /"\ ((_/)o o(\_)) \ / ASCII Ribbon Campaign `-'(. .)`-' && X against HTML e-mail \_/ / \ |
From: Aaziz Ù
Ù Ø®Ùا٠T. <nor...@tw...> - 2012-02-26 13:49:35
|
لقد وجدت طرقة رائعة وحصرية للقاء أناس جدد على الإنترنت: Twoo.com. ---------------------------------------------------------------- أهلا، فقط قم بملاحظة بأن صديقك Aaziz يحضى بوقت رائع بمقابلة أشخاص جدد على Twoo.إنظم الآن! نسخ/لصق الرابك التالي في متصفحك الخاص http://twoo.com/m/lWQLvK2w لاتريد أستلام البريد الالكتروني هذا؟ أتبع الرابط التالي: /unsubscribe/?email=qmail-spp-general%40lists.sourceforge.net&code=b463c72b3318bde1e034218562942b51&typeid=46---------------------------------------------------------------- TWOO NV/SA, Grainsborough House, 81 Oxford Street, W1D 2EU London, United Kingdom in...@tw... BE0834322338. |
From: Aaziz Ù
Ù Ø®Ùا٠T. <nor...@tw...> - 2012-02-19 12:43:48
|
لقد وجدت طرقة رائعة وحصرية للقاء أناس جدد على الإنترنت: Twoo.com. ---------------------------------------------------------------- أهلا، فقط قم بملاحظة بأن صديقك Aaziz يحضى بوقت رائع بمقابلة أشخاص جدد على Twoo.إنظم الآن! نسخ/لصق الرابك التالي في متصفحك الخاص http://twoo.com/m/gJGb4gx3 ---------------------------------------------------------------- TWOO NV/SA, Grainsborough House, 81 Oxford Street, W1D 2EU London, United Kingdom in...@tw... BE0834322338. |
From: Aaziz <nor...@tw...> - 2012-02-12 12:23:41
|
لقد عثرت للتو على طريقة جديدة لمقابلة اشخاص جدد على الانترنت: Twoo.com. ---------------------------------------------------------------- Hi, qmail-sourcefroge-support Aaziz قد وجد طريقة للقاء أناس على الإنترنت ويريدون منك الإنضمام إلى المرح: Twoo.com. نسخ/لصق الرابك التالي في متصفحك الخاص http://twoo.com/m/lWQT3nxO ---------------------------------------------------------------- TWOO NV/SA, Grainsborough House, 81 Oxford Street, W1D 2EU London, United Kingdom in...@tw... BE0834322338. |
From: Abd El A. R. <aaz...@ya...> - 2010-09-29 08:14:54
|
Dear i need to add some or all of mapi features to my qmail server accounts if it accepted please tell my how and what is packages needed .. GOOD DAY |
From: Abd El A. R. <aaz...@ya...> - 2010-09-29 07:58:18
|
dear when i add check_quota package for qmail web access and add it in the configuration as a plugin it not appear on squirrel mail web access .. please advice me what can do to make display user quota at he login to your account .... |
From: Florin A. <fl...@sy...> - 2010-09-13 12:44:46
|
I have a qmail server that must forward all incoming emails to a LMTP server. Is there a plugin for qmail or something similar that can make qmail understand the LMTP protocol and communicate properly with the LMTP server? Installing another proxy to make the translation between SMTP and LMTP (such as Postfix) is out of the question. Thanks, fl...@sy... |
From: Jason F. <fr...@go...> - 2010-04-05 00:05:24
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Apr 4, 2010, at 10:43 AM, The Archer wrote: > I am trying to employ a valid user checking mechanism that can drop connections when a user does not exist and get all the damn double bounces out of my email. the qmail-spp patch went in just fine, and I grabbed the valid user check plugin script (http://www.maiers.de/qmail/art38,72.html). > > Testing shows that it works, exiting 0 or 1 as appropriate, but how do I translate that 0 or 1 into action on the part of qmail-spp? When testing via manual smtp mailing, I can verify that the script runs, but it doesn't do anything with the result and qmail continues to accept the connection despite no user existing. > > There are no commands for spp inside the plugin (Rmesg is what I'm after), and looking at other plugin shell scripts they don't have it either. So what am I missing? Well, from looking at the code, it looks like the script automatically determines whether it's running via qmail-spp by looking to see how the recipient is passed. I'm not sure how you're calling the script, though it should be in the rcpt section of your plugins file. Once a determination about whether or not the recipient is valid, it either drops through, or prints out the text in MSG_ERROR ... The default script prints out a simple error rejecting the smtp command. If you want it to reject instead, just change the leading E to an R. - -- Jason -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) iEYEARECAAYFAku5KTMACgkQhR5xme3cl77yKACgw7aFw8hgY9gT8b8Y1t+hAJ47 K+YAn1RdYGDcHZGJd1tRPeppUXDJCrde =ieyT -----END PGP SIGNATURE----- |
From: The A. <arc...@gm...> - 2010-04-04 14:43:57
|
I am trying to employ a valid user checking mechanism that can drop connections when a user does not exist and get all the damn double bounces out of my email. the qmail-spp patch went in just fine, and I grabbed the valid user check plugin script (http://www.maiers.de/qmail/art38,72.html). Testing shows that it works, exiting 0 or 1 as appropriate, but how do I translate that 0 or 1 into action on the part of qmail-spp? When testing via manual smtp mailing, I can verify that the script runs, but it doesn't do anything with the result and qmail continues to accept the connection despite no user existing. There are no commands for spp inside the plugin (Rmesg is what I'm after), and looking at other plugin shell scripts they don't have it either. So what am I missing? |
From: Daniel K. <dan...@gm...> - 2009-11-24 13:57:02
|
Hi Everyone! I have been using qmail-spp for many years now flawlessly. I work for a company where sending mails from the company's domain as a "From" part is impossible from the outside world, those mails are 100% spams. Recently we got mails that have the following log: return-path='mes...@aa...', from='<us...@my...>' Unfortunately the SMTPMAILFROM variable only containts the address in the return-path and there is no other variable that returns to the "from" part, thus the filter I have used for many time now, does not work. Can I somehow add the "from" part as a variable that I can use in my scripts? Thanks in advance! Daniel |
From: Chris C. <cc...@al...> - 2009-10-20 17:58:43
|
On Thu, 6 Nov 2008, Chris Caputo wrote: > I have modified Pawel's 2004-07-27 "spf" plugin and created > "qmail-spp-spf". > > This plugin is up at: > > https://www.caputo.com/foss/qmail-spp-spf/ Build fix for current include files... Chris --- qmail-spp-spf-20081106.c 2008-11-06 05:33:33.000000000 +0000 +++ qmail-spp-spf-20091020.c 2009-10-20 17:24:55.000000000 +0000 @@ -263,10 +263,10 @@ } else { - addr6.in6_u.u6_addr32[0] = random(); - addr6.in6_u.u6_addr32[1] = random(); - addr6.in6_u.u6_addr32[2] = random(); - addr6.in6_u.u6_addr32[3] = random(); + addr6.s6_addr32[0] = random(); + addr6.s6_addr32[1] = random(); + addr6.s6_addr32[2] = random(); + addr6.s6_addr32[3] = random(); if (SPF_request_set_ipv6(spf_request, addr6)) { |
From: HOMA S. <hom...@gm...> - 2009-06-29 06:51:39
|
Hi all I Installed the checkmx as it was said and put it under the [mail] in smtpplugins.it works fine but unfortunately it rejects the email from gmail and yahoo. the error is: Connected to x.y.w..z but sender was rejected. Remote host said: 553 sorry, 550 No SPF/MX record for sender's domain! (#5.7.1) is there any way to check the validity of sender domain without such an error? |
From: Jason F. <fr...@go...> - 2009-05-25 16:44:48
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On May 25, 2009, at 6:49 AM, HOMA SAADAT wrote: > Hi all > I 'm brand new to qmail-spp.I installed netqmail1.06 and > ucspi-tcp-0.88 as described in Life with Qmail with vpopmail > 5.4.27(without Database).I Also applied the qmail-smtpd-auth-043 for > authentication. > I want to use qmail-spp plugins such as > vpopmail_check_recipient,maxrcpt,rate_from and so on but unfortunately > do not know how should i use these plugins.I appreciate any help about > installing these patches. http://qmail-spp.sourceforge.net/doc/ Check that page for documentation. Take a look at the configuration section and it should explain everything. If you still have questions, feel free to reply. :) > Best Regards > H.Saadat - --------------------------- Jason 'XenoPhage' Frisvold Engine / Technology Programmer fr...@go... RedHat Certified - RHCE # 803004140609871 MySQL Pro Certified - ID# 207171862 MySQL Core Certified - ID# 205982910 - --------------------------- "Something mysterious is formed, born in the silent void. Waiting alone and unmoving, it is at once still and yet in constant motion. It is the source of all programs. I do not know its name, so I will call it the Tao of Programming." -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) iEYEARECAAYFAkoaxLYACgkQhR5xme3cl76s4wCgtE3zMkzIyRTDaOh8NBxyr9SU qJUAn0/ItdAbKImIoJ3XtI7BF9Hz76fW =Nm/j -----END PGP SIGNATURE----- |
From: HOMA S. <hom...@gm...> - 2009-05-25 10:49:42
|
Hi all I 'm brand new to qmail-spp.I installed netqmail1.06 and ucspi-tcp-0.88 as described in Life with Qmail with vpopmail 5.4.27(without Database).I Also applied the qmail-smtpd-auth-043 for authentication. I want to use qmail-spp plugins such as vpopmail_check_recipient,maxrcpt,rate_from and so on but unfortunately do not know how should i use these plugins.I appreciate any help about installing these patches. Best Regards H.Saadat |
From: Graham M. <gr...@we...> - 2009-02-10 23:20:08
|
Can no-one help with the use of STDERR on xinetd? I have trawled the Internet looking for an answer and have found none so far. It seems that xinetd sends STDERR back to the sender which cause a fair amount of trouble with the smtp conversation. Any ideas or places to look would be great if you can think of them. Thanks Graham |
From: Chris C. <cc...@al...> - 2009-02-10 18:53:49
|
Did you modify spamdyke to be a qmail-spp module in smtpplugins or is it installed as suggested at: http://www.spamdyke.org/documentation/INSTALL.txt (ie. called by tcpserver) If installed per the INSTALL.txt then it would seem that qmail-spp, and thus your module, is going to run after spamdyke. Chris On Tue, 10 Feb 2009, ur...@co... wrote: > Good day ! > > How correctly exit from C++ program for SpamDyke ? > > Excuse me, please, for my bad English. > Excuse me for use your time too. > > > My name is Yuri Prohorov. I'm from Moscow, Russia. > > My C++ program worked good "under" qmail-spp for 1 year. > > The program runs from [rcpt] section of file smtpplugins. > > The program "gets" mail-address and power it > by templates from LDAP for some user. > > The program do nothing, if some user not have > "sign" in LDAP or LDAP not have a record for such user. > > I "attach" source of program if IT MAY BE INTERESTING FOR YOU, > or IT NEEDS FOR ANSWER to me . > > I DON'T ASC to see that text for errors. > > Spamdyke was installed on our mail server week ago. > > If my program not stops "bad" letters, > then Spamdyke not stops "bad" letters too. > > Spamdyke stops "bad" letters when my program "turn off". > > > Why ? > > I download sample for "good exit" : > > //////////////////// > > ............... > ............... > > > if ( condition ) > { > puts("N"); // For next process ? For SpamDyke ? > } > > return 0; > } > > > ...................... > ...................... > > //////////////////////// > > > I replaced this into my program, but nothing changed... > > > How exit from my program correctly ? > How give control to SpamDyke after > my program's work ? > > > Will answer me, please ! > > Thank You ! > > > Yuri Prohorov co...@ma... > > > |
From: <ur...@co...> - 2009-02-09 23:43:11
|
Good day ! How correctly exit from C++ program for SpamDyke ? Excuse me, please, for my bad English. Excuse me for use your time too. My name is Yuri Prohorov. I'm from Moscow, Russia. My C++ program worked good "under" qmail-spp for 1 year. The program runs from [rcpt] section of file smtpplugins. The program "gets" mail-address and power it by templates from LDAP for some user. The program do nothing, if some user not have "sign" in LDAP or LDAP not have a record for such user. I "attach" source of program if IT MAY BE INTERESTING FOR YOU, or IT NEEDS FOR ANSWER to me . I DON'T ASC to see that text for errors. Spamdyke was installed on our mail server week ago. If my program not stops "bad" letters, then Spamdyke not stops "bad" letters too. Spamdyke stops "bad" letters when my program "turn off". Why ? I download sample for "good exit" : //////////////////// ............... ............... if ( condition ) { puts("N"); // For next process ? For SpamDyke ? } return 0; } ...................... ...................... //////////////////////// I replaced this into my program, but nothing changed... How exit from my program correctly ? How give control to SpamDyke after my program's work ? Will answer me, please ! Thank You ! Yuri Prohorov co...@ma... |
From: Graham M. <gr...@we...> - 2009-02-02 03:31:49
|
Hi All, On a Plesk server, it uses xinetd to start qmail. It also uses qmail-spp. I have written a triplet checking greylisting plugin using sqlite3 and it is working fine except when I change the log level and make it noisy. Normally the plugin only sends messages to stderr when a critical error occurs. I have never seen anything in the log files. When I decrease the log level thus increasing the messages to stderr, I do not get anything in the log and the client end of the transaction is seeing errors to do with TLS (which is probably from the next thing in the chain /var/qmail/bin/smtp_auth). There would always be more than one line output to stderr when this level of logging is selected. The plugin is based on Peter Conrad's old greylisting-spp work with substantial upgrading for sqlite3 among others. It passes the make tests that simulate various error conditions and expects certain answers from the plugin. The stderr strings appear on the console (and can be redirected with 2>filename) during this phase of the make. I have read that xinetd sends the stderr output back to the client or into the stream which may explain the messed up TLS issue. Any ideas? Happy to send more detail of error messages and configuration and code etc. Cheers Graham |
From: Graham M. <gr...@we...> - 2009-02-02 03:31:41
|
Hi All, On a Plesk server, it uses xinetd to start qmail. It also uses qmail-spp. I have written a triplet checking greylisting plugin using sqlite3 and it is working fine except when I change the log level and make it noisy. Normally the plugin only sends messages to stderr when a critical error occurs. I have never seen anything in the log files. When I decrease the log level thus increasing the messages to stderr, I do not get anything in the log and the client end of the transaction is seeing errors to do with TLS (which is probably from the next thing in the chain /var/qmail/bin/smtp_auth). There would always be more than one line output to stderr when this level of logging is selected. The plugin is based on Peter Conrad's old greylisting-spp work with substantial upgrading for sqlite3 among others. It passes the make tests that simulate various error conditions and expects certain answers from the plugin. The stderr strings appear on the console (and can be redirected with 2>filename) during this phase of the make. I have read that xinetd sends the stderr output back to the client or into the stream which may explain the messed up TLS issue. Any ideas? Happy to send more detail of error messages and configuration and code etc. Cheers Graham |
From: Albert C. <ac...@cy...> - 2008-11-12 23:27:20
|
Platform details: Plesk 8.3 - qmail 1.0.6 with qmail-spp 0.41 (I believe, from the dates in the patch) Problem description: In attempting to write my first plugin, I decided as a test to just log the value of the environment variables listed in the documentation by using perl's warn() statement, which sends its output to STDERR only. However, when I attempted an SMTP transaction, I saw in the transaction what I had attempted to log. Am I misreading the documentation, or doing something incorrectly? Any clue you can provide would be greatly appreciated. (Code and output modified for hostnames and email addresses only to protect the clueless.) Output, Observed: $ ./tester.pl Net::SMTP>>> Net::SMTP(2.29) Net::SMTP>>> Net::Cmd(2.26) Net::SMTP>>> Exporter(5.58) Net::SMTP>>> IO::Socket::INET(1.31) Net::SMTP>>> IO::Socket(1.30) Net::SMTP>>> IO::Handle(1.27) Net::SMTP=GLOB(0x80c64d0)<<< 220 mail.example.com ESMTP Net::SMTP=GLOB(0x80c64d0)>>> EHLO localhost.localdomain Net::SMTP=GLOB(0x80c64d0)<<< 250-mail.example.com Net::SMTP=GLOB(0x80c64d0)<<< 250-AUTH=LOGIN CRAM-MD5 PLAIN Net::SMTP=GLOB(0x80c64d0)<<< 250-AUTH LOGIN CRAM-MD5 PLAIN Net::SMTP=GLOB(0x80c64d0)<<< 250-STARTTLS Net::SMTP=GLOB(0x80c64d0)<<< 250-PIPELINING Net::SMTP=GLOB(0x80c64d0)<<< 250 8BITMIME Net::SMTP=GLOB(0x80c64d0)>>> MAIL FROM:<te...@ex...> Net::SMTP=GLOB(0x80c64d0)<<< 250 ok Net::SMTP=GLOB(0x80c64d0)>>> RCPT TO:<te...@ex...> Net::SMTP=GLOB(0x80c64d0)<<< SMTPHELOHOST = localhost.localdomain Died at ./tester.pl line 38. Output, Expected: $ ./tester.pl Net::SMTP>>> Net::SMTP(2.29) Net::SMTP>>> Net::Cmd(2.26) Net::SMTP>>> Exporter(5.58) Net::SMTP>>> IO::Socket::INET(1.31) Net::SMTP>>> IO::Socket(1.30) Net::SMTP>>> IO::Handle(1.27) Net::SMTP=GLOB(0x80c64d0)<<< 220 mail.example.com ESMTP Net::SMTP=GLOB(0x80c64d0)>>> EHLO localhost.localdomain Net::SMTP=GLOB(0x80c64d0)<<< 250-mail.example.com Net::SMTP=GLOB(0x80c64d0)<<< 250-AUTH=LOGIN CRAM-MD5 PLAIN Net::SMTP=GLOB(0x80c64d0)<<< 250-AUTH LOGIN CRAM-MD5 PLAIN Net::SMTP=GLOB(0x80c64d0)<<< 250-STARTTLS Net::SMTP=GLOB(0x80c64d0)<<< 250-PIPELINING Net::SMTP=GLOB(0x80c64d0)<<< 250 8BITMIME Net::SMTP=GLOB(0x80c64d0)>>> MAIL FROM:<te...@ex...> Net::SMTP=GLOB(0x80c64d0)<<< 250 ok Net::SMTP=GLOB(0x80c64d0)>>> RCPT TO:<te...@ex...> Net::SMTP=GLOB(0x80c64d0)<<< 250 ok Net::SMTP=GLOB(0x80c64d0)>>> QUIT Net::SMTP=GLOB(0x80c64d0)<<< 221 mail.example.com Code, control/smtpplugins: [rcpt] plugins/chkrcptto plugins/test_plugin.pl Code, plugins/test_plugin.pl: #!/usr/bin/suidperl -T # # Script set 04555 # use strict; use warnings; foreach my $k ( qw(SMTPHELOHOST SMTPMAILFROM SMTPRCPTTO SMTPRCPTCOUNT SMTPRCPTCOUNTALL SMTPRCPTHOSTSOK SMTPAUTHUSER SMTPAUTHMETHOD) ) { warn sprintf qq{%s = %s\n}, $k, defined( $ENV{$k} ) ? $ENV{$k} : q{not defined}; } exit 0; Code, tester.pl: #!/usr/bin/perl # # Purpose: Allow consistent testing of SMTP transaction # use strict; use warnings; use Net::SMTP; $| = 1; my $recipient = q{te...@ex...}; my $sender = q{te...@ex...}; my $target_host = q{mail.example.com}; my $helo = q{localhost.localdomain}; my $timeout = 30; my $DEBUG = 1; my $smtp = Net::SMTP->new( $target_host, Hello => $helo, Timeout => $timeout, Debug => $DEBUG, ) or die $!; $smtp->mail($sender) or die $!; $smtp->to($recipient) or die $!; $smtp->quit() or die $!; |
From: Chris C. <cc...@al...> - 2008-11-06 20:32:05
|
Bug fix version of this patch is attached. - errmsg from sqlite3 is freed with sqlite3_free() rather than free() Thanks, Chris On Thu, 6 Nov 2008, Chris Caputo wrote: > FYI... > > Chris > > ---------- Forwarded message ---------- > Date: Thu, 6 Nov 2008 05:21:53 +0000 (UTC) > From: Chris Caputo <cc...@al...> > To: Peter Conrad <co...@ti...> > Subject: patch for greylisting-spp-1.0.1 (sqlite3 & subnet whitelisting) > > Hi Peter, > > Please consider the attached patch for greylisting-spp-1.0.1. > > The patch adds support for SQLite version 3 and a new feature as follows: > > GL_WHITELISTNEARBY If set (to any value), the plugin will whitelist > a whole /24 (if IPv4) or /112 (if IPv6) after a triple > in a subnet is successful. > > Thank you, > Chris Caputo |
From: Chris C. <cc...@al...> - 2008-11-06 05:51:52
|
I have modified Pawel's 2004-07-27 "spf" plugin and created "qmail-spp-spf". This plugin is up at: https://www.caputo.com/foss/qmail-spp-spf/ Changelog: Adapted to work with libspf2-1.2.8. Added support for IPv6 via TCP6REMOTEIP. Altered configuration methodology to use envars. Added SPP_SPF_DONT_ALLOW_RANDOM_IP_PASS. The new docs are below. Pawel, you are welcome to merge these changes into your "spf" plugin or put this into the plugin directory as a new plugin since it is substantially different. Thank you, Chris ----- This is an implementation of SPF as a qmail-spp module. It requires libspf2. For more information, consult: http://www.openspf.org/ http://qmail-spp.sourceforge.net/ http://www.libspf2.org/ If an SPF record is not found or doesn't process, a fallback SPF record of "v=spf1 mx -all" can be used to test if the client is listed in the MX records of the envelope domain. Compile plugin using something like: gcc -Wall -o qmail-spp-spf qmail-spp-spf.c -lspf2 -I/usr/include/spf2 Put this in the qmail plugins directory (ex. "/var/qmail/plugins") and add to smtpplugins file (ex. "/var/qmail/control/smtpplugins") after [mail] section: [mail] plugins/qmail-spp-spf If the "RELAYCLIENT" environment variable (envar) is set, this module exits without doing anything, since the client has permission to relay. IPv6 is supported if TCPREMOTEIP contains an IPv6 address or if TCP6REMOTEIP envar is set. Set these envars as desired to instruct the module how to handle each SPF result. Only envars defined will be used. SPP_SPF_NO_RESULT - Used if both SPF and MX checks can't be done. SPP_SPF_RESULT_NEUTRAL \ SPP_SPF_RESULT_PASS | SPP_SPF_RESULT_FAIL |- Refer to http://www.openspf.org/ for SPP_SPF_RESULT_SOFTFAIL | definitions. SPP_SPF_RESULT_NONE | SPP_SPF_RESULT_TEMPERROR | SPP_SPF_RESULT_PERMERROR / SPP_SPF_MX_RESULT_PASS \ If any set, MX check of sender is done when SPP_SPF_MX_RESULT_FAIL |- SPF record doesn't exist or SPF check result SPP_SPF_MX_RESULT_UNKNOWN / is None, PermError, TempError or invalid. Possible settings of the above envars are taken from http://qmail-spp.sourceforge.net/doc/ : Command Description ----------------------------------------------------------------------- A accept mail - turn off qmail-spp in this session N next - accept current SMTP command (do not execute remaining plugins for this command) O ok - like N, but omits qmail checks in MAIL and RCPT Emsg error - do not accept this SMTP command and immediately send msg to the client LMmsg later, mail - like E, but shows error after MAIL command LRmsg later, rcpt - like E, but shows error after RCPT command LDmsg later, data - like E, but shows error after DATA command Rmsg reject mail - send msg to the client and drop connection D drop connection immediately, without printing anything Svar=value set environmental variable var to value Uvar unset var variable Hcontent header - add header content (eg. X-Spam-Flag: YES) Cf...@ba... change last address provided by the client to fo...@ba... (MAIL FROM or RCPT TO address) Pmsg print - send msg to the client Separate commands are separated by a comma or a carriage return. Be careful not to include a comma for any other reason. Except for the SPP_SPF_NO_RESULT and SPP_SPF_MX_RESULT_xx envars, if any envars include the special string "spf_smtp_msg" then "spf_smtp_msg" will be replaced by the output of libspf2's SPF_response_get_smtp_comment() function. For example: SPP_SPF_RESULT_FAIL="E550 spf_smtp_msg" If the actual SPF query is able to be done, this module also sets the environmental variable SPP_SPF_RESULT to one of the following (via the qmail-spp 'S' command): pass fail softfail neutral none permerror temperror In addition, a "Received-SPF:" header is added to the message via the qmail-spp 'H' command when the SPF query is able to be done. It is okay to not set a particular SPP_SPF_xxx envar. If that particular case is hit the module will only return the "SSPP_SPF_RESULT=<result>" and "HReceived-SPF:" commands if the SPF query is done. If the SPP_SPF_DONT_ALLOW_RANDOM_IP_PASS envar is set, then when an SPF pass result is obtained, two random IP addresses will also be tried to see if the SPF definition is passing everything as if "+all" is declared. If the two random IP addresses also receive a pass from the SPF library, then the original pass is ignored. Example: In /etc/tcprules.d/tcp.qmail-smtp change ":allow" line to be as follows: :allow,SPP_SPF_RESULT_PASS="HX-Spam-Flag: No,A",SPP_SPF_RESULT_FAIL="E550 spf_smtp_msg",SPP_SPF_NO_RESULT="SSPF_MODULE_FAILED=1" or :allow,SPP_SPF_RESULT_PASS="A",SPP_SPF_MX_RESULT_PASS="A" (Be sure to rebuild tcp.qmail-smtp.cdb after modification, such as with "make" or "tcprules" commands.) ----- |
From: Chris C. <cc...@al...> - 2008-11-06 05:51:39
|
I have created a new plugin I call "qmail-spp-filter". The plugin is up at: https://www.caputo.com/foss/qmail-spp-filter/ The new docs are below. Pawel, please consider this for the plugin directory. Thank you, Chris ----- This program enables qmail-spp commands to be issued based on matches of TCPREMOTEIP, SMTPMAILFROM or SMTPRCPTTO with records in text files. The TinyCDB library (http://www.corpit.ru/mjt/tinycdb.html) is used. Or if is not available, the standard CDB library is used (http://cr.yp.to/cdb/install.html). Compile plugin using something like this for TinyCDB: gcc -g -Wall qmail-spp-filter.c -o qmail-spp-filter -lcdb Or this for standard CDB: gcc -g -Wall qmail-spp-filter.c -o qmail-spp-filter /usr/lib/cdb.a \ /usr/lib/unix.a /usr/lib/buffer.a /usr/lib/alloc.a /usr/lib/byte.a Put qmail-spp-filter in the qmail plugins directory (ex. "/var/qmail/plugins") and add to smtpplugins file (ex. "/var/qmail/control/smtpplugins") after [rcpt] section: [rcpt] plugins/qmail-spp-filter If the "RELAYCLIENT" environment variable (envar) is set, this module exits without doing anything, since the client has permission to relay. IPv6 is supported if TCPREMOTEIP contains an IPv6 address or if TCP6REMOTEIP envar is set. Filters are specified by setting the following envars. SPP_FILTER_#_DEF SPP_FILTER_#_CMD '#' starts at 1 and increments numerically (base 10, no leading zeros) until there is no matching envar. For each DEF envar, there must be a matching CMD envar. DEF envars are defined as: "type:pathname" where "type" is one of: ip list of IP addresses from list of from/sender email addresses regexfrom list of regular expressions to match with from/sender addrs rcpt list of destination/rcptto email addresses regexrcpt list of regular expressions to match with dest/rcptto addrs and pathname is the full filename of a text file with one record per line. Comments start with '#' in the text files. CDB hash files (http://cr.yp.to/cdb.html) are automatically generated for all but regular expression files. CDB generation is triggered if it appears that the source text file is newer than the accompanying CDB file or if a CDB file does not exist. The "qmaild" user must have write access to the directory containing the file. The regular expressions are of the POSIX Extended Regular Expression regex(3) format and are case-insensitive. Possible settings of CMD envars are taken from http://qmail-spp.sourceforge.net/doc/ : Command Description ----------------------------------------------------------------------- A accept mail - turn off qmail-spp in this session N next - accept current SMTP command (do not execute remaining plugins for this command) O ok - like N, but omits qmail checks in MAIL and RCPT Emsg error - do not accept this SMTP command and immediately send msg to the client LMmsg later, mail - like E, but shows error after MAIL command LRmsg later, rcpt - like E, but shows error after RCPT command LDmsg later, data - like E, but shows error after DATA command Rmsg reject mail - send msg to the client and drop connection D drop connection immediately, without printing anything Svar=value set environmental variable var to value Uvar unset var variable Hcontent header - add header content (eg. X-Spam-Flag: YES) Cf...@ba... change last address provided by the client to fo...@ba... (MAIL FROM or RCPT TO address) Pmsg print - send msg to the client Separate commands are separated by a comma or a carriage return. Be careful not to include a comma for any other reason. Once a match is found and a CMD is processed, the plugin exits. An optional SPP_FILTER_NOMATCH_CMD envar can be set if you want the program to issue a qmail-spp command (or commands) if there is a failure to find any match. Except for the SPP_FILTER_NOMATCH_CMD envar, if any CMDs include the special string "send-filter-def" then "send-filter-def" will be replaced by the content of the SPP_FILTER_#_DEF envar that matched. Example envars: SPP_FILTER_1_DEF="ip:/var/qmail/control/whitelist_ips" SPP_FILTER_1_CMD="A,SSPP_FILTER_WHITELISTEDIP_MATCHED=1" SPP_FILTER_2_DEF="regexrcpt:/var/qmail/control/whitelist_regex_rcpts" SPP_FILTER_2_CMD="A,HSPP-Filter-Match: send-filter-def" SPP_FILTER_3_DEF="regexfrom:/var/qmail/control/blacklist_regex_senders" SPP_FILTER_3_CMD="E550 Blacklisted!" SPP_FILTER_4_DEF="rcpt:/var/qmail/control/whitelist_rcpts" SPP_FILTER_4_CMD="A" SPP_FILTER_5_DEF="from:/var/qmail/control/whitelist_senders" SPP_FILTER_5_CMD="A" SPP_FILTER_6_DEF="from:/var/qmail/control/blacklist_senders" SPP_FILTER_6_CMD="E550 Blacklisted!" SPP_FILTER_NOMATCH_CMD="SSPP_FILTER_FOUND_NO_MATCH=1" Example "ip" text file: 127.0.0.1 # full IP address, with no leading zeros 192.168.2 # partial IP address 192.168 # partial IP address 10 # partial IP address 2001:0db8:0000:0000:0000:0000 # invariant part of IPv6 addresses need to # be explicit (no "::" or ":0:" compression # since simple text matching is used. Example "from" or "rcpt" text file: # list of email addresses to whitelist fo...@ba... # comment ba...@fo... Example "regexfrom" or "regexrcpt" regex text file: # ^ and $ operators are automatically added by the plugin. .*@bar.com # match any email from bar.com john-.*@doe.com ----- |