diff options
| author | John Denker <jsd@av8n.com> | 2012-07-13 18:21:21 -0700 |
|---|---|---|
| committer | John Denker <jsd@av8n.com> | 2012-07-14 08:53:37 -0700 |
| commit | 4779e1644fc9dff4eb3e1745a1b3f3119f9bf544 (patch) | |
| tree | fa3bdd0d42a1f821348e0514f2d928a2aaf2377f | |
| parent | bc151ae914c24f8d5461b68015c12c0abe629da2 (diff) | |
Now apply spam filtering to all unauthenticated submissions,
including submissions that are ssl encrypted (but not authenticated)
| -rw-r--r-- | qmail-smtpd.c | 6 | ||||
| -rw-r--r-- | tools/aufilters.conf | 2 | ||||
| -rw-r--r-- | tools/hi-q.c | 28 | ||||
| -rw-r--r-- | tools/makefile | 2 | ||||
| -rwxr-xr-x | tools/qmail | 7 |
5 files changed, 29 insertions, 16 deletions
diff --git a/qmail-smtpd.c b/qmail-smtpd.c index 23f9c89..90f62d9 100644 --- a/qmail-smtpd.c +++ b/qmail-smtpd.c @@ -649,7 +649,13 @@ char *arg; switch (authcmds[i].fun(arg)) { case 0: authd = 1; +// There is a crucial difference between relayclient==0 +// and relayclient=="". +// Allow relaying for authorized users: relayclient = ""; +// The following may be used to exempt authorized users +// from some spam-filtering: + if (!env_put("QMAIL_AUTHORIZED=yes")) die_nomem(); remoteinfo = user.s; if (!env_unset("TCPREMOTEINFO")) die_read(); if (!env_put2("TCPREMOTEINFO",remoteinfo)) die_nomem(); diff --git a/tools/aufilters.conf b/tools/aufilters.conf new file mode 100644 index 0000000..2eea3fd --- /dev/null +++ b/tools/aufilters.conf @@ -0,0 +1,2 @@ +# configuration file for hi-q (authorized users) + /var/qmail/bin/qmail-queue diff --git a/tools/hi-q.c b/tools/hi-q.c index bf9c599..32b0a7b 100644 --- a/tools/hi-q.c +++ b/tools/hi-q.c @@ -114,7 +114,7 @@ void usage() { // we have data coming in on fd 0. // and envelope / control information coming in on fd 1. -void dump___not_used(const string var){ +void dump(const string var){ char* str = getenv(var.c_str()); if (str) cerr << "hi-q: " << var << " is set to '" << str << "'" << endl; @@ -151,11 +151,8 @@ int main(int argc, char** argv, char const * const * env) { typedef vector<string> VS; vector<VS> filter; string conf_var = "HI_Q_CONF"; - - int mode(0); - char* modevar = getenv("HI_Q_MODE"); - if (modevar) mode = 1000 + atoi(modevar); - cerr << "hi-q mode: " << mode << endl; + char* auth = getenv("QMAIL_AUTHORIZED"); + if (auth && *auth) conf_var = "HI_Q_AUCONF"; char* conf_name; if (argc == 1) { @@ -165,9 +162,16 @@ int main(int argc, char** argv, char const * const * env) { exit(1); } } - else if (argc == 2) { + + if (argc >= 2) { conf_name = argv[1]; - } else { + } + + if (argc >= 3) { + if (auth && *auth) conf_name = argv[2]; + } + + if (argc > 3) { usage(); exit(1); } @@ -207,12 +211,12 @@ int main(int argc, char** argv, char const * const * env) { vector<pid_t> kidpid(nkids); // indexed by kid number // At this point, there are some loop invariants; -// (a) fd0 is open and has the email msg, +// (a) fd0 is open (standard input) and has the email msg, // ready for the next child to read, and -// (b) fd1 is open and has envelope information. +// (b) fd1 is open (nonstandard input) and has envelope information. // We need it to be open, so that pipe() -// doesn't choose it. That allows us to close -// it and dup() something onto it. +// doesn't choose it. That allows N-1 of the kids +// to close it and dup() something useful onto it. for (int ii=0; ii < nkids; ii++){ /* loop over all kids */ int datapipe[2]; diff --git a/tools/makefile b/tools/makefile index c5b702b..8de2bd4 100644 --- a/tools/makefile +++ b/tools/makefile @@ -16,7 +16,7 @@ all: $(progs) install: install $(progs) /var/qmail/bin/ - cp filters.conf /var/qmail/control/ + cp filters.conf aufilters.conf /var/qmail/control/ install -m700 -d /var/qmail/rbin chown qmaild /var/qmail/rbin chgrp qmail /var/qmail/rbin diff --git a/tools/qmail b/tools/qmail index b43db75..311c784 100755 --- a/tools/qmail +++ b/tools/qmail @@ -13,7 +13,8 @@ tcps=$( which tcpserver ) qmaild=$(id -u qmaild ) nofiles=$(id -g qmaild ) -filters=/var/qmail/control/filters.conf +export HI_Q_CONF=/var/qmail/control/filters.conf +export HI_Q_AUCONF=/var/qmail/control/aufilters.conf smtpconf=/etc/stunnel/smtp.conf pop3conf=/etc/stunnel/pop3.conf PEM=/etc/stunnel/stunnel.pem @@ -160,7 +161,6 @@ case "$verb" in else echo -n " SMTP-server " /bin/rm -f /var/run/$proc.pid - HI_Q_CONF="$filters" \ QMAILQUEUE="/var/qmail/bin/hi-q" \ $PIDO /var/run/$proc.pid \ $tcps -R -x$CDB -u$qmaild -g$nofiles $mailhost smtp \ @@ -178,6 +178,7 @@ case "$verb" in else echo -n " SMTPS-server " /bin/rm -f /var/run/$proc.pid + QMAILQUEUE="/var/qmail/bin/hi-q" \ $PIDO /var/run/$proc.pid \ $tcps -R -u$qmaild -g$nofiles $mailhost smtps \ stunnel4 $smtpconf 2>&1 \ @@ -249,7 +250,7 @@ case "$verb" in echo " down. $pid" fi done - for file in $pop3conf $smtpconf $filters \ + for file in $pop3conf $smtpconf $HI_Q_CONF $HI_Q_AUCONF \ $CDB $PEM ; do if ! test -r "$file" ; then echo "Beware: file '$file' is missing." |