summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJohn Denker <jsd@av8n.com>2012-07-13 18:21:21 -0700
committerJohn Denker <jsd@av8n.com>2012-07-14 08:53:37 -0700
commit4779e1644fc9dff4eb3e1745a1b3f3119f9bf544 (patch)
treefa3bdd0d42a1f821348e0514f2d928a2aaf2377f
parentbc151ae914c24f8d5461b68015c12c0abe629da2 (diff)
Now apply spam filtering to all unauthenticated submissions,
including submissions that are ssl encrypted (but not authenticated)
-rw-r--r--qmail-smtpd.c6
-rw-r--r--tools/aufilters.conf2
-rw-r--r--tools/hi-q.c28
-rw-r--r--tools/makefile2
-rwxr-xr-xtools/qmail7
5 files changed, 29 insertions, 16 deletions
diff --git a/qmail-smtpd.c b/qmail-smtpd.c
index 23f9c89..90f62d9 100644
--- a/qmail-smtpd.c
+++ b/qmail-smtpd.c
@@ -649,7 +649,13 @@ char *arg;
switch (authcmds[i].fun(arg)) {
case 0:
authd = 1;
+// There is a crucial difference between relayclient==0
+// and relayclient=="".
+// Allow relaying for authorized users:
relayclient = "";
+// The following may be used to exempt authorized users
+// from some spam-filtering:
+ if (!env_put("QMAIL_AUTHORIZED=yes")) die_nomem();
remoteinfo = user.s;
if (!env_unset("TCPREMOTEINFO")) die_read();
if (!env_put2("TCPREMOTEINFO",remoteinfo)) die_nomem();
diff --git a/tools/aufilters.conf b/tools/aufilters.conf
new file mode 100644
index 0000000..2eea3fd
--- /dev/null
+++ b/tools/aufilters.conf
@@ -0,0 +1,2 @@
+# configuration file for hi-q (authorized users)
+ /var/qmail/bin/qmail-queue
diff --git a/tools/hi-q.c b/tools/hi-q.c
index bf9c599..32b0a7b 100644
--- a/tools/hi-q.c
+++ b/tools/hi-q.c
@@ -114,7 +114,7 @@ void usage() {
// we have data coming in on fd 0.
// and envelope / control information coming in on fd 1.
-void dump___not_used(const string var){
+void dump(const string var){
char* str = getenv(var.c_str());
if (str) cerr << "hi-q: " << var
<< " is set to '" << str << "'" << endl;
@@ -151,11 +151,8 @@ int main(int argc, char** argv, char const * const * env) {
typedef vector<string> VS;
vector<VS> filter;
string conf_var = "HI_Q_CONF";
-
- int mode(0);
- char* modevar = getenv("HI_Q_MODE");
- if (modevar) mode = 1000 + atoi(modevar);
- cerr << "hi-q mode: " << mode << endl;
+ char* auth = getenv("QMAIL_AUTHORIZED");
+ if (auth && *auth) conf_var = "HI_Q_AUCONF";
char* conf_name;
if (argc == 1) {
@@ -165,9 +162,16 @@ int main(int argc, char** argv, char const * const * env) {
exit(1);
}
}
- else if (argc == 2) {
+
+ if (argc >= 2) {
conf_name = argv[1];
- } else {
+ }
+
+ if (argc >= 3) {
+ if (auth && *auth) conf_name = argv[2];
+ }
+
+ if (argc > 3) {
usage();
exit(1);
}
@@ -207,12 +211,12 @@ int main(int argc, char** argv, char const * const * env) {
vector<pid_t> kidpid(nkids); // indexed by kid number
// At this point, there are some loop invariants;
-// (a) fd0 is open and has the email msg,
+// (a) fd0 is open (standard input) and has the email msg,
// ready for the next child to read, and
-// (b) fd1 is open and has envelope information.
+// (b) fd1 is open (nonstandard input) and has envelope information.
// We need it to be open, so that pipe()
-// doesn't choose it. That allows us to close
-// it and dup() something onto it.
+// doesn't choose it. That allows N-1 of the kids
+// to close it and dup() something useful onto it.
for (int ii=0; ii < nkids; ii++){ /* loop over all kids */
int datapipe[2];
diff --git a/tools/makefile b/tools/makefile
index c5b702b..8de2bd4 100644
--- a/tools/makefile
+++ b/tools/makefile
@@ -16,7 +16,7 @@ all: $(progs)
install:
install $(progs) /var/qmail/bin/
- cp filters.conf /var/qmail/control/
+ cp filters.conf aufilters.conf /var/qmail/control/
install -m700 -d /var/qmail/rbin
chown qmaild /var/qmail/rbin
chgrp qmail /var/qmail/rbin
diff --git a/tools/qmail b/tools/qmail
index b43db75..311c784 100755
--- a/tools/qmail
+++ b/tools/qmail
@@ -13,7 +13,8 @@ tcps=$( which tcpserver )
qmaild=$(id -u qmaild )
nofiles=$(id -g qmaild )
-filters=/var/qmail/control/filters.conf
+export HI_Q_CONF=/var/qmail/control/filters.conf
+export HI_Q_AUCONF=/var/qmail/control/aufilters.conf
smtpconf=/etc/stunnel/smtp.conf
pop3conf=/etc/stunnel/pop3.conf
PEM=/etc/stunnel/stunnel.pem
@@ -160,7 +161,6 @@ case "$verb" in
else
echo -n " SMTP-server "
/bin/rm -f /var/run/$proc.pid
- HI_Q_CONF="$filters" \
QMAILQUEUE="/var/qmail/bin/hi-q" \
$PIDO /var/run/$proc.pid \
$tcps -R -x$CDB -u$qmaild -g$nofiles $mailhost smtp \
@@ -178,6 +178,7 @@ case "$verb" in
else
echo -n " SMTPS-server "
/bin/rm -f /var/run/$proc.pid
+ QMAILQUEUE="/var/qmail/bin/hi-q" \
$PIDO /var/run/$proc.pid \
$tcps -R -u$qmaild -g$nofiles $mailhost smtps \
stunnel4 $smtpconf 2>&1 \
@@ -249,7 +250,7 @@ case "$verb" in
echo " down. $pid"
fi
done
- for file in $pop3conf $smtpconf $filters \
+ for file in $pop3conf $smtpconf $HI_Q_CONF $HI_Q_AUCONF \
$CDB $PEM ; do
if ! test -r "$file" ; then
echo "Beware: file '$file' is missing."