From 4779e1644fc9dff4eb3e1745a1b3f3119f9bf544 Mon Sep 17 00:00:00 2001
From: John Denker <jsd@av8n.com>
Date: Fri, 13 Jul 2012 18:21:21 -0700
Subject: Now apply spam filtering to all unauthenticated submissions,
 including submissions that are ssl encrypted (but not authenticated)

---
 qmail-smtpd.c        |  6 ++++++
 tools/aufilters.conf |  2 ++
 tools/hi-q.c         | 28 ++++++++++++++++------------
 tools/makefile       |  2 +-
 tools/qmail          |  7 ++++---
 5 files changed, 29 insertions(+), 16 deletions(-)
 create mode 100644 tools/aufilters.conf

diff --git a/qmail-smtpd.c b/qmail-smtpd.c
index 23f9c89..90f62d9 100644
--- a/qmail-smtpd.c
+++ b/qmail-smtpd.c
@@ -649,7 +649,13 @@ char *arg;
   switch (authcmds[i].fun(arg)) {
     case 0:
       authd = 1;
+// There is a crucial difference between relayclient==0
+// and relayclient=="".  
+// Allow relaying for authorized users:
       relayclient = "";
+// The following may be used to exempt authorized users
+// from some spam-filtering:
+      if (!env_put("QMAIL_AUTHORIZED=yes")) die_nomem();
       remoteinfo = user.s;
       if (!env_unset("TCPREMOTEINFO")) die_read();
       if (!env_put2("TCPREMOTEINFO",remoteinfo)) die_nomem();
diff --git a/tools/aufilters.conf b/tools/aufilters.conf
new file mode 100644
index 0000000..2eea3fd
--- /dev/null
+++ b/tools/aufilters.conf
@@ -0,0 +1,2 @@
+# configuration file for hi-q (authorized users)
+  /var/qmail/bin/qmail-queue
diff --git a/tools/hi-q.c b/tools/hi-q.c
index bf9c599..32b0a7b 100644
--- a/tools/hi-q.c
+++ b/tools/hi-q.c
@@ -114,7 +114,7 @@ void usage() {
 // we have data coming in on fd 0.
 // and envelope / control information coming in on fd 1.
 
-void dump___not_used(const string var){
+void dump(const string var){
   char* str = getenv(var.c_str());
   if (str) cerr << "hi-q: " << var
                 << " is set to '" << str << "'" << endl;
@@ -151,11 +151,8 @@ int main(int argc, char** argv, char const * const * env) {
   typedef vector<string> VS;
   vector<VS> filter;
   string conf_var = "HI_Q_CONF";
-
-  int mode(0);
-  char* modevar = getenv("HI_Q_MODE");
-  if (modevar) mode = 1000 + atoi(modevar);
-  cerr << "hi-q mode: " << mode << endl;
+  char* auth = getenv("QMAIL_AUTHORIZED");
+  if (auth && *auth) conf_var = "HI_Q_AUCONF";
 
   char* conf_name;
   if (argc == 1) {
@@ -165,9 +162,16 @@ int main(int argc, char** argv, char const * const * env) {
       exit(1);
     }
   }
-  else if (argc == 2) {
+
+  if (argc >= 2) {
     conf_name = argv[1];
-  } else {
+  }
+
+  if (argc >= 3) {
+    if (auth && *auth) conf_name = argv[2];
+  }
+
+  if (argc > 3) {
     usage();
     exit(1);
   }
@@ -207,12 +211,12 @@ int main(int argc, char** argv, char const * const * env) {
   vector<pid_t> kidpid(nkids);  // indexed by kid number
 
 // At this point, there are some loop invariants;
-// (a) fd0 is open and has the email msg, 
+// (a) fd0 is open (standard input) and has the email msg, 
 //     ready for the next child to read, and
-// (b) fd1 is open and has envelope information.
+// (b) fd1 is open (nonstandard input) and has envelope information.
 //     We need it to be open, so that pipe()
-//     doesn't choose it.  That allows us to close
-//     it and dup() something onto it.
+//     doesn't choose it.  That allows N-1 of the kids
+//     to close it and dup() something useful onto it.
 
   for (int ii=0; ii < nkids; ii++){  /* loop over all kids */
     int datapipe[2];
diff --git a/tools/makefile b/tools/makefile
index c5b702b..8de2bd4 100644
--- a/tools/makefile
+++ b/tools/makefile
@@ -16,7 +16,7 @@ all: $(progs)
 
 install:
 	install $(progs) /var/qmail/bin/
-	cp filters.conf   /var/qmail/control/
+	cp filters.conf aufilters.conf /var/qmail/control/
 	install -m700 -d /var/qmail/rbin
 	chown qmaild /var/qmail/rbin
 	chgrp qmail /var/qmail/rbin
diff --git a/tools/qmail b/tools/qmail
index b43db75..311c784 100755
--- a/tools/qmail
+++ b/tools/qmail
@@ -13,7 +13,8 @@ tcps=$( which tcpserver )
 qmaild=$(id -u qmaild )
 nofiles=$(id -g qmaild )
 
-filters=/var/qmail/control/filters.conf
+export HI_Q_CONF=/var/qmail/control/filters.conf
+export HI_Q_AUCONF=/var/qmail/control/aufilters.conf
 smtpconf=/etc/stunnel/smtp.conf
 pop3conf=/etc/stunnel/pop3.conf
 PEM=/etc/stunnel/stunnel.pem
@@ -160,7 +161,6 @@ case "$verb" in
             else
                 echo -n "  SMTP-server "
                 /bin/rm -f /var/run/$proc.pid
-                HI_Q_CONF="$filters"            \
                 QMAILQUEUE="/var/qmail/bin/hi-q" \
                 $PIDO /var/run/$proc.pid \
                 $tcps -R -x$CDB -u$qmaild -g$nofiles $mailhost smtp \
@@ -178,6 +178,7 @@ case "$verb" in
                 else
                         echo -n "  SMTPS-server "
                         /bin/rm -f /var/run/$proc.pid
+                        QMAILQUEUE="/var/qmail/bin/hi-q" \
                         $PIDO /var/run/$proc.pid \
                         $tcps -R -u$qmaild -g$nofiles $mailhost smtps \
                                 stunnel4 $smtpconf 2>&1 \
@@ -249,7 +250,7 @@ case "$verb" in
           echo " down. $pid"
         fi
       done
-      for file in  $pop3conf $smtpconf $filters \
+      for file in  $pop3conf $smtpconf $HI_Q_CONF $HI_Q_AUCONF \
             $CDB $PEM ; do
         if ! test -r "$file" ; then
           echo "Beware: file '$file' is missing."
-- 
cgit v1.2.3