We build the virtualuserdomains,locals,rcpthosts and assign file from an Informix SQL
database that we authenticate the users against. It's an easy match to generate a list
of legal addresses that qmail-smtpd could check against.
Anyway I think the database should be build from assign and virtualdomains file, since
this is up to date and is the most common solution? or easiest to convert to. In a
virtualdomain solution, you have all the data you need to generate a list of legal
addresses from these files. The different default entries in the assign file should
come up as @somedomain.com in the list allowing any address at that domain "to enter".
This because you already have configured qmail to actually deliver mail to any user at
that domain, and in that way made [EMAIL PROTECTED] a legal address.
-------------------------------------------------------------------
IDG New Media Einar Bordewich
System Manager Phone: +47 2205 3034
E-Mail: [EMAIL PROTECTED]
-------------------------------------------------------------------
----- Original Message -----
From: David Harris <[EMAIL PROTECTED]>
To: Sam <[EMAIL PROTECTED]>
Cc: Qmail List <[EMAIL PROTECTED]>
Sent: Wednesday, September 01, 1999 6:54 PM
Subject: RE: Mail.com blacklisting
>
> Sam [mailto:[EMAIL PROTECTED]] wrote:
> > Russ Allbery writes:
> > > Doesn't Postfix also behave in the same way? Seems to me that pretty much
> > > any MTA whose port 25 listener is running unprivileged is going to have
> > > the same problem
> >
> > getpwnam() will tell you if a userid is valid, or not, no matter what
> > userid you're running as.
> >
> > > unless you want to periodically build a database of valid
> > > addresses or require that all information necessary to determine whether a
> > > given address is valid be world-readable on the system.
> >
> > Well, it is: /etc/passwd is world readable.
> >
> > Now, for Qmail, there's also an issue of dot-qmail files. Well, let's say
> > that I've been there and done that, and brought back pictures. These kinds
> > of things are very much possible.
> >
> > At the very least, you can attempt to stat the .qmail file, and return an
> > invalid user if it fails with ENOENT. You can differentiate between that,
> > and EPERM, which you'll get if the home directory is not globally
> > executable.
>
> Sam proposed a way to deal with checking to see if a userid is valid or not and
> possibly checking for their .qmail file. But how would one deal with:
>
> virtual domains
> ~alias/.qmail-default -> fastforward database
> ~virtualdomainuser/.qmail-default -> fastforward database
>
> You can just do some "simple checking".. there's too much complexity in the way
> that qmail handles the mail. Yes, you could toss all of this functionality into
> qmail-smtpd, but then you break down the beautiful boundaries between the
> different handler programs.
>
> The mail.com people have to figure out that they are using an idiot test.
> Warping qmail into meeting this test would be not possible without destroying
> qmail, IMO.
>
> - David Harris
> Principal Engineer, DRH Internet Services
>
>
>
