Eric,
it looks like I told and wrote wrong instructions (and I remembered
wrong sequences in last reply).
Let's say there is a potential bug in the application, which I'm seeing
only now, after years. It is not really a code bug. It is that I wrote
something in the code and something different in documentation.
Logic (in version 2.0.9 of chkuser code) says:
1. if CHKUSER_ALWAYS_ON is declared, chkuser is always ON:
starting_value = 1 (this option is not compatible in compilation
with CHKUSER_STARTING_VARIABLE; only one of them may be defined).
2. if CHKUSER_STARTING_VARIABLE (by default CHKUSER_START) is NOT
declared checkuser works on domain base (starting_value = 0)
3. if CHKUSER_STARTING_VARIABLE (by default CHKUSER_START) is declared
and NOT assigned, checkuser is disabled (starting_value = -1)
4. if CHKUSER_STARTING_VARIABLE is declared and assigned AND equal to
ALWAYS, checkuser is always ON (starting_value = 1)
5. if CHKUSER_STARTING_VARIABLE is declared and assigned AND equal to
DOMAIN, checkuser works on domains base (starting_value = 0)
6. if CHKUSER_STARTING_VARIABLE is declared and assigned with values
different from ALWAYS and DOMAIN, checkuser works on domains bases
(starting_value = 0)
7. if CHKUSER_STARTING_VARIABLE (by default CHKUSER_START) is NOT
declared checkuser works on domains base (starting_value = 0)
So, the real default is chekuser working on domains base. Other options
lead to different behaviours. If you want to disable it, you must
declare a variable and not assign it (not assign it is different than
assigning "" or empty value).
For a better code and a better usage, it should be (in red the code I
added):
<code>
+#if defined CHKUSER_STARTING_VARIABLE
+ starting_string = env_get (CHKUSER_STARTING_VARIABLE);
+ if (starting_string) {
+ if (strcasecmp(starting_string, "ALWAYS") == 0) {
+ starting_value = 1;
+ } else if (strcasecmp(starting_string, "DOMAIN") ==
0) {
+ starting_value = 0;
+ } else if (strcasecmp(starting_string, "NONE") == 0) {
+ starting_value = -1;
+ }
+ } else {
+ starting_string = "";
+ starting_value = -1;
+ }
+#endif
</code>
In such a case value "NONE" and absence of variable assign would disable
chkuser. ALWAYS would enable it forever, any other value would enable it
on domain base.
Sorry, and thanks for forcing me to read again the code.
Tonino
Hi Tonino,
When CHKUSER_START is set, or not set, the ensuing logic of chkuser
keys on the value of 'starting_value', correct?
1) CHKUSER_START="NONE" (starting_value=1)
2) CHKUSER_START="ANYTHING ELSE" (starting_value=1)
3) CHKUSER_START="" (starting_value=0)
4) unset -v CHKUSER_START (starting_value=-1) *A situation where CHKUSER_START
is not even specified in either either the smtpd run file or tcp.smtp.
In the code the logic falls out in a different manner for -1, 0, or 1.
So wouldn't CHKUSER_START="NONE" (starting_value=1) fall out differently than
CHKUSER_START="" (starting_value=0) or CHKUSER_START not specified (starting_value=-1)?
Eric
On 9/18/2017 1:58 PM, Tonix - Antonio Nati wrote:
Eric,
you are right. I wrote "NONE" instead of "everything different from
ALWAYS or DOMAIN" in order to semplify things, but the concept is
clear: every value different from DOMAIN or ALWAYS will disable chkuser.
Note: everything is disabled except the
*CHKUSER_EXTRA_MUSTAUTH_VARIABLE* functionality.
Regards,
Tonino
Il 18/09/2017 21:51, Eric Broch ha scritto:
Rajesh,
I apologize for the responses that have not been helpful. After
looking at the settings (below) from here
<http://opensource.interazioni.it/qmail/chkuser/documentation/chkuser_settings.html>
and going through the code, I'm convinced that the "NONE" option
will not be helpful or do what you expect or what the documentation
even states (Tonix, please review):
<settings>
CHKUSER_STARTING_VARIABLE 2.0.5 commented "CHKUSER_START"
Sets the variable that must be read, at qmail-smtpd start, in order
to understand how to use chkuser for any domain. The variable must
be filled with the following values:
NONE = chkuser will not work
ALWAYS = chkuser will work always
DOMAIN = chkuser will work depending on single domain settings
Any other value, or a missing value, will disable chkuser.
Incompatible with CHKUSER_ALWAYS_ON since 2.0.9
</settings>
Since you've already defined 'CHKUSER_STARTING_VARIABLE' at compile
time in chkuser_settings.h, I think simply leaving the variable
CHKUSER_START (null) out of both the run file and the tcp.smtp file
you will get what you've been expecting (stop and start qmail of
course). The settings section indicates this as well:
"Any other value, or a missing value, will disable chkuser."
In fact, in my study of the code, I don't think the NONE option does
anything. If Tonix is looking at this thread maybe he could help
*fingers crossed*.
Please let me know how it goes.
Eric
On 9/18/2017 12:33 PM, Eric Broch wrote:
Rajesh,
Can you set this in /var/qmail/supervise/smtp/run
CHKUSER_START="NONE"
export CHKUSER_START
exec
/usr/bin/softlimit....................................................................................
On 9/18/2017 12:10 PM, Eric Broch wrote:
Sorry, my mistake, Rajesh,
#define CHKUSER_STARTING_VARIABLE "CHKUSER_START"
sets CHKUSER_STARTING_VARIABLE to CHKUSER_START
On 9/18/2017 11:53 AM, Eric Broch wrote:
Rajesh,
In the code there is no check for 'CHKUSER_START' but there is
for 'CHKUSER_STARTING_VARIABLE'. So, in tcp.smtp use
'CHKUSER_STARTING_VARIABLE' like so:
CHKUSER_STARTING_VARIABLE="NONE"
then stop and start qmail.
Here's the code and the environment variable chkuser checks:
<code>
starting_string = env_get (CHKUSER_STARTING_VARIABLE);
if (starting_string) {
if (strcasecmp(starting_string, "ALWAYS") == 0) {
starting_value = 1;
} else if (strcasecmp(starting_string, "DOMAIN")
== 0) {
starting_value = 0;
}
} else {
starting_string = "";
starting_value = -1;
}
</code>
Eric
On 9/18/2017 11:38 AM, Eric Broch wrote:
Sorry to ask this, but did you restart qmail after the change?
On 9/18/2017 8:52 AM, Rajesh M wrote:
hi eric
i wished to disable chkusr mx check, format check etc .. and turn off chkuser using
CHKUSER_START="NONE"
the default installation of qmail always keeps chkuser on with no control
so i rebuild chkuser from source
CHANGES FOR CHK USER
EXTRA SOURCE FROM RPM
rpm -Uvh qmail-1.03-1.qt.src.rpm
nano /root/rpmbuild/SPECS/qmail.spec
put a sleep in this for 120 seconds
open 2nd window of ssh
service qmail stop
in first window run
rpmbuild -bb --define "dist .qt.el6" qmail.spec
the process will now for halt for 180 seconds which gives us time to modify
chkuser_settings.h settings
in second window go to
cd /root/rpmbuild/BUILD/qmail-1.03
nano chkuser_settings.h
UNCOMMENT THIS
#define CHKUSER_STARTING_VARIABLE "CHKUSER_START"
comment out the following
/* #define CHKUSER_RCPT_MX */
/* #define CHKUSER_ENABLE_USERS_EXTENSIONS */
/* #define CHKUSER_USERS_DASH '-' */
now the problem is that even if I set CHKUSER_START="NONE" i get errors
here is my tcp.smtp file for submission port (i use separate tcp.smtp files for
25 and 587)
:allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_START="NONE"
i still get errors as such
2017-09-18 11:48:08.810159500 CHKUSER rejected rcpt:
from<a.muruga...@mycustomer.com:a.muruga...@mycustomer.com:> remote
<FTLPCS27:unknown:182.73.35.162> rcpt<slncubm...@domain1.com> : max number of
recipients
2017-09-18 11:48:09.894092500 CHKUSER rejected intrusion:
from<a.muruga...@mycustomer.com:a.muruga...@mycustomer.com:> remote
<FTLPCS27:unknown:182.73.35.162> rcpt <sreecharanbank@domain2> : rcpt ignored,
session over intrusion threshold
2017-09-18 11:48:11.226284500 CHKUSER rejected intrusion:
from<a.muruga...@mycustomer.com:a.muruga...@mycustomer.com:> remote
<FTLPCS27:unknown:182.73.35.162> rcpt<sreekumarga...@gmail.com> : rcpt ignored,
session over intrusion threshold
help required please
rajesh
---------------------------------------------------------------------
To unsubscribe, e-mail:qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail:qmailtoaster-list-h...@qmailtoaster.com
--
Eric Broch
White Horse Technical Consulting (WHTC)
--
Eric Broch
White Horse Technical Consulting (WHTC)
--
Eric Broch
White Horse Technical Consulting (WHTC)
--
Eric Broch
White Horse Technical Consulting (WHTC)
--
Eric Broch
White Horse Technical Consulting (WHTC)
--
------------------------------------------------------------
Inter@zioni Interazioni di Antonio Nati
http://www.interazioni.it to...@interazioni.it
------------------------------------------------------------
--
Eric Broch
White Horse Technical Consulting (WHTC)
--
------------------------------------------------------------
Inter@zioni Interazioni di Antonio Nati
http://www.interazioni.it to...@interazioni.it
------------------------------------------------------------
