SRS patch for qmail-ldap-1.03-20120221
Hi all, i would like to know if anyone has an SRS patch for qmail-ldap-1.03-20120221 ? There is a patch for qmail-ldap-1.03-20060201 but it doesn't apply to the new version You can find the patch at http://qmail-ldap-smtpauthuser.googlecode.com/svn-history/r26/trunk/qmai l-ldap-1.03-20060201-SRS.patch Maybe there is another solution but I haven't found one Regards Stefan Berger
AW: qmail-ldap-envelope-scan patch for qmail-ldap-1.03-20120221
Hi Berger, Please find the attached patch tarbal contain big quota, envelope-scan patch and qmail-ldap-1.03-20120221. PS: I will setup a web page for this tarbal soon. Hello Ismail, Thank you but if I try to apply the envelope-patch or the big quota patch both are failing. I think these are the patches for the qmail-ldap version 20060201 or can I use the source files from the tarball ( it seems they are already patched when I had a look into the Makefile) Kind regards Steve
qmail-ldap-envelope-scan patch for qmail-ldap-1.03-20120221
Hello , i would like to know if there is already a qmail-ldap-envelope-scan patch for the new qmail-ldap version. If not, could somebody do this ? I have tried to modify the patch but my skills are too low :-( Regards Steve
AW: Drop connection when tcpserver -c limit is reached, Is it posible?
Hi , Can you share your patch ? Regards Steve Hi friends, I've already fixed this problem. My solution: Modify the tcpserver limits patch (http://qmail.jms1.net/ucspi-tcp/) for add a global limit instead of only a per IP and per C-Class block limit, recompile tcpserver.c and use the new binary of tcpserver. Regards, Spamis
AW: Qmail-ldap password length
I also use qmail-ldap but cannot see the password-length restriction. Maybe your LDAP server is restricting the length... As I said, it is a {crypt} issue. Do YOU use crypt? -- Jose Celestino | http://japc.uncovering.org/files/japc-pgpkey.asc One man's theology is another man's belly laugh. -- Robert A. Heinlein I agree Jose , it's a {crypt} issue . = max. 8 Char in | 2 Char Salt = Output always 13 Characters -Stefan
Qmail-ldap password length
Hi all , I'm running qmail-ldap on slackware 12.0 . Everything is running fine but now i found out that passwords which have more then 8 characters are only checked up to eight characters . ( tested with SMTP Authentification ) Example : --- User : test Password : 1234567890 User is able to login with password 12345678 or 12345678dasx324 or 12345678u and so on . Is the password lenght a compile time option or a systemrestrication ? Kind regards Stefan
AW: Qmail-ldap password length
This is for the encryption used in the password field. You use crypt? maybe with md5 you can control longer passwords. Yes , that's it . I'm using crypt - thank for the hint kind regards Stefan
AW: Qmail-ldap RBL checking
I have tried to read the source code and it seems that void smtp_mail is handling the RBL check ( if Relayclient is not set ). Is it possible to move the RBL check into void_rcpt for example after relayclient test, so i would be able to log the recipient address. Sure. Or to smtp_data(). -- Jose Celestino | http://japc.uncovering.org/files/japc-pgpkey.asc Thanks for the diff Jose ! I have placed the RBL check into void smtp_rcpt because i will drop the connection after the first rcpt to if sender ip is listed on RBL. make setup check runs without any errors - now it's time for testing -Stefan
Qmail-ldap RBL checking
Hi all , i'm running qmail-ldap 1.03-20060201 with patches from Hugo Monteiro ( envelope_scan and greetdelay ) At time i'm using rblsmtpd to block connections from IPs listed in list.dsbl.org , bl.spamcop.net and my local blacklist rbl.cluster.local My qmail-smtpd run file looks like #SNAPSHOT# exec \ envuidgid $QUSER \ tcpserver -v -h -URl $ME -x$QMAIL/control/qmail-smtpd.cdb \ ${CONCURRENCY:+-c$CONCURRENCY} ${BACKLOG:+-b$BACKLOG} www.xxx.yyy.zzz smtp /usr/local/bin/recordio \ /usr/local/bin/rblsmtpd -b -C -t 30 -r rbl.cluster.local \ -r 'list.dsbl.org:Message rejected - look at URL:http://dsbl.org/listing?%IP%' \ -r 'bl.spamcop.net:Message rejected - look at URL:http://www.spamcop.net/w3m?action=checkblockip=%IP%' \ /usr/local/bin/fixcrio $QMAIL/bin/qmail-smtpd # As i know the connection is blocked before any smtp conversation is started - is this right ? Now i want to block the connection right after rcpt to I need this for customer logs = they want't to know who has been blocked due to blacklisting Now I've read on qmail-ldap wiki that RBL checking is already included in qmail-ldap ( via env RBL ) I have tried to read the source code but i'm not a programer and so i can't verify where RBL checks will be proceeded. Or is there any other solution how i can do this ? Regards Stefan
Re: Qmail-ldap RBL checking
i'm running qmail-ldap 1.03-20060201 with patches from Hugo Monteiro ( envelope_scan and greetdelay ) At time i'm using rblsmtpd to block connections from IPs listed in list.dsbl.org , bl.spamcop.net and my local blacklist rbl.cluster.local I'm absolutly convinced that Qmail-LDAP already have rbl support built in. Just create the file ~control/rbllist like so: - s n i p - sbl.spamhaus.orgreject any an RBL. See http://www.spamhaus.org/SBL list.dsbl.org reject any an RBL. See http://dsbl.org/main spamguard.leadmon.net reject any Address is a dialup address - s n i p - Ok ,seems to be clear now but what i have not found is in which state of the smtp converstaion RBL check is done . ( i don't want to to add a Header , i will drop the connection after rcpt if sender ip is listed ) I have tried to read the source code and it seems that void smtp_mail is handling the RBL check ( if Relayclient is not set ). Is it possible to move the RBL check into void_rcpt for example after relayclient test, so i would be able to log the recipient address. Thanks for your help Stefan
Block Sender with Bogon MX Records
hello , is it possible to block smtp sessions where the MX record Of the sender domain is associated with a bogon ip address ( RFC1918 )? for example webworker.com = MX mail2.webworker.com = A mail2.webworker.com 192.168.0.10 hatmail.com = MX mail.hatmail.com = A mail.hatmail.com 10.23.42.11 i'm running qmail-ldap 1.03-20060201 with patches from Hugo Monteiro ( envelope_scan and greetdelay ) kind regrads stefan
AW: policyd support - some stats
Von: Hugo Monteiro [mailto:[EMAIL PROTECTED] Gesendet: Donnerstag, 15. Februar 2007 17:57 An: qmail-ldap@qmail-ldap.org Betreff: policyd support - some stats For those not familiar with the SMTPD ACL Policy feature provided by policyd, i strongly advise you to check the project website. http://policyd.sf.net. Hello Hugo Monteiro , Do you have a exapmle for a qmail-ldap run script and a tcpserver rule file to use this feature . I have applied your patch but now i'm not sure how to use it Best regards Stefan
RCPT check
Dear all , If have installed qmail-ldap in an lvs cluster and it's realy working fine . On my Primary MX i have some domains which are all in control/locals. My control/rcpthosts is empty as i don't allow relaying trough this Server. RCPT check is also working fine except for addresses which have only a local part . Does qmail-ldap automatically add a domainpart to the user if nothing is given ? I'm using qmail-ldap-1.03-20060201.patch and qmail-ldap-virtual.20060201.patch on Slackware 10.2 ( x86 32bit ) Below you can see my telnet test 220 smtpgate.wvnet.at ESMTP ehlo 250-smtpgate.wvnet.at 250-PIPELINING 250-DATAZ 250 8BITMIME mail from:[EMAIL PROTECTED] 250 ok rcpt to:[EMAIL PROTECTED] 553 sorry, relaying denied from your location [PROTECTED] (#5.7.1) -- OK , Domain not in RCPT rcpt to:[EMAIL PROTECTED] 554 Sorry, no mailbox here by that name. (#5.1.1) --OK , Domain ist local but no Mailbox with this name rcpt to:hallo -- Only Test and it's working 250 ok data 354 go ahead punk, make my day test . 250 ok 1162987998 qp 23150 by smtpgate.wvnet.at quit 221 smtpgate.wvnet.at Goodbye. I'am new to qmail-ldap - maybe someone can give me a hint on this problem ! Best regards Stefan
Re: RCPT check
On Wed, Nov 08, 2006 at 01:19:10PM +0100, Berger Stefan wrote: Dear all , If have installed qmail-ldap in an lvs cluster and it's realy working fine . On my Primary MX i have some domains which are all in control/locals. My control/rcpthosts is empty as i don't allow relaying trough this Server. RCPT check is also working fine except for addresses which have only a local part . Does qmail-ldap automatically add a domainpart to the user if nothing is given ? I'm using qmail-ldap-1.03-20060201.patch and qmail-ldap-virtual.20060201.patch on Slackware 10.2 ( x86 32bit ) Below you can see my telnet test 220 smtpgate.wvnet.at ESMTP ehlo 250-smtpgate.wvnet.at 250-PIPELINING 250-DATAZ 250 8BITMIME mail from:[EMAIL PROTECTED] 250 ok rcpt to:[EMAIL PROTECTED] 553 sorry, relaying denied from your location [PROTECTED] (#5.7.1) -- OK , Domain not in RCPT rcpt to:[EMAIL PROTECTED] 554 Sorry, no mailbox here by that name. (#5.1.1) --OK , Domain ist local but no Mailbox with this name rcpt to:hallo -- Only Test and it's working 250 ok data 354 go ahead punk, make my day test . 250 ok 1162987998 qp 23150 by smtpgate.wvnet.at quit 221 smtpgate.wvnet.at Goodbye. I'am new to qmail-ldap - maybe someone can give me a hint on this problem ! No rcpt check does not add a domain to addresses without a domain part. So in the end the rcpt verification is skipped. Probably we should append somethink like plusdomain or mails like that should be rejected. -- :wq Claudio I think we could reject such mails . Do you have any idea how we can do this ? I have no experience in programming . Maybe this Problem only appears with the qmail-ldap-virtual patch . Could someone test it on a installation without this patch ? Stefan
Segfault qmail-smtpd
Hi all , I have installed qmail-ldap and i'm able to start qmail-smtpd - qmail-ldap-1.03-20060201-controls20060217.patch - qmail-ldap-1.03-20060201.patch When i try to connect on port 25 i get following Trying 10.10.10.31... Connected to 10.10.10.31. Escape character is '^]'. Connection closed by foreign host. And my log file shows this qmail-smtpd[4858]: segfault at 002a002a rip 2b9987e43790 rsp 7f921e48 error 4 Could my ldap config the problem ? Is qmail-smtpd dieing when it can't read required information ? regards -Stefan
Compile Problems
Hi all, I have tried to compile qmail-ldap with control patch on slamd64 ( slackware 64bit ) and got following error ./compile -DALTQUEUE -DBIGBROTHER -DBIGTODO -DEXTERNAL_TODO -DDASH_EXT -DDATA_COMPRESS -DIGNOREVERISIGN -DSMTPEXECCHECK -DCOURIER -DDEBUG -DUSE_CONTROLDB -DUSE_RFC2307 -DUSE_RFC822 -L/opt/openldap/lib -lldap -llber -I/opt/openldap/include control.c control.c: In function `control_ldap_search': control.c:408: warning: assignment makes pointer from integer without a cast control.c:463: warning: assignment makes pointer from integer without a cast control.c: At top level: control.c:672: error: conflicting types for 'flatten_attrib_array' control.c:390: error: previous implicit declaration of 'flatten_attrib_array' was here make: *** [control.o] Error 1 I have patched a clean qmail1-03 with following patches qmail-ldap-1.03-20060201-controls20060403b qmail-ldap-1.03-20060201.patch My Makefile looks like this SNAPSHOOT +++ LDAPFLAGS=-DALTQUEUE -DBIGBROTHER -DBIGTODO -DEXTERNAL_TODO -DDASH_EXT -DDATA_COMPRESS -DIGNOREVERISIGN -DSMTPEXECCHECK -DCOURIER SYSLOGAUTH=-DSYSLOGAUTH RFCFLAGS=-DUSE_RFC2307 -DUSE_RFC822 CONTROLDB=-DUSE_CONTROLDB LDAPLIBS=-L/opt/openldap/lib -lldap -llber LDAPINCLUDES=-I/opt/openldap/include ZINCLUDES=-I/usr/include TLS=-DTLS_REMOTE -DTLS_SMTPD TLSINCLUDES=-I/usr/include/openssl TLSLIBS=-L/usr/lib64 -lssl -lcrypto OPENSSLBIN=/usr/bin/openssl OPENSSLBIN=openssl MNW=-DMAKE_NETSCAPE_WORK MDIRMAKE=-DAUTOMAILDIRMAKE HDIRMAKE=-DAUTOHOMEDIRMAKE DEBUG=-DDEBUG BACKUPPATH=/backup/qmail-backup/qmail-ldap.`date +%Y%m%d-%H%M`.tar # STOP editing HERE !!! # Don't edit Makefile! Use conf-* for configuration. SHELL=/bin/sh ifdef LDAPFLAGS QLDAPLIB=qldap.a else ifdef SECUREBIND QLDAPLIB=qldap.a else ifdef CONTROLDB QLDAPLIB=qldap.a endif endif endif ifdef SECUREBIND SECUREBINDLIBS=getopt.a substdio.a SECUREBINDLIB1=case_diffb.o constmap.o endif ifdef CONTROLDB NEWLDAPPROGLIBS=control.o stralloc.a fs.a ifdef DEBUG CONTROLLIBS=read-ctrl.o case.a env.a else CONTROLLIBS=read-ctrl.o case.a endif endif # This sums it up nice and correctly, I think! LDAPFLAGS := $(LDAPFLAGS) $(DEBUG) $(CONTROLDB) $(RFCFLAGS) $(SECUREBIND) $(LDAPLIBS) $(LDAPINCLUDES) + When i check control.c i think that flatten_attrib_array is twice defined Control.c line 68 char *flatten_attrib_arry(const char *attrs[]); Control.c line 652 #ifdef USE_CONTROLDB /* This function will return TRUE if file is OK to fetch from LDAP */ int verify_ldap_file_check(const char *fn) { if(!strstr(fn, .cdb) (strstr(fn, me) == fn) (strstr(fn, ldapserver) == fn) (strstr(fn, ldapcontroldn) == fn) (strstr(fn, ldaplogin) == fn) (strstr(fn, ldappassword) == fn) #if defined(SECUREBIND_SASL) || defined(SECUREBIND_SSL) || defined(SECUREBIND_TLS) || defined(SECUREBIND_ALL) (strstr(fn, ldapsecurebind) == fn) #endif /* Do we have what we need for an LDAP search!? */ ldap_controldn.len (me.len || ldap_me.len) q-ld) return 1; return 0; } char *flatten_attrib_array(const char *attrs[]) { int i; stralloc string = {0}; for(i=0; attrs[i]; i++) { logit(256, attrs[%d]: '%s'\n, i, attrs[i]); if(! stralloc_copys(string, attrs[i]) ) _exit(QLX_NOMEM); if(attrs[i+1]) if(! stralloc_cats(string, , ) ) _exit(QLX_NOMEM); } if(! stralloc_0(string)) _exit(QLX_NOMEM); logit(256, string: '%s'\n, string.s); return(string.s); } #endif Sorry for the long post , hope anyone could give me a hint Best regards Stefan