SRS patch for qmail-ldap-1.03-20120221
Hi all, i would like to know if anyone has an SRS patch for qmail-ldap-1.03-20120221 ? There is a patch for qmail-ldap-1.03-20060201 but it doesn't apply to the new version You can find the patch at http://qmail-ldap-smtpauthuser.googlecode.com/svn-history/r26/trunk/qmai l-ldap-1.03-20060201-SRS.patch Maybe there is another solution but I haven't found one Regards Stefan Berger
AW: qmail-ldap-envelope-scan patch for qmail-ldap-1.03-20120221
Hi Berger, Please find the attached patch tarbal contain big quota, envelope-scan patch and qmail-ldap-1.03-20120221. PS: I will setup a web page for this tarbal soon. Hello Ismail, Thank you but if I try to apply the envelope-patch or the big quota patch both are failing. I think these are the patches for the qmail-ldap version 20060201 or can I use the source files from the tarball ( it seems they are already patched when I had a look into the Makefile) Kind regards Steve
qmail-ldap-envelope-scan patch for qmail-ldap-1.03-20120221
Hello , i would like to know if there is already a qmail-ldap-envelope-scan patch for the new qmail-ldap version. If not, could somebody do this ? I have tried to modify the patch but my skills are too low :-( Regards Steve
AW: Drop connection when tcpserver -c limit is reached, Is it posible?
Hi , Can you share your patch ? Regards Steve Hi friends, I've already fixed this problem. My solution: Modify the tcpserver limits patch (http://qmail.jms1.net/ucspi-tcp/) for add a global limit instead of only a per IP and per C-Class block limit, recompile tcpserver.c and use the new binary of tcpserver. Regards, Spamis
AW: Qmail-ldap password length
I also use qmail-ldap but cannot see the password-length restriction.
Maybe your LDAP server is restricting the length...
As I said, it is a {crypt} issue. Do YOU use crypt?
--
Jose Celestino | http://japc.uncovering.org/files/japc-pgpkey.asc
One man's theology is another man's belly laugh. -- Robert A.
Heinlein
I agree Jose , it's a {crypt} issue .
= max. 8 Char in | 2 Char Salt = Output always 13 Characters
-Stefan
Qmail-ldap password length
Hi all , I'm running qmail-ldap on slackware 12.0 . Everything is running fine but now i found out that passwords which have more then 8 characters are only checked up to eight characters . ( tested with SMTP Authentification ) Example : --- User : test Password : 1234567890 User is able to login with password 12345678 or 12345678dasx324 or 12345678u and so on . Is the password lenght a compile time option or a systemrestrication ? Kind regards Stefan
AW: Qmail-ldap password length
This is for the encryption used in the password field. You use crypt? maybe with md5 you can control longer passwords. Yes , that's it . I'm using crypt - thank for the hint kind regards Stefan
AW: Qmail-ldap RBL checking
I have tried to read the source code and it seems that void smtp_mail is handling the RBL check ( if Relayclient is not set ). Is it possible to move the RBL check into void_rcpt for example after relayclient test, so i would be able to log the recipient address. Sure. Or to smtp_data(). -- Jose Celestino | http://japc.uncovering.org/files/japc-pgpkey.asc Thanks for the diff Jose ! I have placed the RBL check into void smtp_rcpt because i will drop the connection after the first rcpt to if sender ip is listed on RBL. make setup check runs without any errors - now it's time for testing -Stefan
Qmail-ldap RBL checking
Hi all ,
i'm running qmail-ldap 1.03-20060201 with patches from Hugo Monteiro (
envelope_scan and greetdelay )
At time i'm using rblsmtpd to block connections from IPs listed in
list.dsbl.org , bl.spamcop.net and my local
blacklist rbl.cluster.local
My qmail-smtpd run file looks like
#SNAPSHOT#
exec \
envuidgid $QUSER \
tcpserver -v -h -URl $ME -x$QMAIL/control/qmail-smtpd.cdb \
${CONCURRENCY:+-c$CONCURRENCY} ${BACKLOG:+-b$BACKLOG}
www.xxx.yyy.zzz smtp /usr/local/bin/recordio \
/usr/local/bin/rblsmtpd -b -C -t 30 -r rbl.cluster.local \
-r 'list.dsbl.org:Message rejected - look at
URL:http://dsbl.org/listing?%IP%' \
-r 'bl.spamcop.net:Message rejected - look at
URL:http://www.spamcop.net/w3m?action=checkblockip=%IP%' \
/usr/local/bin/fixcrio $QMAIL/bin/qmail-smtpd
#
As i know the connection is blocked before any smtp conversation is
started - is this right ?
Now i want to block the connection right after rcpt to
I need this for customer logs = they want't to know who has been
blocked due to blacklisting
Now I've read on qmail-ldap wiki that RBL checking is already included
in qmail-ldap ( via env RBL )
I have tried to read the source code but i'm not a programer and so i
can't verify where RBL checks
will be proceeded.
Or is there any other solution how i can do this ?
Regards
Stefan
Re: Qmail-ldap RBL checking
i'm running qmail-ldap 1.03-20060201 with patches from Hugo Monteiro ( envelope_scan and greetdelay ) At time i'm using rblsmtpd to block connections from IPs listed in list.dsbl.org , bl.spamcop.net and my local blacklist rbl.cluster.local I'm absolutly convinced that Qmail-LDAP already have rbl support built in. Just create the file ~control/rbllist like so: - s n i p - sbl.spamhaus.orgreject any an RBL. See http://www.spamhaus.org/SBL list.dsbl.org reject any an RBL. See http://dsbl.org/main spamguard.leadmon.net reject any Address is a dialup address - s n i p - Ok ,seems to be clear now but what i have not found is in which state of the smtp converstaion RBL check is done . ( i don't want to to add a Header , i will drop the connection after rcpt if sender ip is listed ) I have tried to read the source code and it seems that void smtp_mail is handling the RBL check ( if Relayclient is not set ). Is it possible to move the RBL check into void_rcpt for example after relayclient test, so i would be able to log the recipient address. Thanks for your help Stefan
Block Sender with Bogon MX Records
hello , is it possible to block smtp sessions where the MX record Of the sender domain is associated with a bogon ip address ( RFC1918 )? for example webworker.com = MX mail2.webworker.com = A mail2.webworker.com 192.168.0.10 hatmail.com = MX mail.hatmail.com = A mail.hatmail.com 10.23.42.11 i'm running qmail-ldap 1.03-20060201 with patches from Hugo Monteiro ( envelope_scan and greetdelay ) kind regrads stefan
AW: policyd support - some stats
Von: Hugo Monteiro [mailto:[EMAIL PROTECTED] Gesendet: Donnerstag, 15. Februar 2007 17:57 An: qmail-ldap@qmail-ldap.org Betreff: policyd support - some stats For those not familiar with the SMTPD ACL Policy feature provided by policyd, i strongly advise you to check the project website. http://policyd.sf.net. Hello Hugo Monteiro , Do you have a exapmle for a qmail-ldap run script and a tcpserver rule file to use this feature . I have applied your patch but now i'm not sure how to use it Best regards Stefan
RCPT check
Dear all , If have installed qmail-ldap in an lvs cluster and it's realy working fine . On my Primary MX i have some domains which are all in control/locals. My control/rcpthosts is empty as i don't allow relaying trough this Server. RCPT check is also working fine except for addresses which have only a local part . Does qmail-ldap automatically add a domainpart to the user if nothing is given ? I'm using qmail-ldap-1.03-20060201.patch and qmail-ldap-virtual.20060201.patch on Slackware 10.2 ( x86 32bit ) Below you can see my telnet test 220 smtpgate.wvnet.at ESMTP ehlo 250-smtpgate.wvnet.at 250-PIPELINING 250-DATAZ 250 8BITMIME mail from:[EMAIL PROTECTED] 250 ok rcpt to:[EMAIL PROTECTED] 553 sorry, relaying denied from your location [PROTECTED] (#5.7.1) -- OK , Domain not in RCPT rcpt to:[EMAIL PROTECTED] 554 Sorry, no mailbox here by that name. (#5.1.1) --OK , Domain ist local but no Mailbox with this name rcpt to:hallo -- Only Test and it's working 250 ok data 354 go ahead punk, make my day test . 250 ok 1162987998 qp 23150 by smtpgate.wvnet.at quit 221 smtpgate.wvnet.at Goodbye. I'am new to qmail-ldap - maybe someone can give me a hint on this problem ! Best regards Stefan
Re: RCPT check
On Wed, Nov 08, 2006 at 01:19:10PM +0100, Berger Stefan wrote: Dear all , If have installed qmail-ldap in an lvs cluster and it's realy working fine . On my Primary MX i have some domains which are all in control/locals. My control/rcpthosts is empty as i don't allow relaying trough this Server. RCPT check is also working fine except for addresses which have only a local part . Does qmail-ldap automatically add a domainpart to the user if nothing is given ? I'm using qmail-ldap-1.03-20060201.patch and qmail-ldap-virtual.20060201.patch on Slackware 10.2 ( x86 32bit ) Below you can see my telnet test 220 smtpgate.wvnet.at ESMTP ehlo 250-smtpgate.wvnet.at 250-PIPELINING 250-DATAZ 250 8BITMIME mail from:[EMAIL PROTECTED] 250 ok rcpt to:[EMAIL PROTECTED] 553 sorry, relaying denied from your location [PROTECTED] (#5.7.1) -- OK , Domain not in RCPT rcpt to:[EMAIL PROTECTED] 554 Sorry, no mailbox here by that name. (#5.1.1) --OK , Domain ist local but no Mailbox with this name rcpt to:hallo -- Only Test and it's working 250 ok data 354 go ahead punk, make my day test . 250 ok 1162987998 qp 23150 by smtpgate.wvnet.at quit 221 smtpgate.wvnet.at Goodbye. I'am new to qmail-ldap - maybe someone can give me a hint on this problem ! No rcpt check does not add a domain to addresses without a domain part. So in the end the rcpt verification is skipped. Probably we should append somethink like plusdomain or mails like that should be rejected. -- :wq Claudio I think we could reject such mails . Do you have any idea how we can do this ? I have no experience in programming . Maybe this Problem only appears with the qmail-ldap-virtual patch . Could someone test it on a installation without this patch ? Stefan
Segfault qmail-smtpd
Hi all , I have installed qmail-ldap and i'm able to start qmail-smtpd - qmail-ldap-1.03-20060201-controls20060217.patch - qmail-ldap-1.03-20060201.patch When i try to connect on port 25 i get following Trying 10.10.10.31... Connected to 10.10.10.31. Escape character is '^]'. Connection closed by foreign host. And my log file shows this qmail-smtpd[4858]: segfault at 002a002a rip 2b9987e43790 rsp 7f921e48 error 4 Could my ldap config the problem ? Is qmail-smtpd dieing when it can't read required information ? regards -Stefan
Compile Problems
Hi all,
I have tried to compile qmail-ldap with control patch on
slamd64 ( slackware 64bit ) and got following error
./compile -DALTQUEUE -DBIGBROTHER -DBIGTODO -DEXTERNAL_TODO -DDASH_EXT
-DDATA_COMPRESS -DIGNOREVERISIGN -DSMTPEXECCHECK -DCOURIER -DDEBUG
-DUSE_CONTROLDB -DUSE_RFC2307 -DUSE_RFC822 -L/opt/openldap/lib -lldap
-llber -I/opt/openldap/include control.c
control.c: In function `control_ldap_search':
control.c:408: warning: assignment makes pointer from integer without a
cast
control.c:463: warning: assignment makes pointer from integer without a
cast
control.c: At top level:
control.c:672: error: conflicting types for 'flatten_attrib_array'
control.c:390: error: previous implicit declaration of
'flatten_attrib_array' was here
make: *** [control.o] Error 1
I have patched a clean qmail1-03 with following patches
qmail-ldap-1.03-20060201-controls20060403b
qmail-ldap-1.03-20060201.patch
My Makefile looks like this
SNAPSHOOT
+++
LDAPFLAGS=-DALTQUEUE -DBIGBROTHER -DBIGTODO -DEXTERNAL_TODO -DDASH_EXT
-DDATA_COMPRESS -DIGNOREVERISIGN -DSMTPEXECCHECK -DCOURIER
SYSLOGAUTH=-DSYSLOGAUTH
RFCFLAGS=-DUSE_RFC2307 -DUSE_RFC822
CONTROLDB=-DUSE_CONTROLDB
LDAPLIBS=-L/opt/openldap/lib -lldap -llber
LDAPINCLUDES=-I/opt/openldap/include
ZINCLUDES=-I/usr/include
TLS=-DTLS_REMOTE -DTLS_SMTPD
TLSINCLUDES=-I/usr/include/openssl
TLSLIBS=-L/usr/lib64 -lssl -lcrypto
OPENSSLBIN=/usr/bin/openssl
OPENSSLBIN=openssl
MNW=-DMAKE_NETSCAPE_WORK
MDIRMAKE=-DAUTOMAILDIRMAKE
HDIRMAKE=-DAUTOHOMEDIRMAKE
DEBUG=-DDEBUG
BACKUPPATH=/backup/qmail-backup/qmail-ldap.`date +%Y%m%d-%H%M`.tar
# STOP editing HERE !!!
# Don't edit Makefile! Use conf-* for configuration.
SHELL=/bin/sh
ifdef LDAPFLAGS
QLDAPLIB=qldap.a
else
ifdef SECUREBIND
QLDAPLIB=qldap.a
else
ifdef CONTROLDB
QLDAPLIB=qldap.a
endif
endif
endif
ifdef SECUREBIND
SECUREBINDLIBS=getopt.a substdio.a
SECUREBINDLIB1=case_diffb.o constmap.o
endif
ifdef CONTROLDB
NEWLDAPPROGLIBS=control.o stralloc.a fs.a
ifdef DEBUG
CONTROLLIBS=read-ctrl.o case.a env.a
else
CONTROLLIBS=read-ctrl.o case.a
endif
endif
# This sums it up nice and correctly, I think!
LDAPFLAGS := $(LDAPFLAGS) $(DEBUG) $(CONTROLDB) $(RFCFLAGS)
$(SECUREBIND) $(LDAPLIBS) $(LDAPINCLUDES)
+
When i check control.c i think that flatten_attrib_array is twice
defined
Control.c line 68
char *flatten_attrib_arry(const char *attrs[]);
Control.c line 652
#ifdef USE_CONTROLDB
/* This function will return TRUE if file is OK to fetch from LDAP */
int verify_ldap_file_check(const char *fn) {
if(!strstr(fn, .cdb)
(strstr(fn, me) == fn)
(strstr(fn, ldapserver) == fn)
(strstr(fn, ldapcontroldn) == fn)
(strstr(fn, ldaplogin) == fn)
(strstr(fn, ldappassword) == fn)
#if defined(SECUREBIND_SASL) || defined(SECUREBIND_SSL) ||
defined(SECUREBIND_TLS) || defined(SECUREBIND_ALL)
(strstr(fn, ldapsecurebind) == fn)
#endif
/* Do we have what we need for an LDAP search!? */
ldap_controldn.len
(me.len || ldap_me.len)
q-ld)
return 1;
return 0;
}
char *flatten_attrib_array(const char *attrs[]) {
int i;
stralloc string = {0};
for(i=0; attrs[i]; i++) {
logit(256, attrs[%d]: '%s'\n,
i, attrs[i]);
if(! stralloc_copys(string, attrs[i]) ) _exit(QLX_NOMEM);
if(attrs[i+1])
if(! stralloc_cats(string, , ) ) _exit(QLX_NOMEM);
}
if(! stralloc_0(string)) _exit(QLX_NOMEM);
logit(256, string: '%s'\n,
string.s);
return(string.s);
}
#endif
Sorry for the long post , hope anyone could give me a hint
Best regards
Stefan
