Re: Theory behind rcpt_ok doing relaying check?
On 6-Sep-07, at 8:29 PM, Robert Spier wrote: Some of this will be easier to fix if if let plugins register to be run first and last. Eeep. No. I like the strict ordering guarantees given by the config file. The first/last stuff ends up just being a morass. Yes, if you want that, use $Include plugin.d, and have NN_plugin_name files. Matt.
Roll your own vs. default distro (was: Theory behind rcpt_ok doing relaying check?)
Chris Garrigues wrote: Two weeks into membership on this list and I'm beginning to realize that the design of plugins is utterly chaotic. Since we're at 0.40, I guess that's okay, but by 1.0 I hope it's no longer true. Is there a roadmap which states when along the way the distribution will include fixes like this one and some documentation on the use of notes for whitelists and other stuff like that? Interesting point. I think the history of qpsmtpd has been to provide a very basic framework, with every user/admin rolling their own a) combination of plugins and b) their own plugins. The plugins in the distribution have been there more as teasers or proof of concept. I think we should continue to encourage this sort of ethos in the project, but I would also strongly encourage anyone with some free time on their hands to select, review, adapt, integrate and document a basic set of plugins that should come with the distribution and move esoteric plugins in the trunk should to contrib. But I won't be that volunteer, I've enough work on my hands fine-tuning my own esoteric plugins to keep at bay the spammers that bug me most. -Johan -- Johan Almqvist Christies gate 34 A 0557 Oslo Norway Mobile: +47 40 04 68 21 E-mail: [EMAIL PROTECTED]
Re: Theory behind rcpt_ok doing relaying check?
On Sep 5, 2007, at 3:27 PM, Chris Garrigues wrote: okay...you've demonstrated that the other more sensible way works fine...so why does the default distribution do it the way it does? Isn't it mostly a matter of poor naming ? Those plugins were some of the first ones when we weren't so wise, yet. Renaming them is tricky because we'll break a bunch of old configuration files. Some of this will be easier to fix if if let plugins register to be run first and last. Is there a roadmap which states when along the way the distribution will include fixes like this one and some documentation on the use of notes for whitelists and other stuff like that? The plan is, eventually, to have proper APIs and plugin hooks for some of the things notes are used for now (whitelists, user information, ). And yes, definitely before 1.0. - ask -- http://develooper.com/ - http://askask.com/
Re: Roll your own vs. default distro (was: Theory behind rcpt_ok doing relaying check?)
From: Johan Almqvist [EMAIL PROTECTED] Date: Thu, 06 Sep 2007 09:33:33 +0200 Chris Garrigues wrote: Two weeks into membership on this list and I'm beginning to realize that the design of plugins is utterly chaotic. Since we're at 0.40, I guess that's okay, but by 1.0 I hope it's no longer true. Is there a roadmap which states when along the way the distribution will include fixes like this one and some documentation on the use of notes for whitelists and other stuff like that? Interesting point. I think the history of qpsmtpd has been to provide a very basic framework, with every user/admin rolling their own a) combination of plugins and b) their own plugins. The plugins in the distribution have been there more as teasers or proof of concept. I think we should continue to encourage this sort of ethos in the project, but I would also strongly encourage anyone with some free time on their hands to select, review, adapt, integrate and document a basic set of plugins that should come with the distribution and move esoteric plugins in the trunk should to contrib. But I won't be that volunteer, I've enough work on my hands fine-tuning my own esoteric plugins to keep at bay the spammers that bug me most. I think ultimately you (we?) will need a set of default plugins that solves 95%+ situations, but it's probably equally true that to expect that in version 0.40 is naive. I'm new in these parts and am also quite busy growing my business, but I'm tempted to be the volunteer for this task. Chris -- Chris Garrigues Trinsic Solutions President 710-B West 14th Street Austin, TX 78701-1798 http://www.trinsics.com/blog http://www.trinsics.com 512-322-0180 Would you rather proactively pay for uptime or reactively pay for downtime? Trinsic Solutions Your Trusted Friends in Proactive IT. pgpgZtEq9uMEi.pgp Description: PGP signature
Re: Theory behind rcpt_ok doing relaying check?
Isn't it mostly a matter of poor naming ? Only partly, a lot is you need ... The plan is, eventually, to have proper APIs and plugin hooks for some of the things notes are used for now (whitelists, user information, ). Yeah. For example, I have several plugins that check something early on (dnsbls and daemon_greylist) and cause a hard or soft fail at DATA. At the moment I have kludgy stuff passing notes back and forth. R's, John
Re: Theory behind rcpt_ok doing relaying check?
Some of this will be easier to fix if if let plugins register to be run first and last. Eeep. No. I like the strict ordering guarantees given by the config file. The first/last stuff ends up just being a morass.
Theory behind rcpt_ok doing relaying check?
I just noticed some entries in my greylist for mail from the outside world destined for domains that aren't mine and thought Oh oh, am I an open relay? I quickly determined that I'm not, so I thought I'd try to understand why messages which will be denied due to relaying are even touching my greylist. After all, check_relay is up near the top of my plugins file. So, I determined that all check_relay does is to set the relay_client flag and a test for rcpt_hosts doesn't happen until rcpt_ok (which must be run last). Why doesn't rcpt_ok just return(OK) and the logic for testing rcpthosts get moved to check_relay? Chris -- Chris Garrigues Trinsic Solutions President 710-B West 14th Street Austin, TX 78701-1798 http://www.trinsics.com/blog http://www.trinsics.com 512-322-0180 Would you rather proactively pay for uptime or reactively pay for downtime? Trinsic Solutions Your Trusted Friends in Proactive IT. pgpbO4dADq3Up.pgp Description: PGP signature
Re: Theory behind rcpt_ok doing relaying check?
On 2007-09-05 14:06:32 -0500, Chris Garrigues wrote: I just noticed some entries in my greylist for mail from the outside world destined for domains that aren't mine and thought Oh oh, am I an open relay? I quickly determined that I'm not, so I thought I'd try to understand why messages which will be denied due to relaying are even touching my greylist. After all, check_relay is up near the top of my plugins file. So, I determined that all check_relay does is to set the relay_client flag and a test for rcpt_hosts doesn't happen until rcpt_ok (which must be run last). Why doesn't rcpt_ok just return(OK) and the logic for testing rcpthosts get moved to check_relay? Have a look at http://svn.perl.org/viewcvs/qpsmtpd/contrib/hjp/rcpt_accept/rcpt_accept?view=markuprev=638 The POD still calls this plugin rcpt_ok, although I had to rename it to rcpt_accept because some other plugin was named rcpt_ok :-(. My scheme for handling rcpt request is like this: * All plugins return DENY (or DENYSOFT) if the mail should *not* be accepted for this recipient. Else they return DECLINED. * The first plugin checks whether the recipient exists and optionally sets some notes based on the recipient's preferences. (I use aliases_check for this) * The next plugins do all kinds of anti-spam checks (DNSBLs, greylisting, closed mailinglists, ...) * The last plugin is rcpt_accept, which unconditionally accepts the mail for this recipient. hp -- _ | Peter J. Holzer| I know I'd be respectful of a pirate |_|_) | Sysadmin WSR | with an emu on his shoulder. | | | [EMAIL PROTECTED] | __/ | http://www.hjp.at/ |-- Sam in Freefall signature.asc Description: Digital signature
Re: Theory behind rcpt_ok doing relaying check?
From: Peter J. Holzer [EMAIL PROTECTED] Date: Wed, 5 Sep 2007 23:36:37 +0200 Why doesn't rcpt_ok just return(OK) and the logic for testing rcpthosts get moved to check_relay? Have a look at http://svn.perl.org/viewcvs/qpsmtpd/contrib/hjp/rcpt_accept/rcpt_accept?view=markuprev=638 okay...you've demonstrated that the other more sensible way works fine...so why does the default distribution do it the way it does? Two weeks into membership on this list and I'm beginning to realize that the design of plugins is utterly chaotic. Since we're at 0.40, I guess that's okay, but by 1.0 I hope it's no longer true. Is there a roadmap which states when along the way the distribution will include fixes like this one and some documentation on the use of notes for whitelists and other stuff like that? Chris -- Chris Garrigues Trinsic Solutions President 710-B West 14th Street Austin, TX 78701-1798 http://www.trinsics.com/blog http://www.trinsics.com 512-322-0180 Would you rather proactively pay for uptime or reactively pay for downtime? Trinsic Solutions Your Trusted Friends in Proactive IT. pgphaXlZWYJdG.pgp Description: PGP signature