[toaster] qmail-smtpd-auth-secure integration?
Hello list: has anyone integrared this patch: http://www.camscape.ro/opensource/qmail-smtpd-auth-secure.htm with this toaster? regards, Ingo.- --
Re: [toaster] qmail-smtpd-auth-secure integration?
Ingo Claro ha scritto: Hello list: has anyone integrared this patch: http://www.camscape.ro/opensource/qmail-smtpd-auth-secure.htm chkuser already has such feature, enabled by *CHKUSER_EXTRA_MUSTAUTH_VARIABLE.* How much is different what you point from this feature? Tonino ** with this toaster? regards, Ingo.- -- -- [EMAIL PROTECTED]Interazioni di Antonio Nati http://www.interazioni.it [EMAIL PROTECTED]
RE: [toaster] qmail-smtpd-auth-secure integration?
Is this supported in Bills toaster? I need a submission only port without greylisting etc... only for authenticated users. I assume I would need to copy qmail-smtpd run scripts and chance tcp.smtp to something like :allow, RELAYCLIENT="",CHKUSER_MUSTAUTH ?? Do I need something else ? Regards, E:S From: tonix (Antonio Nati) [mailto:[EMAIL PROTECTED] Sent: Dienstag, 13. November 2007 22:23 To: toaster@shupp.org Subject: Re: [toaster] qmail-smtpd-auth-secure integration? Ingo Claro ha scritto: Hello list: has anyone integrared this patch: http://www.camscape.ro/opensource/qmail-smtpd-auth-secure.htm chkuser already has such feature, enabled by CHKUSER_EXTRA_MUSTAUTH_VARIABLE. How much is different what you point from this feature? Tonino with this toaster? regards, Ingo.- -- -- [EMAIL PROTECTED]Interazioni di Antonio Nati http://www.interazioni.it [EMAIL PROTECTED] __ NOD32 2655 (20071113) Information __ This message was checked by NOD32 antivirus system. http://www.eset.com
Re: [toaster] qmail-smtpd-auth-secure integration?
If you set RELAYCLIENT then everything is accepted. RELAYCLIENT must be set only by auth code. If RELAYCLIENT is set, then chkuser will let the message flow. :allow, CHKUSER_MUSTAUTH="" This feature can work despite (with/without) any other chkuser feature. I use it both for submission port and for authenticated relay server on port 25. Tonino Edvin Seferovic ha scritto: Is this supported in Bills toaster? I need a submission only port without greylisting etc... only for authenticated users. I assume I would need to copy qmail-smtpd run scripts and chance tcp.smtp to something like :allow, RELAYCLIENT="",CHKUSER_MUSTAUTH ?? Do I need something else ? Regards, E:S *From:* tonix (Antonio Nati) [mailto:[EMAIL PROTECTED] *Sent:* Dienstag, 13. November 2007 22:23 *To:* toaster@shupp.org *Subject:* Re: [toaster] qmail-smtpd-auth-secure integration? Ingo Claro ha scritto: Hello list: has anyone integrared this patch: http://www.camscape.ro/opensource/qmail-smtpd-auth-secure.htm chkuser already has such feature, enabled by *CHKUSER_EXTRA_MUSTAUTH_VARIABLE.* How much is different what you point from this feature? Tonino with this toaster? regards, Ingo.- -- -- [EMAIL PROTECTED]Interazioni di Antonio Nati http://www.interazioni.it [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> __ NOD32 2655 (20071113) Information __ This message was checked by NOD32 antivirus system. http://www.eset.com -- [EMAIL PROTECTED]Interazioni di Antonio Nati http://www.interazioni.it [EMAIL PROTECTED]
Re: [toaster] qmail-smtpd-auth-secure integration?
tonix (Antonio Nati) wrote: Ingo Claro ha scritto: Hello list: has anyone integrared this patch: http://www.camscape.ro/opensource/qmail-smtpd-auth-secure.htm chkuser already has such feature, enabled by *CHKUSER_EXTRA_MUSTAUTH_VARIABLE.* How much is different what you point from this feature? Tonino: this part: Further more it only allows messages which have the same MAIL FROM: and SMTP AUTH user to avoid sender misrepresentation.
Re: [toaster] qmail-smtpd-auth-secure integration?
Ingo Claro ha scritto: tonix (Antonio Nati) wrote: Ingo Claro ha scritto: Hello list: has anyone integrared this patch: http://www.camscape.ro/opensource/qmail-smtpd-auth-secure.htm chkuser already has such feature, enabled by *CHKUSER_EXTRA_MUSTAUTH_VARIABLE.* How much is different what you point from this feature? Tonino: this part: Further more it only allows messages which have the same MAIL FROM: and SMTP AUTH user to avoid sender misrepresentation. What about NULL senders? Is allowed? A read receipt has a null sender address. Tonino -- [EMAIL PROTECTED]Interazioni di Antonio Nati http://www.interazioni.it [EMAIL PROTECTED]
Re: [toaster] qmail-smtpd-auth-secure integration?
tonix (Antonio Nati) wrote:
Ingo Claro ha scritto:
tonix (Antonio Nati) wrote:
Ingo Claro ha scritto:
Hello list:
has anyone integrared this patch:
http://www.camscape.ro/opensource/qmail-smtpd-auth-secure.htm
chkuser already has such feature, enabled by
*CHKUSER_EXTRA_MUSTAUTH_VARIABLE.*
How much is different what you point from this feature?
Tonino:
this part:
Further more it only allows messages which have the same MAIL FROM:
and SMTP AUTH user to avoid sender misrepresentation.
What about NULL senders? Is allowed? A read receipt has a null sender
address.
good point, I didn't knew that. I looked at the code and this is the check:
if (authd && strcmp(addr.s,user.s)) { err_authmismatch(); return; }
so it doesn't consider the null senders (unless thay are sent without auth )
I think the patch is a good idea, but don't know for the moment how to
fix the null sender part.
regards,
Ingo.-
Re: [toaster] qmail-smtpd-auth-secure integration?
Ingo Claro ha scritto:
tonix (Antonio Nati) wrote:
Ingo Claro ha scritto:
tonix (Antonio Nati) wrote:
Ingo Claro ha scritto:
Hello list:
has anyone integrared this patch:
http://www.camscape.ro/opensource/qmail-smtpd-auth-secure.htm
chkuser already has such feature, enabled by
*CHKUSER_EXTRA_MUSTAUTH_VARIABLE.*
How much is different what you point from this feature?
Tonino:
this part:
Further more it only allows messages which have the same MAIL FROM:
and SMTP AUTH user to avoid sender misrepresentation.
What about NULL senders? Is allowed? A read receipt has a null sender
address.
good point, I didn't knew that. I looked at the code and this is the
check:
if (authd && strcmp(addr.s,user.s)) { err_authmismatch(); return; }
so it doesn't consider the null senders (unless thay are sent without
auth )
I think the patch is a good idea, but don't know for the moment how to
fix the null sender part.
This is the reason for which I did not put this check inside chkuser. If
you stop NULL sender, you block user's normal activity when sending
receipts. If you don't, checking is unuseful for smart users. Not
speaking about using "reply to:" different from "return to:" different
from "mail from".
Anyway, as auth is always putting the real authenticated sender inside
mail headers, so, personally, I don't see this as a huge problem.
Regards,
Tonino
regards,
Ingo.-
--
[EMAIL PROTECTED]Interazioni di Antonio Nati
http://www.interazioni.it [EMAIL PROTECTED]
Re: [toaster] qmail-smtpd-auth-secure integration?
tonix (Antonio Nati) wrote: [snip] This is the reason for which I did not put this check inside chkuser. If you stop NULL sender, you block user's normal activity when sending receipts. If you don't, checking is unuseful for smart users. Not speaking about using "reply to:" different from "return to:" different from "mail from". Anyway, as auth is always putting the real authenticated sender inside mail headers, so, personally, I don't see this as a huge problem. bummer :( thanks for the explanation. Regards, Tonino regards, Ingo.- -- [EMAIL PROTECTED]Interazioni di Antonio Nati http://www.interazioni.it [EMAIL PROTECTED]
