Re: [vchkpw] Deny the option Roaming-User the a specific Pool of IP
On Tuesday, August 20, 2002, at 08:54 PM, Bill Shupp wrote:
> On Tuesday, August 20, 2002, at 06:46 PM, Juan Enciso - DNSQ wrote:
>
>> Hello people.
>> I am using vpopmail-5.2.1 with the option roaming-user available and
>> everything works very well.
>> I have a suggestion to add a new function to the program, specifically
>> in the option of romaing-user. It wanted that only some pools of IP
>> have the possibility of making a pop authentication, thus to be able
>> to send messages.
>> These pools would be put in a file with similar format to tcp.smtp.
>> I want to have a better control on the IP that can send messages.
>> Desire to have the capacity to deny any IP or pools IP even so they
>> are my users.
>
> This is already available through tcpserver. Just put something like
> this in your ~vpopmail/etc/tcp.smtp file:
>
> 1.2.3.4:deny
>
> Then run clearopensmtp to easily update your cdb file. This will
> disallow 1.2.3.4 from sending smtp, even if they are in they have
> roaming enabled (overrides roaming users). You can also deny multiple
> IPs like so:
>
> 1.2.3.37-53:deny
> or
> 1.2.3.:deny
>
> See:
>
> http://cr.yp.to/qmail/faq/servers.html#authorized-relay
> http://cr.yp.to/ucspi-tcp/tcprules.html
>
> ...for more information.
Ok, upon rereading your post, I see that I answered a different
question.. ; )
What you are asking for could be done pretty easily, I think. Just
setup another rules file, like tcp.pop, and add a rule like so:
1.2.3.:allow,ALLOWROAMING='""
This says that only addresses in 1.2.3.0/24 are allowed to roam
(assuming that the the NO_RELAY bit is not set for the user).
Then, in apply this patch to vpopmail.c:
*** vpopmail.c.orig Tue Aug 20 21:34:34 2002
--- vpopmail.c Tue Aug 20 21:37:39 2002
***
*** 2040,2045
--- 2040,2050
#ifdef POP_AUTH_OPEN_RELAY
int open_smtp_relay()
{
+ allowroaming = env_get("ALLOWROAMING");
+ if(!allowroaming) {
+ return(0);
+ }
+
#ifdef USE_SQL
vopen_smtp_relay();
update_rules();
That should prevent roaming users for any ip's that don't have
ALLOWROAMING set. *Note that this hack forces you to specify which
ranges can roam, and prevents roaming by default. Also, I haven't
tested this, but it does compile. So your mileage may vary... ; )
Regards,
Bill Shupp
Re: [vchkpw] Deny the option Roaming-User the a specific Pool of IP
On Tuesday, August 20, 2002, at 06:46 PM, Juan Enciso - DNSQ wrote: > Hello people. > I am using vpopmail-5.2.1 with the option roaming-user available and > everything works very well. > I have a suggestion to add a new function to the program, specifically > in the option of romaing-user. It wanted that only some pools of IP > have the possibility of making a pop authentication, thus to be able to > send messages. > These pools would be put in a file with similar format to tcp.smtp. > I want to have a better control on the IP that can send messages. > Desire to have the capacity to deny any IP or pools IP even so they are > my users. This is already available through tcpserver. Just put something like this in your ~vpopmail/etc/tcp.smtp file: 1.2.3.4:deny Then run clearopensmtp to easily update your cdb file. This will disallow 1.2.3.4 from sending smtp, even if they are in they have roaming enabled (overrides roaming users). You can also deny multiple IPs like so: 1.2.3.37-53:deny or 1.2.3.:deny See: http://cr.yp.to/qmail/faq/servers.html#authorized-relay http://cr.yp.to/ucspi-tcp/tcprules.html ...for more information. Regards, Bill Shupp
Re: [vchkpw] Deny the option Roaming-User the a specific Pool of IP
Just to preface this, I'm a newbie at both unix, qmail, and vpopmail. But here is how I think what you want done can be accomplished. It's a bit of a hack, but should work... The file open.smtp contains data such as: 123.123.123.123:allow,RELAYCLIENT="",RBLSMTPD="" 1029889261 This file is cleared out by the clearopensmtp program that is scheduled by cron. What if you placed the IP's you would like to ban in the open.smtp file, but with a timestamp that is far in the future? And use deny rather than allow? I should think it would work. Maybe a vpopmail guru can comment on this Matt Wade - Original Message - From: Juan Enciso - DNSQ To: [EMAIL PROTECTED] Sent: Tuesday, August 20, 2002 7:46 PM Subject: [vchkpw] Deny the option Roaming-User the a specific Pool of IP Hello people. I am using vpopmail-5.2.1 with the option roaming-user available and everything works very well. I have a suggestion to add a new function to the program, specifically in the option of romaing-user. It wanted that only some pools of IP have the possibility of making a pop authentication, thus to be able to send messages. These pools would be put in a file with similar format to tcp.smtp. I want to have a better control on the IP that can send messages. Desire to have the capacity to deny any IP or pools IP even so they are my users. Thanks for your response Juan Enciso Condeña.Área de OperacionesQnet - Servicios InternetTelf. 241-4122 anexo 2245 - 2244www.qnet.com.pe
[vchkpw] Deny the option Roaming-User the a specific Pool of IP
Hello people. I am using vpopmail-5.2.1 with the option roaming-user available and everything works very well. I have a suggestion to add a new function to the program, specifically in the option of romaing-user. It wanted that only some pools of IP have the possibility of making a pop authentication, thus to be able to send messages. These pools would be put in a file with similar format to tcp.smtp. I want to have a better control on the IP that can send messages. Desire to have the capacity to deny any IP or pools IP even so they are my users. Thanks for your response Juan Enciso Condeña.Área de OperacionesQnet - Servicios InternetTelf. 241-4122 anexo 2245 - 2244www.qnet.com.pe
