I had no idea I'd be opening such a big can of worms when I posted my patch, though thankfully all of the feedback I've gotten has been polite, constructive and coherent even if it's been negative :)
As I see it, this patch may fill a need that still exists, but it probably needs a little more work before it hits prime time. First off, lets (re-)examine how Vpopmail handles things without my patch, looking at it from (yet) another direction: Case #1: No auth-before-smtp (POP or IMAP, as opposed to SMTP AUTH) roaming users - tcpserver cdb is statically built. Case #2: Roaming auth-before-smtp (POP or IMAP) is used for all IPs not statically configured in the tcpserver cdb (that is, all static addresses are configured to either allow relaying or deny the connection). Case #3: Roaming auth-before-smtp (POP or IMAP) is used and some or all of the static IPs in tcpserver cdb are allowed to be overridden by pre-authenticating via a non-SMTP method. Case #1 can occur in several different cases (--disable-roaming-users, --disable-rebuild-tcpserver-file, or just not using the dynamic tcpserver file). In any case, my patch is (mostly) irrelevant, as unless you're just nor using the dynamic tcpserver file, the code to update the CDB is not even compiled in, and if that's the case you should reconfigure Vpopmail appropriately in any case. Case #2 is where my patch is most useful: you have specific, statically authorized (or denied) relay IPs that you don't want to take the time to update the cdb for, but need to dynamically allow auth'd clients to relay (for whatever reason - I agree that SMTP AUTH is preferred, but some people still need to support auth-before-smtp for legacy reasons, and I'm not one of thos people who feels that you should eliminate functionality just because you want to discourage its use, unless it's actually broken, violates some part of the official spec, or is actually dangerous. Yes, I know it's a bad idea, and if you want to deprecate it and mark it for elimination 6-12 months from now, that's OK too. But don't just yank it without warning). Also, my patch is pretty much a requirement if you're using webmail, so that the webmail server doesn't keep getting updated in the CDB with every page access... Case #3 is the difficult one - one which my patch doesn't adequately allow for at this time. There has been some discussion about how to dynamically allow for different tcpserver flags to be applied on authentication, rather than the default 'RELAYCLIENT="",RBLSMTPD=""', which I think is a good idea. Currently, if you have a static IP address range set to deny a connection, Vpopmail allows clients who have pre-authenticated via POP or IMAP to connect via SMTP for the auth timeout period. Combined with custom tcpserver flags, this can be used to allow connections without necessarily automatically enabling relaying from otherwise denied IPs. It also allows RBL bypassing on authenticated IP addresses that would otherwise still have to bypass the RBL (Note - I don't use rblsmtpd at this time, so I don't know how well it really works. If you want to school me, that's fine, but please either start a new thread or take it offlist - thanks). I believe that I can adjust my patch to do this, but it will take a little thought and mapping out the possibilities to do it both correctly and efficiently. I'll probably try and tackle it this week, but no guarantees. Also, please note that this usage actually improves the standing of auth-before-smtp (if RELAYCLIENT isn't set automatically) by limiting SMTP traffic from non-approved IP addresses to known authorized users' IPs, while still requiring SMTP AUTH to relay mail (which eliminates the possibility of an IP address being "hijacked" after a legitimate user disconnects but before the open smtp entry expires). So we now have the question: What is the best way to proceed. I think that I would like to see the following changes made to the whole "roaming users" functionality in Vpopmail: 1) Document that the auth-before-smtp RELAYCLIENT="" functionality is deprecated, and schedule it for removal 6-12 months down the line. 2) Hijack the --enable-roaming-users config line to allow a different default set of tcpserver flags to be added. For now, the default would be '--enable-roaming-users="RELAYCLIENT=\"\",RBLSMTPD=\"\""', but once #1 is finalized the RELAYCLIENT part would be removed. 3) Allow the roaming tcpserver flags to be dynamically modified using either a configuration entry in a file (possibly a a second comment in the tcp.smtp file like my STATICUPDATE tweak) or an environment variable (which could be passed via tcpserver to the POP/IMAP service, coming full circle :)). 4) Implement my localrelay functionality with 2 enhancements: a) Recognize the IP address of 0.0.0.0 or NULL and skip the CDB update altogether (I though of this this morning and have already implemented it). b) Provide some sort of tcpserver flag (e.g., 'UPDATESTATIC=""') on various static tcp.smtp lines to indicate that if a match is found for that rule, DO update the cdb as the dynamic tcpserver flags will override the static ones (such as allowing in an otherwise denied range). This will preserve the ability to run vpopmail in exactly the same manner as it currently is, but move in the direction of eliminating auth-before-smtp relaying as the default method AND improving the ability to use auth-before-smtp for other access control methods. Plus, it gives people options without requiring them to be set if they don't use them. Thoughts? Josh -- Joshua Megerman SJGames MIB #5273 - OGRE AI Testing Division You can't win; You can't break even; You can't even quit the game. - Layman's translation of the Laws of Thermodynamics [EMAIL PROTECTED]
