| Home | Mailinglist | Download | License |
| Documentation | db/suite | db/common | db/base | db/relay | db/user | db/greylist |
db/relay - checks the relayclients config file, $ENV{RELAYCLIENT} and a table of the database suite to see if relaying is allowed.
This plugin sets the flag $connection->relay_client by looking
up the remote ip in a table of the database defined in
db/base created by a POP3/IMAP server.
If no record is found, $ENV{RELAYCLIENT} and the config file
/etc/qpsmtpd/relayclients are checked.
It is an extension to the module check_relay shipped with qpsmtpd
and the same configfile /etc/qpsmtpd/relayclients is used.
db/relay requires the plugins db/common to be installed and db/base to be loaded.
It's tested with Dovecot 1.0.rc15, Qpsmtpd 0.32 and MySQL 5.0.32 on Debian Etch.
Here's an example for the POP3/IMAP server Dovecot:
A table is needed to store the tuple [ relay_ip , relay_time ] - e.g. (MySQL):
USE `maildb`; CREATE TABLE `popbsmtp` ( `ip` varchar(15) NOT NULL default '', `login_time` datetime NOT NULL, PRIMARY KEY (`ip`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1;
This shell script is needed to make Dovecot write the login to a table.
Action: when called by Dovecot as described below, updates an SQL table with logged-in IP and current time, and then executes the relevant process.
Output: normally nothing, errors are logged.
The expiring of old IPs is controlled here by relay_pending. The cleanup cronjob is left as an excercise to the reader ;-)
#!/bin/sh
# Note that you must set up a script that deletes old IPs separately,
# and you also must configure your MTA properly. The script only
# performs the 'update on successful login' step, which alone is
# insecure without expiring older IPs!
# The HOME= lines are necessary to find $HOME/.my.cnf containing login info,
# because mail_executable is executed as root, but without a home directory.
# Of course this script must not be writable by anyone else than root.
(
# drop out IPs from local networks that can relay anyway
IP=`echo $IP | grep -v '^127\.0\.0\.'`
if [ -n "$IP" ]
then
export HOME=/root/
echo "REPLACE INTO popbsmtp VALUES('$IP',NOW());" | mysql maildb
export HOME=/
fi
) >> /var/log/popbsmtp.error.log 2>&1
exec "$@"
See also http://wiki.dovecot.org/PopBSMTPAndDovecot
The Dovecot config file should be modified with these lines:
protocol pop3 {
mail_executable = /usr/lib/dovecot/popbsmtp.sh /usr/lib/dovecot/pop3
}
protocol imap {
mail_executable = /usr/lib/dovecot/popbsmtp.sh /usr/lib/dovecot/imap
}
See also http://wiki.dovecot.org/PopBSMTPAndDovecot
All other database plugins must follow the basic plugin db/base - e.g.:
db/base db/relay db/user db/greylist
It's just a list of IPs - as for the plugin check_relay:
# Format is IP, or IP part with trailing dot # e.g. "127.0.0.1", or "192.168." 127.0.0.1 192.168.0.
| Parameter | Example | Optional/Default |
| relay_table | relay_table=my_table | popbsmtp |
| relay_ip | relay_ip=my_ip_field | ip |
| relay_time | relay_time=my_time_field | login_time |
| relay_pending | relay_pending = 60 * 15 | 60 * 30 (30 minutes) |
seconds [ * minutes [ * hours [ * days ]]]
are accepted and will be evalued. All values must be > 0 !
See db_valid_config and hook_rcpt.
Call: $self->init ( $qp )
$qpCalled from qpsmtpd on startup.
Calls isa_plugin('db/common') and db/common::init ( $qp ).
Call: $self->db_init_config ( $config_fields, $config_fields_empty, $config_fields_default )
$config_fields, $config_fields_empty, $config_fields_defaultCalled from db/common::init.
Sets the local config hashes. See /etc/qpsmtpd/db_relay.
go top
Call: $self->db_valid_config ()
Called from db/common::init.
The config entry relay_pending is checked and calulated, if an expression is found.
Calls db/common::db_die on errors.
On errors in db_valid_config qpsmtpd won't start.
Calls relay_record with $connection->remote_ip.
Checks relay_pending against relay_time.
On exceeding the allowed time or if no record was found, $ENV{RELAYCLIENT} and the config file /etc/qpsmtpd/relayclients are checked.
Sets $connection->relay_client(1), if relaying is allowed.
Returns:
| db/common::db_declined | continue, log entries: |
... IP: '...' (NET: '...') is a relay client | if ip is allowed to relay, |
... IP: '...' (NET: '...') is NOT a relay client | otherwise. |
| db/common::db_denysoft_error | on error. |
Call: $self->relay_record ( $relay_ip )
$relay_ip1.2.3.4
Called from hook_rcpt.
Calls db/common::db_open.
Reads relay_table.
Returns: (three-state)
undef | on errors. |
| record as reference to a hash | if $relay_ip was found.
|
| reference to an empty hash | if $relay_ip was not found. |
Thanks to Ask Bjoern Hansen for qpsmtpd.
And Lorens Kockum / Matthias Andree for the Dovecot script.
http://wiki.dovecot.org/PopBSMTPAndDovecot
(c) Ernesto 2007, ernesto@dienstleistung-kultur.de
http://dienstleistung-kultur.de/qpsmtpd/
As per the qpsmtpd license.