Home

| Home | Mailinglist | Download | License |

| Documentation | db/suite | db/common | db/base | db/relay | db/user | db/greylist |

qpsmtpd - Plugin db/relay Documentation


NAME db/relay

db/relay - checks the relayclients config file, $ENV{RELAYCLIENT} and a table of the database suite to see if relaying is allowed.

go top


VERSION 2007.1

go top


DESCRIPTION

This plugin sets the flag $connection->relay_client by looking up the remote ip in a table of the database defined in db/base created by a POP3/IMAP server. If no record is found, $ENV{RELAYCLIENT} and the config file /etc/qpsmtpd/relayclients are checked.

It is an extension to the module check_relay shipped with qpsmtpd and the same configfile /etc/qpsmtpd/relayclients is used.

go top


REQUIREMENTS

db/relay requires the plugins db/common to be installed and db/base to be loaded.

It's tested with Dovecot 1.0.rc15, Qpsmtpd 0.32 and MySQL 5.0.32 on Debian Etch.

Here's an example for the POP3/IMAP server Dovecot:

relay_table

A table is needed to store the tuple [ relay_ip , relay_time ] - e.g. (MySQL):

 USE `maildb`;

 CREATE TABLE `popbsmtp` (
   `ip` varchar(15) NOT NULL default '',
   `login_time` datetime NOT NULL,
   PRIMARY KEY  (`ip`)
 ) ENGINE=MyISAM DEFAULT CHARSET=latin1;

/usr/lib/dovecot/popbsmtp.sh

This shell script is needed to make Dovecot write the login to a table.

Action: when called by Dovecot as described below, updates an SQL table with logged-in IP and current time, and then executes the relevant process.

Output: normally nothing, errors are logged.

The expiring of old IPs is controlled here by relay_pending. The cleanup cronjob is left as an excercise to the reader ;-)

 #!/bin/sh

 # Note that you must set up a script that deletes old IPs separately,
 # and you also must configure your MTA properly. The script only
 # performs the 'update on successful login' step, which alone is
 # insecure without expiring older IPs!

 # The HOME= lines are necessary to find $HOME/.my.cnf containing login info,
 # because mail_executable is executed as root, but without a home directory.
 # Of course this script must not be writable by anyone else than root.

 (
    # drop out IPs from local networks that can relay anyway
    IP=`echo $IP | grep -v '^127\.0\.0\.'`
    if [ -n "$IP" ]
    then
       export HOME=/root/
       echo "REPLACE INTO popbsmtp VALUES('$IP',NOW());" | mysql maildb
       export HOME=/
    fi
 ) >> /var/log/popbsmtp.error.log 2>&1
 exec "$@"

See also http://wiki.dovecot.org/PopBSMTPAndDovecot

/etc/dovecot/dovecot.conf

The Dovecot config file should be modified with these lines:

 protocol pop3 {
    mail_executable = /usr/lib/dovecot/popbsmtp.sh /usr/lib/dovecot/pop3
 }
 protocol imap {
    mail_executable = /usr/lib/dovecot/popbsmtp.sh /usr/lib/dovecot/imap
 }

See also http://wiki.dovecot.org/PopBSMTPAndDovecot

go top


CONFIGURATION

/etc/qpsmtpd/plugins

All other database plugins must follow the basic plugin db/base - e.g.:

 db/base
 db/relay
 db/user
 db/greylist

/etc/qpsmtpd/relayclients

It's just a list of IPs - as for the plugin check_relay:

 # Format is IP, or IP part with trailing dot
 # e.g. "127.0.0.1", or "192.168."
 127.0.0.1
 192.168.0.

/etc/qpsmtpd/db_relay

ParameterExampleOptional/Default
relay_tablerelay_table=my_tablepopbsmtp
relay_iprelay_ip=my_ip_fieldip
relay_timerelay_time=my_time_fieldlogin_time
relay_pendingrelay_pending = 60 * 1560 * 30 (30 minutes)

How the fields are used

See db_valid_config and hook_rcpt.

go top


CONSTRUCTOR METHODS

init

Call: $self->init ( $qp )

Called from qpsmtpd on startup.

Calls isa_plugin('db/common') and db/common::init ( $qp ).

go top

db_init_config

Call: $self->db_init_config ( $config_fields, $config_fields_empty, $config_fields_default )

Called from db/common::init.

Sets the local config hashes. See /etc/qpsmtpd/db_relay.

go top

db_valid_config

Call: $self->db_valid_config ()

Called from db/common::init.

The config entry relay_pending is checked and calulated, if an expression is found.

Calls db/common::db_die on errors.

On errors in db_valid_config qpsmtpd won't start.

go top


HOOKS

hook_rcpt

Calls relay_record with $connection->remote_ip.

Checks relay_pending against relay_time.

On exceeding the allowed time or if no record was found, $ENV{RELAYCLIENT} and the config file /etc/qpsmtpd/relayclients are checked.

Sets $connection->relay_client(1), if relaying is allowed.

Returns:

db/common::db_declinedcontinue, log entries:
... IP: '...' (NET: '...') is a relay clientif ip is allowed to relay,
... IP: '...' (NET: '...') is NOT a relay clientotherwise.
db/common::db_denysoft_erroron error.

go top


HELPER METHODS

relay_record

Call: $self->relay_record ( $relay_ip )

Called from hook_rcpt.

Calls db/common::db_open.

Reads relay_table.

Returns: (three-state)

undefon errors.
record as reference to a hashif $relay_ip was found.
reference to an empty hashif $relay_ip was not found.

go top


CREDITS

Thanks to Ask Bjoern Hansen for qpsmtpd.

http://smtpd.develooper.com/

And Lorens Kockum / Matthias Andree for the Dovecot script.

http://wiki.dovecot.org/PopBSMTPAndDovecot

go top


COPYRIGHT

(c) Ernesto 2007, ernesto@dienstleistung-kultur.de

http://dienstleistung-kultur.de/qpsmtpd/

go top


LICENCE

As per the qpsmtpd license.

go top


This is a service of dienstleistung-kultur.de            Mailsystem QPSMTPD            Comments to Ernesto at ernesto@dienstleistung-kultur.de            Impressum