1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
|
Version 0.98 of mailfront is now available at:
http://untroubled.org/mailfront/
------------------------------------------------------------------------------
Changes in version 0.98
- Added enhanced mail system status codes (RFC 1893/2034).
- Added support for rejecting all mail unless client is authenticated
(either as a relay client or with SMTP authentication) if
$REQUIRE_AUTH is set.
- Full domain names are now required in all addresses except for the
null sender.
- Removed the "bounce must have a single recipient" rule, as it is
currently causing more problems (with address checkers) than it is
solving (spammers no longer use this technique).
- Fixed one-off bug in counting recipients for $MAXRCPTS.
- Truncate UIDL responses to 70 characters as per RFC 1939.
- Added QMQP and QMTP "reject" front ends, for completeness.
The enhanced mail system status codes together with the $REQUIRE_AUTH
change should make smtpfront compliant with RFC 2476's requirements for
a "message submission agent", suitable for use on TCP port 587.
Development of this version has been sponsored by FutureQuest, Inc.
ossi@FutureQuest.net http://www.FutureQuest.net/
-------------------------------------------------------------------------------
mailfront
Mail server network protocol front-ends
Bruce Guenter <bruceg@em.ca>
Version 0.98
2005-10-26
This is mailfront, a package containing customizeable network front-ends
for mail servers. It contains complete SMTP, QMQP, QMTP, and POP3
front-ends as well as an authentication module for IMAP. The mail
delivery front-ends also contain internal address filtering features.
Two SMTP back-ends are provided. One delivers mail to qmail-queue,
mimicking most of the behavior of qmail-smtpd, with the addition of
support for SMTP AUTH. The other rejects all SMTP commands if
$SMTPREJECT is set, and execs its command line otherwise (in order to
run the above program).
A mailing list has been set up to discuss this and other packages.
To subscribe, send an email to:
bgware-subscribe@lists.untroubled.org
A mailing list archive is available at:
http://lists.untroubled.org/?list=bgware
Development versions of mailfront are available via Subversion at:
svn://bruce-guenter.dyndns.org/mailfront/trunk
Requirements:
- bglibs version 1.022
- cvm version 0.71
Installation:
- Build the sources by running "make"
- Run the "instshow" command to see what will be installed (optional).
- After the package has been compiled, run the following commands as root:
./installer
./instcheck
These commands will produce no output if there are no errors.
Configuration:
- To take advantage of the SMTP AUTH features, make sure you have a CVM
authentication program (some are included with the cvm package itself).
- Run a CVM authentication module to provide the AUTH feature.
Example: To run cvm-vmailmgr as a daemon:
exec /usr/local/bin/softlimit -m 9000000 \
/usr/local/bin/cvm-vmailmgr /tmp/.cvm-vmailmgr 2>&1
- Configure your mail system to use the SMTP back-end with the
appropriate environment variables.
Example using tcpserver (highly recommended):
#!/bin/sh
QMAILDUID=`id -u qmaild`
NOFILESGID=`id -g qmaild`
MAXSMTPD=`head -1 /var/qmail/control/concurrencyincoming`
if [ -z "$QMAILDUID" -o -z "$NOFILESGID" -o -z "$MAXSMTPD" ]; then
echo $0: QMAILDUID, NOFILESGID, or MAXSMTPD is unset
exit 1
fi
exec \
/usr/local/bin/envdir /etc/smtpfront \
/usr/local/bin/softlimit -m 2000000 \
/usr/local/bin/tcpserver -v -R -H \
-l "`head -1 /var/qmail/control/me`" -x /etc/tcp.smtp.cdb \
-c "$MAXSMTPD" -u "$QMAILDUID" -g "$NOFILESGID" 0 25 \
/usr/local/bin/smtpfront-qmail 2>&1
/etc/smtpfront/CVM_SASL_PLAIN:
cvm-local:/tmp/.cvm-vmailmgr
Example using xinetd with TCP Wrappers:
/etc/xinetd.d/smtp:
# default: on
# description: smtp
service smtp
{
disable = no
flags = REUSE NAMEINARGS
socket_type = stream
protocol = tcp
wait = no
user = qmaild
server = /usr/sbin/tcpd
server_args = /var/qmail/bin/tcp-env -R /usr/local/sbin/smtpfront-wrapper
log_on_success += USERID
log_on_failure += USERID
}
/usr/local/sbin/smtpfront-wrapper:
#!/bin/sh
CVM_SASL_PLAIN=cvm-local:/tmp/.cvm-unix
export CVM_SASL_PLAIN
CVM_SASL_LOGIN=cvm-local:/tmp/.cvm-unix
export CVM_SASL_LOGIN
exec /usr/local/bin/smtpfront-qmail 2>> /tmp/smtpfront-errs.txt
This project was initiated at FutureQuest, Inc. We are releasing it
as an open-source project because we felt it would be useful to others,
as well as to repay our debt of gratitude to the larger open-source
community for the excellent packages we have enjoyed.
For more details, you may contact FutureQuest, Inc. at:
FutureQuest, Inc.
PO BOX 623127
Oviedo FL 32762-3127 USA
http://www.FutureQuest.net/
ossi@FutureQuest.net
This package is Copyright(C) 2005 Bruce Guenter or FutureQuest, Inc.,
and may be copied according to the GNU GENERAL PUBLIC LICENSE (GPL)
Version 2 or a later version. A copy of this license is included with
this package. This package comes with no warranty of any kind.
|
