Ok, I have created a patch for you and added it as an attachment. I
tested this patch by doing the following (the patch applies to
netqmail-1.05 + tls-smtpauth-20040705) :-
tar -xzf netqmail-1.05.tar.gz
cd netqmail-1.05
./collate.sh
cd netqmail-1.05
patch -p1 < ~/netqmail-1.05-tls-smtpauth-20040705.patch
patch -p1 < ~/netqmail-1.05-qmail-remote.patch
make
vi /var/qmail/control/me
Added -> testing.domain.com
vi /var/qmail/control/smtproutes
Added -> ::smtp.domain.com::username:password
vi message
Added -> To: [EMAIL PROTECTED]
From: [EMAIL PROTECTED]
Subject: This is a test
Testing, please ignore
./qmail-remote domain.com [EMAIL PROTECTED] [EMAIL PROTECTED] < message
Received -> rK10.10.1.1 accepted message.
Remote host said: 250 ok 109526512 qp 2906
I then checked the Received: header in the E-Mail and it had the all
important "(HELO testing.domain.com) ([EMAIL PROTECTED])" indicating
that the E-Mail was AUTH'ed with the username of 'username' at the IP
address '10.10.1.10'.
Make sure you don't cut and paste the attached patch ("Stripping
trailing CRs from patch." and "patch unexpectedly ends in middle of line")
but save the attachment as is.
On Wed, 15 Sep 2004, Rene wrote:
> I was to fast :-(
> Checking the logs bring bad news :-(
>
> PATCH :
> srv:/var/src/netqmail-1.05 # patch -p 0 <
> /tmp/netqmail-1.05-qmail-remote.patch
> (Stripping trailing CRs from patch.)
> patching file netqmail-1.05/qmail-remote.c
> Hunk #2 succeeded at 506 (offset -6 lines).
> Hunk #3 succeeded at 606 (offset -6 lines).
> Hunk #4 succeeded at 727 (offset -6 lines).
> Hunk #5 succeeded at 740 (offset -6 lines).
> patch unexpectedly ends in middle of line
> Hunk #6 succeeded at 755 with fuzz 1 (offset -6 lines).
>
> MAKE ok.
>
> cp new-remote to /var/qmail/bin
>
> adding
> :server:port:user:pass to /var/qmail/control/smtproutes
>
> entry in sendlog :
> failure:
> ****_does_not_like_recipient./Remote_host_said:_553_sorry,_that_domain_isn't_in_my_list_of_allowed_rcpthosts;_no_valid_cert_for_gatewaying_(#5.7.1)/Giving_up_on_******./
> that means smtpauth didn't work.
>
> can you see a mistake ??
>
> regards rene
>
> btw: is there maybe a better way to transport the mails for my local net
> to my smtp server ?
>
>
>
diff -uPr netqmail-1.05.orig/Makefile netqmail-1.05/Makefile
--- netqmail-1.05.orig/Makefile Wed Sep 15 16:15:16 2004
+++ netqmail-1.05/Makefile Wed Sep 15 16:16:47 2004
@@ -1445,13 +1445,13 @@
load qmail-remote.o control.o constmap.o timeoutread.o timeoutwrite.o \
timeoutconn.o tcpto.o now.o dns.o ip.o ipalloc.o ipme.o quote.o \
ndelay.a case.a sig.a open.a lock.a seek.a getln.a stralloc.a alloc.a \
-substdio.a error.a str.a fs.a auto_qmail.o dns.lib socket.lib
+substdio.a error.a str.a fs.a auto_qmail.o base64.o dns.lib socket.lib
./load qmail-remote control.o constmap.o timeoutread.o \
timeoutwrite.o timeoutconn.o tcpto.o now.o dns.o ip.o \
tls.o ssl_timeoutio.o -L/usr/local/ssl/lib -lssl -lcrypto \
ipalloc.o ipme.o quote.o ndelay.a case.a sig.a open.a \
lock.a seek.a getln.a stralloc.a alloc.a substdio.a error.a \
- str.a fs.a auto_qmail.o `cat dns.lib` `cat socket.lib`
+ str.a fs.a auto_qmail.o base64.o `cat dns.lib` `cat socket.lib`
qmail-remote.0: \
qmail-remote.8
diff -uPr netqmail-1.05.orig/conf-cc netqmail-1.05/conf-cc
--- netqmail-1.05.orig/conf-cc Wed Sep 15 16:15:16 2004
+++ netqmail-1.05/conf-cc Wed Sep 15 16:17:29 2004
@@ -1,3 +1,3 @@
-cc -O2 -DTLS=20040419 -I/usr/local/ssl/include
+cc -O2 -DAUTH=20040730 -DTLS=20040705 -I/usr/local/ssl/include
This will be used to compile .c files.
diff -uPr netqmail-1.05.orig/qmail-remote.c netqmail-1.05/qmail-remote.c
--- netqmail-1.05.orig/qmail-remote.c Wed Sep 15 16:15:16 2004
+++ netqmail-1.05/qmail-remote.c Wed Sep 15 16:20:17 2004
@@ -44,6 +44,15 @@
stralloc host = {0};
stralloc sender = {0};
+#ifdef AUTH
+stralloc auth_smtp_user = {0};
+stralloc auth_smtp_pass = {0};
+stralloc auth_b64_user = {0};
+stralloc auth_b64_pass = {0};
+
+int auth_init();
+#endif
+
saa reciplist = {0};
struct ip_address partner;
@@ -503,6 +512,51 @@
return 1;
}
#endif
+#ifdef AUTH
+int auth_init()
+{
+ int i;
+ int authlogin = 0;
+ stralloc *sa = ehlokw.sa;
+ unsigned int len = ehlokw.len;
+
+ /* look for AUTH among EHLO keywords */
+ for ( ; len && case_diffs(sa->s, "AUTH"); ++sa, --len) ;
+ if (!len) return 0;
+
+ /* look for LOGIN among the AUTH parameters */
+ i = str_len(sa->s) + 1;
+ while (i < sa->len) {
+ if (case_diffs(sa->s + i, "LOGIN") == 0) authlogin = 1;
+ i += (str_len(sa->s + i) + 1);
+ }
+
+ /* if we have AUTH LOGIN and a username and password, do it */
+ if (authlogin && auth_smtp_user.len && auth_smtp_pass.len) {
+ if (b64encode(&auth_smtp_user,&auth_b64_user))
+ quit("ZConnected to "," but unable to Base64 encode username");
+ if (b64encode(&auth_smtp_pass,&auth_b64_pass))
+ quit("ZConnected to "," but unable to Base64 encode password");
+
+ substdio_puts(&smtpto, "AUTH LOGIN\r\n");
+ substdio_flush(&smtpto);
+ if (smtpcode() != 334)
+ quit("ZConnected to "," but authentication was rejected (AUTH LOGIN)");
+ substdio_put(&smtpto,auth_b64_user.s,auth_b64_user.len);
+ substdio_puts(&smtpto,"\r\n");
+ substdio_flush(&smtpto);
+ if (smtpcode() != 334)
+ quit("ZConnected to "," but authentication was rejected (username)");
+ substdio_put(&smtpto,auth_b64_pass.s,auth_b64_pass.len);
+ substdio_puts(&smtpto,"\r\n");
+ substdio_flush(&smtpto);
+ if (smtpcode() != 235)
+ quit("ZConnected to "," but authentication was rejected (password)");
+ return 1;
+ }
+ return 0;
+}
+#endif
stralloc recip = {0};
@@ -558,11 +612,23 @@
#ifdef EHLO
}
#endif
-
+#ifdef AUTH
+ if (auth_init()) {
+ substdio_puts(&smtpto,"MAIL FROM:<");
+ substdio_put(&smtpto,sender.s,sender.len);
+ substdio_puts(&smtpto,"> AUTH=<");
+ substdio_put(&smtpto,sender.s,sender.len);
+ substdio_puts(&smtpto,">\r\n");
+ substdio_flush(&smtpto);
+ } else {
+#endif
substdio_puts(&smtpto,"MAIL FROM:<");
substdio_put(&smtpto,sender.s,sender.len);
substdio_puts(&smtpto,">\r\n");
substdio_flush(&smtpto);
+#ifdef AUTH
+ }
+#endif
code = smtpcode();
if (code >= 500) quit("DConnected to "," but sender was rejected");
if (code >= 400) quit("ZConnected to "," but sender was rejected");
@@ -667,6 +733,11 @@
int flagallaliases;
int flagalias;
char *relayhost;
+ char *relayport;
+#ifdef AUTH
+ char *relayuser;
+ char *relaypass;
+#endif
sig_pipeignore();
if (argc < 4) perm_usage();
@@ -675,6 +746,10 @@
if (!stralloc_copys(&host,argv[1])) temp_nomem();
+#ifdef AUTH
+ if (!stralloc_copys(&auth_smtp_user,"")) temp_nomem();
+ if (!stralloc_copys(&auth_smtp_pass,"")) temp_nomem();
+#endif
relayhost = 0;
for (i = 0;i <= host.len;++i)
@@ -686,8 +761,25 @@
if (relayhost) {
i = str_chr(relayhost,':');
if (relayhost[i]) {
- scan_ulong(relayhost + i + 1,&port);
relayhost[i] = 0;
+ relayport = relayhost + i + 1;
+#ifdef AUTH
+ i = str_chr(relayport,':');
+ if (relayport[i]) {
+ relayport[i] = 0;
+ relayuser = relayport + i + 1;
+ i = str_chr(relayuser,':');
+ if (relayuser[i]) {
+ relayuser[i] = 0;
+ relaypass = relayuser + i + 1;
+ if (str_len(relayuser) && str_len(relaypass)) {
+ if (!stralloc_copys(&auth_smtp_user,relayuser)) temp_nomem();
+ if (!stralloc_copys(&auth_smtp_pass,relaypass)) temp_nomem();
+ }
+ }
+ }
+#endif
+ if (str_len(relayport)) scan_ulong(relayport,&port);
}
if (!stralloc_copys(&host,relayhost)) temp_nomem();
}
