On Feb 26, 2007, at 12:38 AM, tonix (Antonio Nati) wrote:
In the next 2.0.9 chkuser version there is the possibility to
accept only authenticated senders, so this will help setting up a
"submission port" (this port should only be used for client ->
server sending, while port 25 should finally be used only for
server -> server dialogue).
There's already a patch out there that I've been using for months
now. Here's a modified patch by John M. Simpson (jms) that works
with Bill's toaster. Once patched, just add "export REQUIRE_AUTH=0"
to your qmail-smtpd run file, and "export REQUIRE_AUTH=1" to the run
file for qmail-submission (or whatever you call qmail running on an
alternate port for email clients to send).
Credit should go to jms for the patch -- according to his site, he
wrote that code himself and it's not from another patch. I emailed
this to Bill late last year, but I don't know if he's rolled it into
his big qmail patch yet.
--- qmail-smtpd-orig.c 2005-02-03 20:41:58.000000000 -0700
+++ qmail-smtpd.c 2006-10-13 11:43:34.493957857 -0700
@@ -54,6 +54,8 @@
unsigned int databytes = 0;
int timeout = 1200;
unsigned int spfbehavior = 0;
+unsigned int require_auth = 0;
+int flagauth = 0;
const char *protocol = "SMTP";
@@ -127,6 +129,7 @@
int err_authabrt() { out("501 auth exchange canceled (#5.0.0)\r\n");
return -1; }
int err_input() { out("501 malformed auth input (#5.5.4)\r\n");
return -1; }
void err_authfail() { out("535 authentication failed (#5.7.1)\r\n"); }
+int err_authfirst() { out("503 authentication required (#5.5.1)\r
\n"); }
int saferead(fd,buf,len) int fd; char *buf; int len;
{
@@ -241,6 +244,9 @@
x = env_get("SPFBEHAVIOR");
if (x) { scan_ulong(x,&u); spfbehavior = u; }
+ x = env_get("REQUIRE_AUTH");
+ if (x) { scan_ulong(x,&u); if (u>0) require_auth = 1; }
+
if (control_readline(&spflocal,"control/spfrules") == -1)
die_control();
if (spflocal.len && !stralloc_0(&spflocal)) die_nomem();
if (control_readline(&spfguess,"control/spfguess") == -1)
die_control();
@@ -496,6 +502,8 @@
void smtp_mail(arg) char *arg;
{
int r;
+
+ if (require_auth) if (!flagauth) { err_authfirst(); return; }
if (!addrparse(arg)) { err_syntax(); return; }
flagsize = 0;
mailfrom_parms(arg);
@@ -762,7 +770,6 @@
static stralloc slop = {0}; /* b64 challenge */
#endif
-int flagauth = 0;
char **childargs;
char ssauthbuf[512];
substdio ssauth = SUBSTDIO_FDBUF(safewrite,3,ssauthbuf,sizeof
(ssauthbuf));
--
Tom Collins - [EMAIL PROTECTED]
Vpopmail - virtual domains for qmail: http://vpopmail.sf.net/
QmailAdmin - web interface for Vpopmail: http://qmailadmin.sf.net/
