Re: [toaster] Require AUTH on port 587 (was Re: [toaster] AOL port 587)

[Bill Shupp]

Tom Collins wrote:

> There's already a patch out there that I've been using for months now. 
> Here's a modified patch by John M. Simpson (jms) that works with Bill's
> toaster.  Once patched, just add "export REQUIRE_AUTH=0" to your
> qmail-smtpd run file, and "export REQUIRE_AUTH=1" to the run file for
> qmail-submission (or whatever you call qmail running on an alternate
> port for email clients to send).
> 
> Credit should go to jms for the patch -- according to his site, he wrote
> that code himself and it's not from another patch.  I emailed this to
> Bill late last year, but I don't know if he's rolled it into his big
> qmail patch yet.
> 
> --- qmail-smtpd-orig.c  2005-02-03 20:41:58.000000000 -0700
> +++ qmail-smtpd.c       2006-10-13 11:43:34.493957857 -0700
> @@ -54,6 +54,8 @@
> unsigned int databytes = 0;
> int timeout = 1200;
> unsigned int spfbehavior = 0;
> +unsigned int require_auth = 0;
> +int flagauth = 0;
> const char *protocol = "SMTP";
> @@ -127,6 +129,7 @@
> int err_authabrt() { out("501 auth exchange canceled (#5.0.0)\r\n");
> return -1; }
> int err_input() { out("501 malformed auth input (#5.5.4)\r\n"); return
> -1; }
> void err_authfail() { out("535 authentication failed (#5.7.1)\r\n"); }
> +int err_authfirst() { out("503 authentication required (#5.5.1)\r\n"); }
> int saferead(fd,buf,len) int fd; char *buf; int len;
> {
> @@ -241,6 +244,9 @@
>    x = env_get("SPFBEHAVIOR");
>    if (x) { scan_ulong(x,&u); spfbehavior = u; }
> +  x = env_get("REQUIRE_AUTH");
> +  if (x) { scan_ulong(x,&u); if (u>0) require_auth = 1; }
> +
>    if (control_readline(&spflocal,"control/spfrules") == -1) die_control();
>    if (spflocal.len && !stralloc_0(&spflocal)) die_nomem();
>    if (control_readline(&spfguess,"control/spfguess") == -1) die_control();
> @@ -496,6 +502,8 @@
> void smtp_mail(arg) char *arg;
> {
>    int r;
> +
> +  if (require_auth) if (!flagauth) { err_authfirst(); return; }
>    if (!addrparse(arg)) { err_syntax(); return; }
>    flagsize = 0;
>    mailfrom_parms(arg);
> @@ -762,7 +770,6 @@
> static stralloc slop = {0};     /* b64 challenge */
> #endif
> -int flagauth = 0;
> char **childargs;
> char ssauthbuf[512];
> substdio ssauth = SUBSTDIO_FDBUF(safewrite,3,ssauthbuf,sizeof(ssauthbuf));


Thanks for the reminder Tom.  I have not integrated it, nor have I
integrated tonino's chkuser 2.0.9.  But I did quit a busy client
recently, so I have more time these days, and will be getting through a
backlog of suggestions soon.

Thanks!

Bill