Hi,
it seems I need to outfit a custom-patched version of qmail with CHKUSER.
In qmail-smtpd.c it has the following code:
void smtp_rcpt(arg) char *arg; {
if (!seenmail) { err_wantmail(); return; }
if (!addrparse(arg)) { err_syntax(); return; }
if (flagbarfspf) { err_spf(); return; }
switch (flagbarf) {
case 1: logit("badmailfrom: "); err_bmf(); return;
case 2: /* should not occur, falltrough to 3 -- logit("domainrbl:
"); err_drbl(); return; */
case 3: logit("mfcheck-address unknown: "); err_mfcheck(); return;
case 4: logit("mfcheck-domain does not resolve: "); err_smf(); return;
case 5: logit("mfcheck-socket failure: "); err_smf(); return;
case 6: logit("mfcheck-no mx or unreachable: "); err_smf(); return;
case 7: logit("mfcheck-permanent dns failure: "); err_hmf(); return;
case 8: logit("mfcheck-temporary dns failure: "); err_smf(); return;
}
if (relayclient) {
--addr.len;
if (!stralloc_cats(&addr,relayclient)) die_nomem();
if (!stralloc_0(&addr)) die_nomem();
}
else
#ifndef TLS
if (!addrallowed()) { err_nogateway(); return; }
#else
if (!addrallowed())
{
if (ssl)
{ STACK_OF(X509_NAME) *sk;
X509 *peercert;
stralloc tlsclients = {0};
struct constmap maptlsclients;
int r;
SSL_set_verify(ssl,
SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE,
verify_cb);
if ((sk = SSL_load_client_CA_file("control/clientca.pem")) == NULL)
{ err_nogateway(); return; }
SSL_set_client_CA_list(ssl, sk);
if((control_readfile(&tlsclients,"control/tlsclients",0) != 1) ||
!constmap_init(&maptlsclients,tlsclients.s,tlsclients.len,0))
{ err_nogateway(); return; }
SSL_renegotiate(ssl);
SSL_do_handshake(ssl);
ssl->state = SSL_ST_ACCEPT;
SSL_do_handshake(ssl);
if ((r = SSL_get_verify_result(ssl)) != X509_V_OK)
{out("553 no valid cert for gatewaying: ");
out(X509_verify_cert_error_string(r));
out(" (#5.7.1)\r\n");
return;
}
if (peercert = SSL_get_peer_certificate(ssl))
{char emailAddress[256];
X509_NAME_get_text_by_NID(X509_get_subject_name(
SSL_get_peer_certificate(ssl)),
NID_pkcs9_emailAddress,
emailAddress, 256);
if (!stralloc_copys(&clientcert, emailAddress)) die_nomem();
if (!constmap(&maptlsclients,clientcert.s,clientcert.len))
{ err_nogwcert(); return; }
relayclient = "";
}
else { err_nogwcert(); return; }
}
else { err_nogateway(); return; }
}
#endif
if (!stralloc_cats(&rcptto,"T")) die_nomem();
if (!stralloc_cats(&rcptto,addr.s)) die_nomem();
if (!stralloc_0(&rcptto)) die_nomem();
++rcptcount;
out("250 ok\r\n");
}
How should I deal with that?
Thanks in advance,
Rainer
