Changes - j0ke.net Open Build Service

Changes of Revision 6

[-] [+]	Changed	qmail-spp-plugins.spec
@@ -1,6 +1,6 @@ %define qdir /var/qmail Name: qmail-spp-plugins -Version: 0.1 +Version: 0.2 Release: 1 Url: http://qmail-spp.sourceforge.net/plugins/ Summary: qmail-spp plugin collection @@ -10,6 +10,11 @@ Source0: checkmx2.c Source1: helodnscheck2.c Source2: ext_log.c +Source3: greylist.c +Source4: authlogger.c +Source5: skip-if-relayclient.c +Source6: skip-if-smtpauthuser.c +Source7: authrequired.c BuildRequires: gcc Requires: netqmail @@ -19,7 +24,12 @@ checkmx2 helodnscheck2 ext_log + greylist + authlogger + skip-if-relayclient + skip-if-smtpauthuser + %prep %build %__install -m 0755 -d %{buildroot}%{qdir}/plugins @@ -27,12 +37,22 @@ gcc -o %{buildroot}%{qdir}/plugins/checkmx -lresolv %{S:0} gcc -o %{buildroot}%{qdir}/plugins/helodnscheck -lresolv %{S:1} gcc -o %{buildroot}%{qdir}/plugins/ext_log %{S:2} +gcc -o %{buildroot}%{qdir}/plugins/greylist %{S:3} +gcc -o %{buildroot}%{qdir}/plugins/authlogger %{S:4} +gcc -o %{buildroot}%{qdir}/plugins/skip-if-relayclient %{S:5} +gcc -o %{buildroot}%{qdir}/plugins/skip-if-smtpauthuser %{S:6} +gcc -o %{buildroot}%{qdir}/plugins/authrequired %{S:7} strip %{buildroot}%{qdir}/plugins/checkmx strip %{buildroot}%{qdir}/plugins/helodnscheck strip %{buildroot}%{qdir}/plugins/ext_log +strip %{buildroot}%{qdir}/plugins/greylist +strip %{buildroot}%{qdir}/plugins/authlogger +strip %{buildroot}%{qdir}/plugins/skip-if-relayclient +strip %{buildroot}%{qdir}/plugins/skip-if-smtpauthuser +strip %{buildroot}%{qdir}/plugins/authrequired -echo "DLHR" > %{buildroot}%{qdir}/supervise/qmail-smtpd/env/HELO_DNS_CHECK +echo "LHR" > %{buildroot}%{qdir}/supervise/qmail-smtpd/env/HELO_DNS_CHECK %clean rm -rf %{buildroot} @@ -41,3 +61,18 @@ %defattr(-,root,root) %{qdir}/plugins/* %attr(-,qmaill,qmail) %{qdir}/supervise/qmail-smtpd/env/HELO_DNS_CHECK + +%changelog +* Sat Feb 21 2009 Carsten Schoene <cs@linux-administrator.com> 0.2-1 +- added more plugins to package: + - greylist + - authlogger + - skip-if-relayclient + - skip-if-smtpauthuser + - authrequired + +* Sun Oct 12 2008 Carsten Schoene <cs@linux-administrator.com> 0.1-1 +- initial package release + - checkmx + - helodnscheck + - ext_log
[-] [+]	Added	authlogger.c ^
@@ -0,0 +1,22 @@ +/* + * + * Tomislav Randjic 20060926 + * + / +#include <stdio.h> +#include <stdlib.h> +#include <unistd.h> +#include <string.h> + +int main(int argc, char argv) +{ + char user = getenv("SMTPAUTHUSER"); + int ppid = getppid(); + + if (user != NULL && strlen(user) > 0) + { + fprintf(stderr, "authlogger: pid %d - smtp user authenticated as %s\n", ppid, user); + } + + return 0; +}
[-] [+]	Added	authrequired.c ^
@@ -0,0 +1,23 @@ +/* + * + * Tomislav Randjic 20060929 + * + / +#include <stdio.h> +#include <stdlib.h> +#include <unistd.h> +#include <string.h> + +int main(int argc, char argv) +{ + char user = getenv("SMTPAUTHUSER"); + int ppid = getppid(); + + if (user == NULL \|\| strlen(user) == 0) + { + puts("E550 SMTP AUTH required"); + fprintf(stderr, "authrequired: pid %d - message rejected, SMTP AUTH required.\n", ppid); + } + + return 0; +}
	Added	greylist ^
[-] [+]	Added	greylist.c ^
@@ -0,0 +1,267 @@ +/* +* Copyright (C) 2007 Sebastian Werner <blackwing@blackwing.de> +* +* This program is free software; you can redistribute it and/or +* modify it under the terms of the GNU General Public License +* as published by the Free Software Foundation; either +* version 2 of the License, or (at your option) any later +* version. +* +* This program is distributed in the hope that it will be useful, +* but WITHOUT ANY WARRANTY; without even the implied warranty of +* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +* GNU General Public License for more details. +* +* You should have received a copy of the GNU General Public License +* along with this program; if not, write to the Free Software Foundation, +* Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +* +/ + +#define _GNU_SOURCE +#include <stdio.h> +#include <stdlib.h> +#include <unistd.h> +#include <errno.h> +#include <string.h> +#include <time.h> +#include <utime.h> +#include <sys/types.h> +#include <sys/stat.h> +#include <fcntl.h> + +#define BASEDIR "/var/qmail/greylist" +#define ENV_BASEDIR "GL_BASEDIR" + +#define ENV_MIN_REJECT "GL_MIN_REJECT" +#define ENV_MAX_WAIT "GL_MAX_WAIT" +#define ENV_ACCEPT_GOOD "GL_ACCEPT_GOOD" + +// Initial waiting time 5min +#define DEFAULT_MIN_REJECT 300 +// Wait one day after first seen, before forgetting +#define DEFAULT_MAX_WAIT 86400 +// Entries stay valid for 32 days +#define DEFAULT_ACCEPT_GOOD 2764800 + +int ppid; +time_t now; +int min_reject, max_wait, accept_good; +/ +* Basic ideas of this pretty "flat" implementation: +* - Create a file per remote IP address when host is seen for first time +* - Issue a 451 error as long as minimum waiting time is not met +* - When host comes back after minimum waiting time, update the files atime +* to the current time and accept the mail +* - If after first seen the host did not come back until max waiting time +* is hit, delete the entry +* - After a lifetime of "accept_good" delete the entry of the file as well +* +* So per host we get _one_ file. +* The mtime of this file is the time, this host has been seen the first time. +* Its atime is corresponding time, when this host has been seen the last time. +* +* I choosed the one-file-per-host model, because it is easy to maintain. +* For high-volume mail servers, it is advisable to put the basedir on a +* ramdisk with little size but many inodes :) +* +* Actually this concept is also IPv6 safe. +* +* Please send patches & suggestions to blackwing@blackwing.de +/ + +/*********************************************************************************/ + +/ remove the entry of a hostname by unlinking the corresponding file / +int +remove_ip (char host) +{ + if(unlink(host) < 0) + { + fprintf (stderr, + "greylist: pid %d - removing stale entry %s failed: %s\n", + ppid,host,strerror(errno)); + return(-1); + } + + return(1); +} + +/* check wether in basedir a valid entry for the corresponding host is to be found / +int +check_ip (char host) +{ + struct stat hostfile; + int retval; + + // file does not exist - so never seen before + if ( stat ( host, &hostfile ) < 0 ) + { + return(-1); + } + + // user is back too soon + if (now - hostfile.st_mtime < min_reject) + { + return(0); + } + + // host was not back soon enough after first try. unlink the entry. + if ((now - hostfile.st_atime > max_wait) && (hostfile.st_atime == hostfile.st_mtime)) + { + retval = remove_ip(host); + return(-2); + } + + + // max lifetime of the entry is reach. unlink the entry. + if (now - hostfile.st_atime > accept_good) + { + retval = remove_ip(host); + return(-3); + } + + // host has met requirements. + return(1); +} + +/* create a file based on the hostname / +int +add_ip (char host) +{ + int file = open(host, O_CREAT \| O_RDWR \| O_NOFOLLOW, S_IRUSR \| S_IWUSR); + + if (file < 0) + { + fprintf (stderr, + "greylist: pid %d - creating %s failed: %s\n", + ppid,host,strerror(errno)); + return(-1); + } + + close(file); + return(1); +} + +/* update the atime of the file for the specified hostname / +int +update_ip (char host) +{ + + struct utimbuf newutime; + struct stat hostfile; + + if ( stat ( host, &hostfile ) < 0 ) + { + /* This should never happen! / + return(-1); + } + + // assign new last-seen time + newutime.actime = now; + newutime.modtime = hostfile.st_mtime; + + if ( utime ( host, &newutime ) < 0 ) + { + fprintf (stderr, + "greylist: pid %d - updating %s failed: %s\n", + ppid,host,strerror(errno)); + return(-1); + } + + return(1); +} + +/ parse an numeric environment variable / +int +get_numeric_option (char name, int dflt) { + char value = getenv(name); + + if (value) + { + return atoi(value); + } + return dflt; +} + +int +main (int argc, char argv[]) +{ + char addr = getenv ("TCPREMOTEIP"); + ppid = getppid (); + now = time(NULL); + + / Are we running in an tcpserver environment? */ + if (!addr) + { + printf ("D\n"); + fprintf (stderr, + "greylist: pid %d - no TCPREMOTEIP\n",
[-] [+]	Added	ifauthskip.c ^
@@ -0,0 +1,21 @@ +/* + * + * Tomislav Randjic 20060926 + * + / +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> + +int main(int argc, char argv) +{ + char user = getenv("SMTPAUTHUSER"); + + if (user != NULL && strlen(user) > 0) + { + puts("N"); + } + + return 0; +}
	Added	skip-if-relayclient ^
[-] [+]	Added	skip-if-relayclient.c ^
@@ -0,0 +1,41 @@ +/* +* Copyright (C) 2007 Sebastian Werner <blackwing@blackwing.de> +* +* This program is free software; you can redistribute it and/or +* modify it under the terms of the GNU General Public License +* as published by the Free Software Foundation; either +* version 2 of the License, or (at your option) any later +* version. +* +* This program is distributed in the hope that it will be useful, +* but WITHOUT ANY WARRANTY; without even the implied warranty of +* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +* GNU General Public License for more details. +* +* You should have received a copy of the GNU General Public License +* along with this program; if not, write to the Free Software Foundation, +* Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +* +/ + +#include <stdio.h> +#include <stdlib.h> + +int +main (int argc, char argv[]) +{ + int ppid = getppid (); + //If relay client, don't check at all + if (getenv ("RELAYCLIENT")) + { + printf ("A\n"); + fprintf (stderr, + "skip-if-relayclient: pid %d - RELAYCLIENT detected. All further plugins will be skipped.\n", + ppid); + exit (0); + } + + // Else: Walk down the plugin chain. + exit (0); +} +
	Added	skip-if-smtpauthuser ^
[-] [+]	Added	skip-if-smtpauthuser.c ^
@@ -0,0 +1,41 @@ +/* +* Copyright (C) 2007 Sebastian Werner <blackwing@blackwing.de> +* +* This program is free software; you can redistribute it and/or +* modify it under the terms of the GNU General Public License +* as published by the Free Software Foundation; either +* version 2 of the License, or (at your option) any later +* version. +* +* This program is distributed in the hope that it will be useful, +* but WITHOUT ANY WARRANTY; without even the implied warranty of +* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +* GNU General Public License for more details. +* +* You should have received a copy of the GNU General Public License +* along with this program; if not, write to the Free Software Foundation, +* Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +* +/ + +#include <stdio.h> +#include <stdlib.h> + +int +main (int argc, char argv[]) +{ + int ppid = getppid (); + //If authenticated, don't check at all + if (getenv ("SMTPAUTHUSER")) + { + printf ("A\n"); + fprintf (stderr, + "skip-if-relayclient: pid %d - SMTPAUTHUSER detected. All further plugins will be skipped.\n", + ppid); + exit (0); + } + + // Else: Walk down the plugin chain. + exit (0); +} +