Hello,
We've been compiling qmail by hand here at WingNET,
which is a royal pain. I've been looking at the
mail-mta/qmail port lately, and it looks perfect
(other than the fact that at least one patch has
changed locations since the -r15 ebuild),
but doesn't it make using rblsmtpd unreliable
due to the STARTTLS/SSL patch?
My understanding has always been that since rblsmtpd
has to run BEFORE qmail-smtpd, a valid user on a
blacklisted IP will be blocked before they can AUTH
via STARTTLS/SSL.
Is this true of the mail-mta/qmail port?
If so, how have you been dealing with this? Do you
just chalk it up as an acceptable risk? Do you use
some other form of RBL checking? Do you not use
RBLs at all?
I ask because I have a pair of patches (one for
qmail-smtpd and one for ucspi-tcp's rblsmtpd) that
make it possible to use rblsmtpd and qmail-smtpd
safely together. A successfull SMTP AUTH overrides
any RBL blacklist. Here's how it works:
My rblsmtpd.c patch basically allows rblsmtpd, if
the -p option is specified, to set the RBLID
environment variable INSTEAD of carrying on a dummy
SMTP conversation with the remote client. The
qmail-smtpd.c patch then acts appropriately on the
RBLID env variable to block or allow the email message
based on whether or not the remote client auths
successfully.
Note well: The attached patch's RBLID environment
variable is NOT compatible with the RBLID patch by
Marcus Stumpf, found here:
http://www.lamer.de/maex/creative/software/qmail/103-rblid/
See attached for patches to rblsmtpd.c
and qmail-smtpd.c to allow use of rblsmtpd _WITH_ SMTP AUTH.
Is there any interest in including these patches in the
mail-mta/qmail port? I wrote this patch back in late 2003,
and I haven't tested it yet against mail-mta/qmail, but if
there is interest then I would be more than happy to do the
work necessary to get it commited to CVS.
Thanks!
--
Jesse Guardiani, Systems Administrator
WingNET Internet Services,
P.O. Box 2605 // Cleveland, TN 37320-2605
423-559-LINK (v) 423-559-5145 (f)
http://www.wingnet.net
We've been compiling qmail by hand here at WingNET,
which is a royal pain. I've been looking at the
mail-mta/qmail port lately, and it looks perfect
(other than the fact that at least one patch has
changed locations since the -r15 ebuild),
but doesn't it make using rblsmtpd unreliable
due to the STARTTLS/SSL patch?
My understanding has always been that since rblsmtpd
has to run BEFORE qmail-smtpd, a valid user on a
blacklisted IP will be blocked before they can AUTH
via STARTTLS/SSL.
Is this true of the mail-mta/qmail port?
If so, how have you been dealing with this? Do you
just chalk it up as an acceptable risk? Do you use
some other form of RBL checking? Do you not use
RBLs at all?
I ask because I have a pair of patches (one for
qmail-smtpd and one for ucspi-tcp's rblsmtpd) that
make it possible to use rblsmtpd and qmail-smtpd
safely together. A successfull SMTP AUTH overrides
any RBL blacklist. Here's how it works:
My rblsmtpd.c patch basically allows rblsmtpd, if
the -p option is specified, to set the RBLID
environment variable INSTEAD of carrying on a dummy
SMTP conversation with the remote client. The
qmail-smtpd.c patch then acts appropriately on the
RBLID env variable to block or allow the email message
based on whether or not the remote client auths
successfully.
Note well: The attached patch's RBLID environment
variable is NOT compatible with the RBLID patch by
Marcus Stumpf, found here:
http://www.lamer.de/maex/creative/software/qmail/103-rblid/
See attached for patches to rblsmtpd.c
and qmail-smtpd.c to allow use of rblsmtpd _WITH_ SMTP AUTH.
Is there any interest in including these patches in the
mail-mta/qmail port? I wrote this patch back in late 2003,
and I haven't tested it yet against mail-mta/qmail, but if
there is interest then I would be more than happy to do the
work necessary to get it commited to CVS.
Thanks!
--
Jesse Guardiani, Systems Administrator
WingNET Internet Services,
P.O. Box 2605 // Cleveland, TN 37320-2605
423-559-LINK (v) 423-559-5145 (f)
http://www.wingnet.net