Mailing List Archive

Using .qmail to redirect mail according to the sender address
People,

I have used .qmail to do simple redirection of course but is it possible
to do something like an:

if
elseif
else

redirect?

Thanks,

Phil.
--
Philip Rhoades

PO Box 896
Cowra NSW 2794
Australia
E-mail: phil@pricom.com.au
Re: Using .qmail to redirect mail according to the sender address [ In reply to ]
The condredirect command should be able to do what you want. You will have to write a script/program to do the processing of the incoming email and make the decision, so perhaps not as simple as you were hoping, but certainly doable. You can use multiple condredirect lines to deal with all your cases.

On 2023-02-21 15:21, Philip Rhoades wrote:
> People,
>
> I have used .qmail to do simple redirection of course but is it possible to do something like an:
>
>   if
>   elseif
>   else
>
> redirect?
>
> Thanks,
>
> Phil.
Re: Using .qmail to redirect mail according to the sender address [ In reply to ]
On Feb 21, 2023, at 18:21, Philip Rhoades <phil@pricom.com.au> wrote:
>
> I have used .qmail to do simple redirection of course but is it possible to do something like an:
>
> if
> elseif
> else
>
> redirect?

Two things come to mind.

First ... the "courier-imap" package came with a program called "maildrop" which works by adding a line to the relevant .qmail file to run maildrop, with the name of a file (usually called ".maildrop") containing rules very similar to what you're describing. As an example, my own ".qmail-jms1" file contains this line:

| /usr/bin/dspamc --user "$EXT@$HOST" --deliver=stdout | preline -f /usr/local/bin/maildrop jms1/.mailfilter

The author of courier-imap decided to "expand" it into what is now "courier-mta", and as part of that, he no longer supports qmail. With that said, maildrop is available as its own download, and on the web page he mentions that it *can* be used with other MTAs (such as qmail). I've been using maildrop for 12+ years and haven't had any problems with it, for what that's worth.



The other thing is ... back in the days when I had time to keep my personal web sites updated, I wrote a simple "rules engine" for qmail, which can allow or reject SMTP "RCPT" commands, based on facts which are known while the SMTP "RCPT" command is being processed. These include the envelope sender and recipient (using regular expression matches), the IP address which is currently sending the message to us, whether or not that IP appears on a given RBL, and whether or not that client has performed a successful AUTH command.

The rules are stored in a PostgreSQL database, and there's a simple web interface which allows mailbox owners, domain owners, and system owners, to maintain those rules. Also, the rules themselves can be "scoped" to affect messages being sent to (1) the server as a whole, (2) all addresses in a given domain, or (3) one single address within a domain. So if your server is providing mail service for several domains, and one of them *doesn't* want mail for their domain (or just for one specific address) to be rejected based on RBL matches, this system can make that happen without having to remove the RBL checks for all of the other recipient addresses or domains on the server.

Things to be aware of:

- This system's processing happens during the SMTP RCPT conversation. Making any kind of decision based on the message content or headers is not possible, because at the time this runs, the message body hasn't been received yet.

- This system can only control whether or not qmail-smtp agrees to accept the message in the first place. It cannot change where the messages end up being delivered (i.e. to a different local mailbox, or to a remote recipient).

- This system relies on the "RCPTCHECK" patch. This is part of my old "combined patch", but the link I added to the web page back in the day still seems to work, so the original patch is still around as well. I don't know if any of the qmail "distributions" that have sprung up over the past several years are including this patch (or something which provides the same functionality) or not.

I've been using this system on my own qmail servers (obviously) since ... looks like 2012-08, probably a bit earlier? It seems to have worked pretty well all this time, and when I've added rules to block certain sender addresses or IPs, incoming email from those places *was* stopped almost immediately.



Hopefully one or both of these ideas will prove useful.

Links:

- maildrop: https://www.courier-mta.org/maildrop/

- RCPTCHECK patch: https://www.soffian.org/downloads/qmail/qmail-smtpd-doc.html

- My "rules" thing: https://qmail.jms1.net/rules/


--------------------------------------------------------
| John M. Simpson -- KG4ZOW -- Programmer At Large |
| https://jms1.net/ <jms1@jms1.net> |
--------------------------------------------------------
Re: Using .qmail to redirect mail according to the sender address [ In reply to ]
On Feb 21, 2023, at 6:38 PM, Philip Rhoades <phil@pricom.com.au> wrote:
>
> I have used .qmail to do simple redirection of course but is it possible to do something like an:
>
> if
> elseif
> else
>
> redirect?

You might want to try Paul Jarc’s qmail-branch patch: https://code.dogmap.org./qmail/

I’ve not used it myself, but would expect it to work as advertised.

- Amitai
Re: Using .qmail to redirect mail according to the sender address [ In reply to ]
Hi Phil,

John and Johnathan gave already some tips, how to come close to your
requirements.

a) A .qmail file can always be customized to include a shell script to
work in the way you anticipated. Take care of the environment
variables. man dot-qmail is your friend.

b) John Simpson's (first) approach is to use the filter during the SMTP
transaction. This is a different beast. You may also apply the
QMEUE_EXTRA machnism here. In case my (old) Spamcontrol patch is
applied, you also have access to the SMTP envelope information as well.

c) A third idea would be to modify the qmail default-delivery
mechanism. When Dan released qmail some 25 years back, procmail was a
potential candidate for mail filtering. It could be used still (IMHO).
maildrop was not done yet. The old qmail docs provide some application
notes.

Thus, you have plenty of choices, including patches Amitai just came
along with.

Regards.
--eh.


Am Mittwoch, dem 22.02.2023 um 10:21 +1100 schrieb Philip Rhoades:
> People,
>
> I have used .qmail to do simple redirection of course but is it
> possible
> to do something like an:
>
>    if
>    elseif
>    else
>
> redirect?
>
> Thanks,
>
> Phil.

--
Dr. Erwin Hoffmann | www.fehcom.de
PGP key-id: 20FD6E671A94DC1E
PGP key-fingerprint: 8C6B 155B 0FDA 64F1 BCCE A6B9 20FD 6E67 1A94 DC1E
Re: Using .qmail to redirect mail according to the sender address [ In reply to ]
John Simpson <jms1@jms1.net> wrote:
> On Feb 21, 2023, at 18:21, Philip Rhoades <phil@pricom.com.au> wrote:
> >
> > I have used .qmail to do simple redirection of course but is it possible
> > to do something like an:
> >
> > if elseif else
> >
> > redirect?
>
> Two things come to mind.
>
> First ... the "courier-imap" package came with a program called "maildrop"
> which works by adding a line to the relevant .qmail file to run maildrop,
> with the name of a file (usually called ".maildrop") containing rules very
> similar to what you're describing. As an example, my own ".qmail-jms1" file
> contains this line:
>
> | /usr/bin/dspamc --user "$EXT@$HOST" --deliver=stdout | preline -f
> /usr/local/bin/maildrop jms1/.mailfilter

There's also a fairly simple way. For this case, you don't need to parse, or
even read, the message that qmail-local is providing when you have a "|"
command in a .qmail file, because the envelope sender address is available in
an envvar.

So you can have a trivial script that just execs a command to deliver to a
maildir, or re-queue it with a new recipient address, and that will read the
message from the fd provided by qmail-local. Saves a rewind.

Sample script using bash; probably works with sh as well, if you drop the
shopt setting (which makes the match case-insensitive).

#!/bin/bash

shopt -s nocasematch

function to_maildir () {
echo "Would deliver to ${1}" 1>&2
}

case "${SENDER}" in
'joe@example.net') to_maildir ./Mail/from-joe/ ;;
'bob@example.org') to_maildir ./Mail/from-bob/ ;;
'foo@example.com' | 'bar@example.com') to_maildir ./Mail/example-corp/ ;;
*) to_maildir ./Mail/default/ ;;
esac

You'd then call it in .qmail-whatever with a command "|" line. If you test
with the above, qmail-send's log will contain the echoed info line.

For real use, remove the to_mailir function and replace the calls to it with a
command that takes a message on stdin and delivers to the specified Maildir
(or other destination). getmail includes maildir and mboxrd delivery agents
that could be used.

Charles
--
--------------------------------------------------------------------------
Charles Cazabon
GPL'ed software available at: http://pyropus.ca/software/
Read http://pyropus.ca/personal/writings/12-steps-to-qmail-list-bliss.html
--------------------------------------------------------------------------
Re: Using .qmail to redirect mail according to the sender address [ In reply to ]
Charles Cazabon <search-web-for-address@pyropus.ca> wrote:
>
> case "${SENDER}" in
> 'joe@example.net') to_maildir ./Mail/from-joe/ ;;
> 'bob@example.org') to_maildir ./Mail/from-bob/ ;;
> 'foo@example.com' | 'bar@example.com') to_maildir ./Mail/example-corp/ ;;
> *) to_maildir ./Mail/default/ ;;
> esac

Oh, and after you replace the to_maildir function with a real program
invocation, make it exec the command, not fork it:

'joe@example.net') exec getmail_maildir ./Mail/from-joe/ ;;

etc. This is because it's not safe to fork a process to handle the message,
as it could compete with other programs reading the same fd simultaneously.

Charles
--
--------------------------------------------------------------------------
Charles Cazabon
GPL'ed software available at: http://pyropus.ca/software/
Read http://pyropus.ca/personal/writings/12-steps-to-qmail-list-bliss.html
--------------------------------------------------------------------------
Re: Using .qmail to redirect mail according to the sender address [ In reply to ]
Before I used qmail, I used fetchmail and old school procmail.
I had very well developed procmail filters and even after
switching to qmail I continued to use procmail for what
it was designed for, conditional mail filtering. Header
rewriting, forwarding, whatever, it is a powerful tool
with concise syntax. Here's an old .qmail file to invoke...

# .qmail
./Mail/pretmda/
|preline -f procmail
|exit 99

I kept a backup incase I borked the procmail config,
the pretmda maildir would be purged of files over a
week old with find.

my .procmailrc file is 1000 lines long but here are some
representative filter data

LOGFILE=$HOME/.procmail-logfile
SENDMAIL=/var/qmail/bin/sendmail
SENDMAILFLAGS="-oem -oi"
MAILDIR=$HOME/Mail
DEFAULT=$MAILDIR/stray/

# :0 rules...
# f - treat the recipe like a filter and continue down
# w - wait for the exit code of the command
# A - if the last preceding recipe without the `A' or `a' flag matched as
well.
# a - the immediately preceding recipe must have been successfully completed
# ^TO catch all destination specifications containing a specific word.
# ^TO_ catch all destination specifications containing a specific address.

#:0 f
#| formail -fA "x-recipient: $RECIPIENT"

# for dated maildirs
# :0:
# * ^TO_.*galis
# outbox.`/bin/date +%Y`/

:0
* ^Subject:\ RV082\ Security\ Notification
| formail -I "" | sed -e '/^$/d' -e '$!{N;s/\n/ /;}' | grep -v 'sending to
geo@galis.org successfully' | tac >>$HOME/iuxta/XXXXXX/rv082.log ; touch
$HOME/iuxta/XXXXXX/rv082.log
:0
* ^Delivered-To: (geo-iuxta-george-XXXXXX@galis.org|geo-root@ixeon.duo)
|safecat iuxta-XXXXXX iuxta-XXXXXX/new


#####################################################
############## ################
# PRE DELIVERY SECTION
############## ################
#####################################################

:0
# Remove emails marked by the following rule.
* ^X-Loop.*SENT.RSVP.NYSA
|safecat new new/new
:0
# Capture and mark requests to attend meetings and notify attendee
* ^Subject.*AUTO.RSVP.NYSA
| $HOME/bin/rsvp-nysa.sh
:0
* ^TO_nysa@galis.org
| $HOME/bin/rsvp-nysa.sh


#####################################################
############### ####################
# SPAM SECTION
############### ####################
#####################################################
:0
* XXX@stanford.edu
nullbody/
:0
* XXXX-XXXXXX.net
nullbody/

:0
* ^Subject:.Please.update.your.resume.at.XXXXXXXXXXX
/dev/null

################################################## security

:0
* ^Delivered-To:.mailing.list.securesoftware@list.cr.yp.to
|safecat crypto crypto/new

:0 f
* ^Sender:.full-disclosure-bounces@lists.grok.org.uk
#* ^List-Id:.*full-disclosure.lists.netsys.com
| sed -e '/^Subject:.*\[Full-Disclosure\]/s/\[Full-Disclosure\] //g'
:0 a
|safecat full-disclosure full-disclosure/new

:0
* ^TO_bugtraq@securityfocus.com
|safecat security security/new

:0
* ^From:.MAILER-DAEMON@.*(duo|galis.org|iuxta.com)
|safecat new new/new

# filter everything, but flag anything not caught by a filter....

:0
stray/


On Wed, Feb 22, 2023 at 6:18 AM Charles Cazabon <
search-web-for-address@pyropus.ca> wrote:

> Charles Cazabon <search-web-for-address@pyropus.ca> wrote:
> >
> > case "${SENDER}" in
> > 'joe@example.net') to_maildir ./Mail/from-joe/ ;;
> > 'bob@example.org') to_maildir ./Mail/from-bob/ ;;
> > 'foo@example.com' | 'bar@example.com') to_maildir
> ./Mail/example-corp/ ;;
> > *) to_maildir ./Mail/default/ ;;
> > esac
>
> Oh, and after you replace the to_maildir function with a real program
> invocation, make it exec the command, not fork it:
>
> 'joe@example.net') exec getmail_maildir ./Mail/from-joe/ ;;
>
> etc. This is because it's not safe to fork a process to handle the
> message,
> as it could compete with other programs reading the same fd simultaneously.
>
> Charles
> --
> --------------------------------------------------------------------------
> Charles Cazabon
> GPL'ed software available at: http://pyropus.ca/software/
> Read http://pyropus.ca/personal/writings/12-steps-to-qmail-list-bliss.html
> --------------------------------------------------------------------------
>


--
George Georgalis, (415) 894-2710, http://www.galis.org/