[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-developers] RAQ4: SPAM and 554 5.3.0 rewrite: map popauth not found

Subject: Re: [cobalt-developers] RAQ4: SPAM and 554 5.3.0 rewrite: map popauth not found
From: Harald Kapper <hk@xxxxxxxxxx>
Date: Wed Apr 30 15:15:10 2003
Organization: kapper.net
List-id: Discussion Forum for developers on Sun Cobalt Networks products <cobalt-developers.list.cobalt.com>

hi
here is my raq4 (and raq2) based experience with cobalt's sendmail-ways...

basically they do several things wrong (sad enough) and one main point
why the default m4-copiled cobalt.mc (though they name it like that and
obviously based on this create their final sendmail.cf) does not work
goes like this:
in the original cobalt.mc (since raq2-days):
define(`ALIAS_FILE', `/etc/mail/aliases')dnl

but if they just would have done it right for their majordomo-system they would have written plain:
define(`ALIAS_FILE', `/etc/aliases,/etc/aliases.majordomo')dnl

(which would save anybody hand-adding this alias line in sendmail.cf:
O AliasFile=/etc/mail/aliases.majordomo
[added right after the /etc/mail/aliases line])

usually, when I'm at re-writing the cobalt.mc I also add like:
FEATURE(`mailertable', `hash -o /etc/mail/mailertable')dnl
which enalbes the mailertable-feature that is nice to have to redirect whole domains to customer's smtp-servers and this like.

and I would stronlg suggest to add:
define(`confMAX_HOP', `30')dnl
also to the cobalt.mc because the default-max-hop "17" is sometimes a bit too low to get mails through several sub-mailinglists, etc.

and to get the correct max-mail-size please also config the
define(`confMAX_MESSAGE_SIZE', `52428800')dnl
as which would make here 50 MB max-mail-size or similar.

finally if one wants to use rbl-services like dsbl, ordb, etc. I'd suggest to add lines like:
FEATURE(dnsbl,`relays.ordb.org',`"550 Mail from " $&{client_addr} " rejected - see http://ordb.org/lookup/?host="$&{client_addr}')dnl

so, after one has rebuilt the cobalt.mc to a new cobalt.cf
one should do the following:
edit the resulting cobalt.cf and add the pop-before-smtp-lines manually, as I honestly found no m4-thing for this one (but hey let me know if there is):

1. go to the line: "Kaccess hash -o /etc/mail/access"
2. after this add the following:
# Pop-before-smtp secondary access hash
Kpopauth hash -a<MATCH> /etc/mail/popip.db
	
which makes he popauth-db accessible to sendmail rules.
now it gets a bit tricky - search for the following lines:

######################################################################                                
###  check_rcpt -- check SMTP `RCPT TO:' command argument
######################################################################

SLocal_check_rcpt
# Put the address into cannonical form (even if it doesn't resolve to an MX).
R$*                     $: $>Parse0 03 $1 
R$* < $* > $*           $: $1 < $2 . > $3
R$* < $* . . > $*       $1 < $2 . > $3


after these lines there usually comes this:

Scheck_rcpt
R$*                     $: $1 $| $>"Local_check_rcpt" $1
R$* $| $#$*             $#$2
R$* $| $*               $@ $>"Basic_check_rcpt" $1


now to get the pop-before-smtp-checking in place we have to add lines
to the SLocal_check_rcpt section, to allow access from pop-authenticated
IPs without further checking. finally the both sections above should
after adding pop-before-smtp-checking as follows:

SLocal_check_rcpt
# Put the address into cannonical form (even if it doesn't resolve to an MX).
R$*                     $: $>Parse0 03 $1 
R$* < $* > $*           $: $1 < $2 . > $3
R$* < $* . . > $*       $1 < $2 . > $3
# Test against pop-before-relay hash   
R$*                     $: < $&{client_addr} >
R< $* >                 $(popauth $1 $)
R$* < MATCH >           $#OK

Scheck_rcpt
R$*                     $: $1 $| $>"Local_check_rcpt" $1
R$* $| $#$*             $#$2
R$* $| $*               $@ $>"Basic_check_rcpt" $1


now pop3-authenticated IPs get checked and this should be done.
finally we are done, but we should put information to the user,
therefore we search again for one line like:

# anything else is bogus

after this line there comes the "relaying denied" message that is
sent to any "strange" client wanting to relay. I suggest to add
some comment to it like "550 Relaying denied. Please user POP before SMTP"
or similar, in fact we normally localize the message so users understand
what we want from then ;-)

now you got a brand new cobalt.cf and you should backup your old
sendmail.cf and move in the new cobalt.cf as sendmail.cf
restart sendmail and test it.
if anything goes wrong move your old sendmail.cf in and try again ;-)

if there is some demand for a public cobalt.cf file to default to the
above described, let me know and I'll put one together.

hth
Harald Kapper, icq# 36178328         kapper.net, inc.
managing director                    loeblichgasse  6
chief software development           1090 vienna, .at
tel +43 1 3195500-0, fax +43 1 3195502, hk@xxxxxxxxxx

References:
- [cobalt-developers] RAQ4: SPAM and 554 5.3.0 rewrite: map popauth not found
  - From: Rus Rasmussen
- RE: [cobalt-developers] RAQ4: SPAM and 554 5.3.0 rewrite: map popauth not found
  - From: ISPGuru

Prev by Date: RE: [cobalt-developers] How to Install MySQL 4.0.12 on RAQ 550
Next by Date: [cobalt-developers] Rebooting RaQ550, looking for answers
Previous by thread: RE: [cobalt-developers] RAQ4: SPAM and 554 5.3.0 rewrite: map popauth not found
Next by thread: [cobalt-developers] How to Install MySQL 4.0.12 on RAQ 550

Sun Cobalt Developers Message Index

Sun Cobalt Developers Thread Index