For performance issue multilog binary in daemontools logs in TAI format like following:
@400000004a9b768834d8118c status: local 0/500 remote 4/299
You have to pipe output to tai64nlocal binary to see date in human readable format. This is being annoying while searching in log files.
We created a small patch to enable human readable logging in multilog via localtime function. The new log lines will look like following:
Sat Dec 19 03:02:51 2009 status: local 0/500 remote 0/299
I belive that some people will not like this idea. We found it useful and wanted to share with open source community.
The patch is located at http://files.endersys.com/patches/daemontools-0.76-localtime.patch
diff -ruN daemontools-0.76.orig/src/multilog.c daemontools-0.76/src/multilog.c
--- daemontools-0.76.orig/src/multilog.c 2001-07-12 19:49:49.000000000 +0300
+++ daemontools-0.76/src/multilog.c 2009-12-19 02:52:09.000000000 +0200
@@ -514,7 +514,8 @@
}
if (!linelen)
if (flagtimestamp) {
- timestamp(line);
+ /* timestamp(line); */
+ timestamplocal(line);
line[25] = ' ';
linelen = 26;
}
diff -ruN daemontools-0.76.orig/src/timestamp.c daemontools-0.76/src/timestamp.c
--- daemontools-0.76.orig/src/timestamp.c 2001-07-12 19:49:49.000000000 +0300
+++ daemontools-0.76/src/timestamp.c 2009-12-19 02:53:02.000000000 +0200
@@ -1,7 +1,13 @@
+#include <sys/types.h>
+#include <time.h>
+#include <sys/time.h>
+#include <unistd.h>
#include "taia.h"
#include "timestamp.h"
static char hex[16] = "0123456789abcdef";
+time_t lt;
+struct tm *t;
void timestamp(char s[TIMESTAMP])
{
@@ -18,3 +24,11 @@
s[i * 2 + 2] = hex[nowpack[i] & 15];
}
}
+
+void timestamplocal(char s[TIMESTAMP])
+{
+ lt = time(NULL);
+ t = localtime(<);
+ asctime_r(t, s);
+ s[24] = ' ';
+}
diff -ruN daemontools-0.76.orig/src/timestamp.h daemontools-0.76/src/timestamp.h
--- daemontools-0.76.orig/src/timestamp.h 2001-07-12 19:49:49.000000000 +0300
+++ daemontools-0.76/src/timestamp.h 2009-12-19 02:52:17.000000000 +0200
@@ -4,5 +4,6 @@
#define TIMESTAMP 25
extern void timestamp(char *);
+extern void timestamplocal(char *);
#endif
qmail SMTP-AUTH control mechanism is very good way to stop spams and give flexibility user to send email from anywere in the world. But current SMTP-AUTH patches do not check whether from address and SMTP-AUTH username is same.
The following patch will simply reject the mail if the SMTP-AUTH username does not match with the from address.
To be enable use this patch SMTP-AUTH username must be in email address format (user@domain.com). This can be
possible only in qmail+vpopmail or qmail-ldap (if the uid is in email address format) installation.
This patch is based on netqmail-1.06 and Erwin Hoffmann’s qmail-authentication-0.68 patch. But I believe that you can simply integrate your qmail source.
PS: qmail-remote-logging.patch and qmail-smtp-auth-fromcheck.patch are integrated into JMS1 combined patch and Shupp Toaster patch.
URLs:
http://files.endersys.com/patches/qmail-1.03-jms1.7.08_endersys.patch
http://files.endersys.com/patches/qmail-toaster-0.9.1_endersys.patch
INSTALLATION and CONFIGURATION
1. Stop qmail
2. Apply this patch to your qmail toaster and compile it (don’t install!)
3. Take backup of your qmail-smtpd binary and override new qmail-smtpd binary
4. Create control/checksenderauth to enable this control
5. Start qmail
You can get the patch from here
--- qmail-smtpd.c.orig 2009-12-16 00:09:42.000000000 +0200
+++ qmail-smtpd.c 2009-12-16 00:20:34.000000000 +0200
@@ -1,3 +1,4 @@
+#include <sys/stat.h>
#include "sig.h"
#include "readwrite.h"
#include "stralloc.h"
@@ -346,6 +347,7 @@
out("250 ok\r\n");
}
void smtp_rcpt(arg) char *arg; {
+struct stat st;
if (!seenmail) { err_wantmail(); return; }
if (!addrparse(arg)) { err_syntax(); return; }
if (flagbarf) { err_bmf(); return; }
@@ -356,6 +358,22 @@
}
else
if (!addrallowed()) { err_nogateway(); return; }
+/* This small patch compare mail from value and smtp auth username.
+* if they are not identical, the mail will not be relayed!
+* This control will be ignored, if the remote IP is defined in tcp.smtp.cdb
+* create/delete control/checksenderauth file to enable/disable this feature
+* - Developed by Endersys Ltd R&D Team - http://www.endersys.com
+*/
+ if ((stat("control/checksenderauth",&st) == 0) && (remoteinfo)) {
+
+ /* remoteinfo:username issued during the smtp auth state
+ * mailfrom.s: From value issued at mail from: state */
+ if (str_diff(remoteinfo, mailfrom.s)) {
+ out("535 Mail From address and SMTP-AUTH username does not match (#5.7.1)\r\n");
+ return;
+ }
+ }
+
As Endersys R&D team, we made simple but very useful patch to qmail-remote about the delivery report.
After this patch, qmail-remote will log sender and recipient of the email in addition to remote IP adddress. So tracking an email result will be easier than before.
Here is the sample log file:
@400000004b1bdd4d1f89d84c delivery 10: success: <From:owner-freebsd-current@freebsd.org_To:user@remotedomain.com>_193.140.X.X_accepted_message.
/Remote_host_said:_250_ok_1260117440_qp_15626/
@400000004b1bdbb8191f1954 delivery 6: failure: <From:a@surgate.net_To:test323232@remoteserver.com>_212.252.x._does_not_like_recipient.
/Remote_host_said:_550_non-existent_recipient/alici_bulunamadi/Giving_up_on_212.252.x.x/
Here is the patch based on netqmail-1.6. You can download the patch from http://files.endersys.com/patches/qmail-remote-logging.patch
PS: qmail-remote-logging.patch and qmail-smtp-auth-fromcheck.patch are integrated into JMS1 combined patch and Shupp Toaster patch.
URLs:
http://files.endersys.com/patches/qmail-1.03-jms1.7.08_endersys.patch
http://files.endersys.com/patches/qmail-toaster-0.9.1_endersys.patch
# diff -ruN qmail-remote.c.orig qmail-remote.c
--- qmail-remote.c.orig 2009-12-06 17:55:41.000000000 +0200
+++ qmail-remote.c 2009-12-06 18:35:31.000000000 +0200
@@ -246,15 +246,23 @@
substdio_flush(&smtpto);
code = smtpcode();
if (code >= 500) {
- out("h"); outhost(); out(" does not like recipient.\n");
+ /* added by Endersys R&D Team */
+ out("h<From:"); outsafe(&sender); out(" To:"); outsafe(&reciplist.sa[i]); out("> "); outhost(); out(" does not like recipient.\n");
outsmtptext(); zero();
}
else if (code >= 400) {
- out("s"); outhost(); out(" does not like recipient.\n");
+ /* added by Endersys R&D Team */
+ out("s<From:"); outsafe(&sender); out(" To:"); outsafe(&reciplist.sa[i]); out("> "); outhost(); out(" does not like recipient.\n");
outsmtptext(); zero();
}
else {
- out("r"); zero();
+ /*
+ * James Raftery <james@now.ie>
+ * Log _real_ envelope recipient, post canonicalisation.
+ * and modified by Endersys R&D Team
+ */
+
+ out("r<From:"); outsafe(&sender); out(" To:"); outsafe(&reciplist.sa[i]); out("> "); zero();
flagbother = 1;
}
}
Yaklaşık bir iki haftadır Hotmail sunucularından qmail sunuculara mailler gelmemeye başladı.
Aslında problemin kaynağı yeni değil. Sorunun sebebi Hotmail sunucularının RFC 822bis’da belirtilen standartlara uymaması.
RFC 822bis’e göre CRLF (CR: carriage-return, LF: LineFeed) gerekir. Fakat Hotmail sunucuları bu standart uymadığı için qmail RFC uyumlu değil diye bu formattaki maileri reddeder.
Postfix vb. yazılımlar ise bunun bir sorun olduğu bilmekle birlikte bu formattaki bozuk mailleri kendisi RFC uyumlu hale getirerek alır.
http://cr.yp.to/docs/smtplf.html adresinde konuyla ilgili detaylı bilgiyi bulabilirsiniz.
Çözüm
qmail-smtpd servisini başlatan scriptte DJB’nin ucspi-tcp paketi ile gelen fixcrio komutunun kullanılması gerekir.
Örneğin qmail-smtpd/run dosyasının içeriği aşağıdaki gibi ise:
exec /usr/local/bin/softlimit -m 20000000 /usr/local/bin/tcpserver -H -R -l 0 -v -p -x /etc/tcp.smtp.cdb -c $MAXSMTPD -u $QMAILDUID -g $NOFILESGID 0 smtp /var/qmail/bin/qmail-smtpd 2>&1
SMTP ile /var/qmail/bin/qmail-smtpd arasına fixcrio tam yolu ile eklenir.
Bu durumda dosyanın son hali:
exec /usr/local/bin/softlimit -m 20000000 /usr/local/bin/tcpserver -H -R -l 0 -v -p -x /etc/tcp.smtp.cdb -c $MAXSMTPD -u $QMAILDUID -g $NOFILESGID 0 smtp /usr/local/bin/fixcrio /var/qmail/bin/qmail-smtpd 2>&1
Değişikliğin etkin olması için servisin restart edilmesi gerekir.
Not: fixcrio, TLS modülünde uyumsuzluk çıkardığı için qmail sunucunuzda STARTTLS özelliği varsa STARTTLS ile bağlantı kurmaya çalışan uzak sunucular size mail gönderemeyecektir. Eğer sunucunuzda bu destek varsa
- TLS desteğini iptal edip tekrardan qmail derlemeniz gerekir.
- TLS desteğini kullanmak istiyorsanız http://www.arctic.org/~dean/patches/qmail-0.95-liberal-lf.patch adresindeki ufak yamayı yapmanız gerekir.
Son Yorumlar