Tag Archive for 'smtp auth'

qmail from address and SMTP-AUTH username check patch

16 Aralık 2009 12:40 AM - Duyuru, E-mail and Yazılım / ismail.yenigul

qmail SMTP-AUTH control mechanism is very good way to stop spams and give flexibility user to send email from anywere in the world. But current SMTP-AUTH patches do not check whether from address and SMTP-AUTH username is same.

The following patch will simply reject the mail if the SMTP-AUTH username does not match with the from address.
To be enable use this patch SMTP-AUTH username must be in email address format (user@domain.com). This can be
possible only in qmail+vpopmail or qmail-ldap (if the uid is in email address format) installation.

This patch is based on netqmail-1.06 and Erwin Hoffmann’s qmail-authentication-0.68 patch. But I believe that you can simply integrate your qmail source.

PS:  qmail-remote-logging.patch and qmail-smtp-auth-fromcheck.patch are integrated into JMS1 combined patch and Shupp Toaster patch.

URLs:

http://files.endersys.com/patches/qmail-1.03-jms1.7.08_endersys.patch

http://files.endersys.com/patches/qmail-toaster-0.9.1_endersys.patch

INSTALLATION and CONFIGURATION

1.  Stop qmail
2. Apply this patch to your qmail toaster and compile it (don’t install!)
3. Take backup of your qmail-smtpd binary and override new qmail-smtpd binary
4. Create control/checksenderauth to enable this control
5. Start qmail

You can get the patch from here


--- qmail-smtpd.c.orig  2009-12-16 00:09:42.000000000 +0200
+++ qmail-smtpd.c       2009-12-16 00:20:34.000000000 +0200
@@ -1,3 +1,4 @@
+#include <sys/stat.h>
#include "sig.h"
#include "readwrite.h"
#include "stralloc.h"
@@ -346,6 +347,7 @@
out("250 ok\r\n");
}
void smtp_rcpt(arg) char *arg; {
+struct stat st;
if (!seenmail) { err_wantmail(); return; }
if (!addrparse(arg)) { err_syntax(); return; }
if (flagbarf) { err_bmf(); return; }
@@ -356,6 +358,22 @@
}
else
if (!addrallowed()) { err_nogateway(); return; }
+/* This small patch compare mail from value and smtp auth username.
+* if they are not identical,  the mail will not be relayed!
+* This control will be ignored, if the remote IP is defined in tcp.smtp.cdb
+* create/delete control/checksenderauth file to enable/disable this feature
+*  - Developed by Endersys Ltd R&D Team - http://www.endersys.com
+*/
+  if ((stat("control/checksenderauth",&st) == 0) && (remoteinfo)) {
+
+ /* remoteinfo:username issued during the smtp auth state
+ *   mailfrom.s: From value issued at mail from: state */
+        if (str_diff(remoteinfo, mailfrom.s))  {
+               out("535 Mail From address and SMTP-AUTH username does not match (#5.7.1)\r\n");
+                       return;
+       }
+ }
+
7 Comments Tags: , , , .