Endersys Blog » smtp auth http://blog.endersys.com Üst Düzey Çözümler Sun, 15 Jan 2012 19:26:34 +0000 en hourly 1 http://wordpress.org/?v=3.3.1 qmail from address and SMTP-AUTH username check patch http://blog.endersys.com/2009/12/qmail-from-address-and-smtp-auth-username-check-patch/ http://blog.endersys.com/2009/12/qmail-from-address-and-smtp-auth-username-check-patch/#comments Tue, 15 Dec 2009 22:40:09 +0000 ismail.yenigul http://blog.endersys.com/?p=414
  • qmail canonicalised recipient logging and more patch
  • qmail’de Hotmail’den mail alamama sorunu
  • qmail multilog localtime patch for daemontools-0.76
    • ]]>     qmail SMTP-AUTH control mechanism is very good way to stop spams and give flexibility user to send email from anywere in the world. But current SMTP-AUTH patches do not check whether from address and SMTP-AUTH username is same.

    The following patch will simply reject the mail if the SMTP-AUTH username does not match with the from address.
    To be enable use this patch SMTP-AUTH username must be in email address format (user@domain.com). This can be
    possible only in qmail+vpopmail or qmail-ldap (if the uid is in email address format) installation.

    This patch is based on netqmail-1.06 and Erwin Hoffmann’s qmail-authentication-0.68 patch. But I believe that you can simply integrate your qmail source.

    PS:  qmail-remote-logging.patch and qmail-smtp-auth-fromcheck.patch are integrated into JMS1 combined patch and Shupp Toaster patch.

    URLs:

    http://files.endersys.com/patches/qmail-1.03-jms1.7.08_endersys.patch

    http://files.endersys.com/patches/qmail-toaster-0.9.1_endersys.patch

    INSTALLATION and CONFIGURATION

    1.  Stop qmail
    2. Apply this patch to your qmail toaster and compile it (don’t install!)
    3. Take backup of your qmail-smtpd binary and override new qmail-smtpd binary
    4. Create control/checksenderauth to enable this control
    5. Start qmail

    You can get the patch from here

    
--- qmail-smtpd.c.orig  2009-12-16 00:09:42.000000000 +0200
+++ qmail-smtpd.c       2009-12-16 00:20:34.000000000 +0200
@@ -1,3 +1,4 @@
+#include <sys/stat.h>
#include "sig.h"
#include "readwrite.h"
#include "stralloc.h"
@@ -346,6 +347,7 @@
out("250 ok\r\n");
}
void smtp_rcpt(arg) char *arg; {
+struct stat st;
if (!seenmail) { err_wantmail(); return; }
if (!addrparse(arg)) { err_syntax(); return; }
if (flagbarf) { err_bmf(); return; }
@@ -356,6 +358,22 @@
}
else
if (!addrallowed()) { err_nogateway(); return; }
+/* This small patch compare mail from value and smtp auth username.
+* if they are not identical,  the mail will not be relayed!
+* This control will be ignored, if the remote IP is defined in tcp.smtp.cdb
+* create/delete control/checksenderauth file to enable/disable this feature
+*  - Developed by Endersys Ltd R&D Team - http://www.endersys.com
+*/
+  if ((stat("control/checksenderauth",&st) == 0) && (remoteinfo)) {
+
+ /* remoteinfo:username issued during the smtp auth state
+ *   mailfrom.s: From value issued at mail from: state */
+        if (str_diff(remoteinfo, mailfrom.s))  {
+               out("535 Mail From address and SMTP-AUTH username does not match (#5.7.1)\r\n");
+                       return;
+       }
+ }
+

    Related posts:

    1. qmail canonicalised recipient logging and more patch
    2. qmail’de Hotmail’den mail alamama sorunu
    3. qmail multilog localtime patch for daemontools-0.76

    ]]>     http://blog.endersys.com/2009/12/qmail-from-address-and-smtp-auth-username-check-patch/feed/ 7