ucspi-ssl-0.70-periplimit.7.patch adds connection limiting on
per IP address basis to ucspi-ssl's sslserver.
It is based on Jul's ucspi-tcp patch. Now you can use per IP connection limit for
sslserver based services.ucspi-tls-0.70-periplimit.7.patchnetqmail-1.05-pop3d-seen.patch patch alters qmail's pop3 daemon
(qmail-pop3d.c) to add "S" flag ('seen' flag) on files in maildir
for messages involved in RETR or TOP commands. Now, for example, when message has been read by your pop3 client, it will
be marked as 'seen' for your IMAP client also. This patch should operate correctly with other clients also altering flags, and is valid
for qmail 1.03 too.1. Download plugin
authrequired.c2. Compile
gcc authrequired.c -o authrequired strip authrequired3. Copy file to plugin dir (usualy
/var/qmail/plugins)
cp authrequired /var/qmail/plugins
4. Add plugins to 'mail' section of qmail-spp conf file
... [mail] plugins/authrequired ...Point new SMTP service to use this spp conf file using SPPCONFFILE env var in tcpserver's tcp.* cdb (ie. SPPCONFFILE="/var/qmail/control/msaplugins").
rblsmtpd does RBL checks on connection to SMTP service, not
giving us a chance to skip checks if user successfully authenticates. I've written a patch to
ucspi-tcp-0.88 which will add rblspp executable which emulates
rblsmtpd suitable for use as qmail-spp plugin. Using this plugin instead of usual tcpserver -> rblsmtpd -> qmail-smtpd pipe, we can delay RCP check for anytime during mail conversation, and more important - skip it - with
help of another small plugin.
I like to have separate MX and user SMTP service, where MXs use rblsmtpd, and SMTPs suggested
solution without rblsmtpd - both with aggressive RBL checks.
Usage:
1. Download patch
ucspi-tcp-0.88-rblspp.patch
Manuel Mausz suggested that rblspp could exit and accept email if there was already one successful RCPT
in current SMTP session. I have changed plugin as suggested, old version is
here.
2. Patch ucspi-tcp-0.88. My patch assumes that you've already applied (and you should) errno patch and
Alan Curry's patch to make it work with A records to ucspi-tcp-0.88.
patch < ucspi-tcp-0.88-rblspp.patch make strip rblspp
3. Copy rblspp executable to plugin dir (usualy /var/qmail/plugins)
cp rblspp /var/qmail/plugins
4. Now, we have a choice to skip RBL check if user is authenticated (and that's why we are here). We'll need another small plugin which will do the 'skip'. Download
ifauthskip.c5. Compile
gcc ifauthskip.c -o ifauthskip strip ifauthskip6. Copy file to plugin dir (usualy
/var/qmail/plugins)
cp ifauthskip /var/qmail/plugins
7. Add plugins to 'rcpt' section of qmail-spp conf file (usualy /var/qmail/control/smtpplugins)
... [rcpt] plugins/ifauthskip :plugins/rblspp -r relays.ordb.org -r list.dsbl.org -r dnsbl.njabl.org -r sbl.spamhaus.org -r bl.spamcop.net ...Take note of ':' - we need them to force shell execution. Plugin
ifauthskip will inform qmail to skip remaining plugins if user is authenticated.
rblspp takes -b,-B,-c,C,-r,-a parameters as rblsmtpd, and RBLSPP environment variable as
rblsmtpd's RBLSMTPD variable. Please remember to remove, rblsmtpd for services where you
use rblspp plugin.
Another approach is to alter rblspp itself to skip RBL lookups if current user is authenticated. If
anybody needs that, please request.
III. Add logging to SMTP AUTH
Another thing missing from Qmail. Although this can be solved with simple patching of qmail-smtpd.c here is plugin which
will log successful SMTP AUTH:
1. Download
authlogger.c
2. Compile
gcc authlogger.c -o authlogger strip authlogger
3. Copy file to plugin dir (usualy /var/qmail/plugins)
cp authlogger /var/qmail/plugins
4. Add it to 'auth' section of qmail-spp conf file (usualy /var/qmail/control/smtpplugins)
... [auth] plugins/authlogger ...