Qmail ldap SENDERCHECK patch

Discussion in 'Installation/Configuration' started by nbhadauria, Aug 30, 2011.

  1. nbhadauria

    nbhadauria New Member

    Hello all,

    I have a Qmail ldap setup just as i posted here http://www.howtoforge.com/qmail-openldap-on-ubuntu .

    In this setup i am using following restriction.

    :allow,RBL="",SENDERCHECK="STRICT",AUTHREQUIRED="",SMTPAUTH="",AUTHPREPEND="Authenticated:",RCPTCHECK="",SANITYCHECK="",LOGLEVEL="3",REJECTEXEC="",BLOCKRELAYPROBE="",TARPITCOUNT="50",TARPITDELAY="300",MAXRCPTCOUNT="50",QS_SPAMASSASSIN="on",QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"


    But after all these restriction i have a problem ..

    Ex.

    I have two users in my domain abc and xyz. If user abc is authenticated and then try to send mail from xyz there is not restriction for that..

    nitin@mail:~$ telnet mailserver 25
    Trying mailserver...
    Connected to mailserver.
    Escape character is '^]'.
    220 mail.domain.com ESMTP
    AUTH PLAIN AG5pdGluAG5pdGlu
    235 nice to meet you
    mail from: xyz@domain.com
    250 ok

    Which can be found in logs and report the user but there is no option to restriction at our end.

    So have made some changes in SENDERCHECK functionality, If we have set the SENDERCHECK="STRICT" it will definitely check that mail from address is available in your ldap database but it also check that users mail from address it equal to authenticated user id.

    Who it work

    1. We need to run the patch on source code and recompile the qmail.
    2. Then we have to configure a new variable "AUTHDOM" in tcp.smtp .
    ex. SENDERCHECK="STRICT",AUTHDOM="mydefaultdomain.com"

    Still to work..

    It only work for Qmail Ldap setup with single domain and you are using user-id for authentication (not mail-id).

    Need to modify patch to work with virtual environment.
     

    Attached Files:

Share This Page