smtp-poplock: Selective SMTP relaying based on POP authentication for qmail

drh.net

David Harris, dharris@

Posted January 1, 1999.
April 30, 2002 -- latest version is 2.06.
Web page updated: August 12, 2005.

Abstract
This document describes package which works with qmail to only allow clients who have logged into the POP server to relay mail through SMTP. This does not require patching the POP or SMTP servers, but is implemented by a few programs which cleanly interface into the system, and can work with most any POP or IMAP server.

Solve your SPAM-relay problems NOW!
Professional smtp-poplock installation.

Spammers abusing your system? Need a fix NOW? Don't want to mess with installation options? Have the expert — the smtp-poplock author — install it on your system.

Information on smtp-poplock installation here.

~~

Available for consulting work

I am currently available for consulting work. For consulting, I am happy to telecommute or come to your site for a period of time.

For more information about my skills and experience, view my statement of consulting capabilities or contact me for more information.

Back to davideous.com home.


1. Description

Smtp-poplock is a simple system to only allow hosts who have authenticated via the POP3 or IMAP server to relay mail using qmail.

Smtp-poplock does not require patching the POP3/IMAP server or qmail. It is based on two programs: First, a deamon which monitors POP3/IMAP logins and maintains an authorized users database. Second, a wrapper for qmail-smtp which sets the RELAYCLIENT environment variable based on the authorized hosts database. Setting this environment variable per-request, in tandem with the control/rcpthosts file, only allows authorized hosts to relay mail.

Smtp-poplock was designed to monitor POP3/IMAP logins by monitoring the syslog for log lines. (I first started with the RH Linux 5.1 server.) Porting to work with other POP3/IMAP servers which note user authentication in the syslog should be easy.

The qmail-pop3d system does not log user authentication to the syslog. However, this package details a way to easily add this functionality in without having to patch any source code.

-----
Reference: The qmail home page. (Qmail is a mail transport agent like sendmail, just better.)


2. Distribution & Installation

Current version: 2.06, released April 30, 2002.

Here are the files:

Just download and expand the archive in /usr/src (it will create it's own directory inside of /usr/src) and follow the installation directions in the README file.

NOTE: If you are not using the latest version, I strongly recommend that you upgrade.


2.5. Configuration for use with Daemontools

I have been too occupied with other projects to update the installation instructions for daemontools, but this kind fellow has put some stuff together:

From: Michael mike a t brenden d o t com
Sent: Wednesday, August 10, 2005 1:54 AM
To: dharris a t drh d o t net
Subject: thank you

hello from just outside washington dc,

thank you for your wonderful smtp-poplock.

i'm running 0.76 of djb's daemontools, and i adapted smtp-poplock to run.

attached is smtppl.tgz which contains basic instructions and the 
filetree that should be placed under /etc/ and then linked to from under 
/service, in order to have svcsan fork a supervise proc to sustain 
readlog, per the directives in /etc/smtp-poplock/ dir

hope it helps someone.

thanks again!

michael / mike a t brenden d o t com

3. Announcement list

If you would like to be notified of new releases of smtp-poplock, subscribe to the announcement list by sending an e-mail to:

After you have confirmed your subscription request with the mailing list software, the return address of the you sent e-mail will be added to the announcement list.

Later, to unsubscribe, send an e-mail to:

If you would like to subscribe an e-mail address which is not your return address, for example "john@host.domain", just add a hyphen and your address (with '=' instead of '@') after the command word, creating: This is a moderated list to which only I can post, so traffic should be very minimal -- just occasional notes about new releases, not development traffic.


4. Technical details grabbed from README

4.1. Theory of operation

Whenever someone authenticates through POP3 a log message is sent to the system logger (syslogd) or a file by the POP3 deamon. There is a background deamon process called "readlog" which is reading this log information either through a named pipe written to by the system logger or a "tail -f" process monitoring the log file directly. Whenever reads a POP3/IMAP authentication from the named fifo, it records the accessing IP address and the time in the database file /var/smtp-poplock/dbfile. This database is continually maintained by readlog.

When anyone connects via SMTP the wrapper program "relaylock" is run before qmail-smtpd. Relaylock compares the accessing IP address with the database of allowed hosts maintained by readlog. If the connecting host is allowed to relay, then the environment variable "RELAYCLIENT" is set which is a flag to qmail-smtpd that this connection is allowed to relay mail. After relaylock has checked with the database and possibly set "RELAYCLIENT" it runs qmail-smtpd which carries on the smtp chat with the accessing user.

For qmail-smtpd to require the "RELAYCLIENT" environment variable before relaying mail, the file control/rcpthosts must exist and have the domain/host names which this server will accept mail for. ( For more information on the qmail-smtpd side of the mechanism see http://qmail-docs.surfdirect.com.au/docs/qmail-antirelay.html

There is a utility program called "showallowed" will list the allowed hosts from the /var/smtp-poplock/dbfile file.

If one is using a named pipe to pass POP authentication information to readlog, then there is another little program which should be run in the background as a safety measure. It is called "fifo-safety" and it monitors the fifo to keep it from filling up if readlog fails for some reason. You see, if readlog stops reading from the named pipe, the pipe will fill up and block when syslogd writes. Which then blocks syslogd and anything which tries to use it, including login(1) and tcpd(8). This is what's called a total system meltdown and it happened to me.

4.2. Working with other OS's and POP/IMAP servers

Smtp-poplock was first designed to work on Red Hat Linux with their POP3/IMAP server (IMAP4 rev1/c-client by Mark Crispin), but has been and can be easily made to work with other systems.

All source code is in Perl. This was for ease of programming and for portability. (Long live the kingdom!)

The only real requirement is that the POP3/IMAP server log user authentication to some place (file or syslog service) where the readlog deamon can get at it.

The current matching code has some default parsers which will work out-of-box for a number of servers and for the qmail-pop3d logging.

Minor perl regular expression knowledge may be required to modify the regular expression matching code to detect your particular POP3/IMAP server. This code is an anonymous subroutine in a configuration file.

See the INSTALL file for more details.

If you get this running on another system or run into any system dependent quirks that other people should know, send me an e-mail at dharris@drh.net, and I'll add it to the README or INSTALL file.

3.4. History

There is some history here:

v2.06 -- April 02, 2002

  • Changed license to LGPL or Artistic. Added LICENSE file with the license terms. Also added LGPL and Artistic files with the actual licenses.
  • Fix problem where netmask of /24 was interpreted as /255.0.0.0, instead of the proper /255.255.255.0. (This was left out of the CHANGELOG file by accident.)
  • Added new parse_log_sub contributions.
  • Removed checkfifo. We could not get accurate results from reading the size of the fifo. This means that fifo-safety is probably also useless, but I'm going to leave it because: (a) I'm not sure how to fix it, and (b) perhaps it will be handy to someone.
  • Added warnings about the daemontools upgrade from version 0.53 to 0.60 that breaks my supervise scripts.
  • Moved the changelog from the README file to a CHANGELOG file.
  • Added TODO file.
v2.05 -- May 09, 2001
  • Fixed problem in default log parsing regular expression.
  • Added INSTALL.parse_log_sub file.
  • Added documentation for subnets in smtp-poplock.static_allowed file.
  • Fixed checkfifo program to work correctly with the new kernels that require that a fifo be opened for reading before it can be opened for writing.
  • Added check for blank TCPREMOTEIP environment variable in relaylock and logpopauth-pre
  • Added documentation recommending having tcp-env executed on the chain before relaylock since some people have noted that the TCPREMOTEIP appears not to be getting set
  • Fixed bug where pidfile was not being written
  • Added support for writing a pidfile for any programs readlog is reading from, using the "program |" syntax of the perl open command. Also added support for sending a TERM signal to this process when readlog receives a TERM signal.
  • If the dbfile is truncated to a zero length file, all existing "sessions" are terminated from memory. Previously readlog remembered the sessions and re-wrote them to the dbfile.
  • Readlog now uses the internal "rename" function instead of doing using syslog to call the "mv" UNIX command.
  • Specifying a custom $parse_log_sub now disables the default pattern matching
  • Changed the order of the catch-all log parsing regular expressions in readlog to have the most generic parser match second. Many people have asked for this change.
  • Changed the catch-all log parsing regular expressions in readlog to not match lines noting a login failure which are in the form "date ipop3d[27692]: Login failure user=phap0019 host=master.debian.org [216.234.231.55]".
  • Updated readlog-starter_nosupervise, readlog-starter_supervise and smtpd-starter scripts.
  • Added more descriptive note how to restart readlog after the logfile is rotated when using a "tail -f" in INSTALL file.
  • Added some more notes on running checkfifo in the INSALL file.
v2.04 -- September 06, 1999
  • Fix for problem with logpopauth-* programs.
  • Mention of tcp-env in INSTALL document.
v2.03 -- August 03, 1999
  • Fix for fifo-safety.
  • The lastest Linux kernels have a different behavior with pipes, so I've created a new method for testing to see if fifo-safety is working.
  • Minor change in the "fall back" log line regular expression in readlog.
  • Readlog now deletes its pid file when exiting because of reading an EOF.
  • Note in INSTALL file about FreeBSD syslogd and general cleanup of writing.
  • Typo fix for readlog-starter_supervise file.
v2.02 -- July 27, 1999
  • The fix for the logpopauth-* problem in v2.0 never namde it into the tar archive in v2.01... I feel so stupid.
v2.01 -- May 21, 1999
  • Cleanup of the INSTALL and README files. (Thanks to Steve Valliere for doing this for me.)
  • Versions of logpopauth-* which actually work! (Version 2.0 had broken versions -- my bad.)
  • Adding of description headers for /sbin/chkconfig in the various /etc/rc.d/init.d starter scripts.
  • Version numbers are now two digits.
v2.0 -- May 19, 1999
  • Complete rewrite of README file, now much improved
  • Now an INSTALL file with detailed instructions and example *-starter files to aid with installation
  • Modified readlog to write its pid out to /var/log/readlog.pid to support running without supervise from the daemontools package.
  • Added showallowed command
  • Added support for qmail-pop3d with logpopauth-* commands
  • Configuration moved from programs to /etc/smtp-poplock.conf
  • New feature: /etc/smtp-poplock.static_allowed
  • Made package install into directories conforming with filesystem standards instead of just sitting in /usr/src/smtp-poplock
  • Readlog now supports logging formats which include hostnames instead of just ipaddrs.
  • Changed programs which need to start up fast (relaylock, logpopauth-*) to use the open command instead of the IO::File module.
v1.0 -- January 1, 1999
  • First release

4.4 Thanks to

First of all Dan Bernstein for creating such a high quality, extensible Mail Transport Agent.

Thanks to the following (in alphabetical order) for their help, feedback, and patches:

  • Adam <bezanson at mediaone.net>
  • Aijaz A. Ansari <aijaz at fatiha dot com>
  • Bryan T. Schmidt <bts at profitool dot com>
  • Clemens Gutweiler <cg at webmaking dot ms>
  • Derek C. <coffee at fatburrito dot com>
  • Florian Dembeck <fd at mhw dot de>
  • Mark Conway Wirt <mark at intrepid dot net>
  • Michael Holzt <kju at fqdn dot org>
  • Mike Schroll <logicx at logicx dot org>
  • Nir Yeffet <nir at inbalsoft dot com>
  • Peter Conrad <conrad at tivano dot de>
  • Sebastiaan van Erk <sebster at sebster dot com>
  • Steve Atkins <atkins at segsrv dot hlo dot dec dot com>
  • Steve Valliere <svalli at e-visions dot com>
  • Timothy Lorenc <lorenct at load dot com>

5. New log regex patterns

For dovecot:

$pat = '^(... .. ..:..:..) \S+ (?:pop3|imap)-login: Login: .+ 
\[(\d+\.\d+\.\d+\.\d+)\]';

$pat = '(?:pop3|imap)-login: (... .. ..:..:..) Info: Login: \S+ 
\[(\d+\.\d+\.\d+\.\d+)\]';

reported by mike a t brenden d o t com 8/10/2005